Docker logging with Syslog
Docker Syslog logging driver
This article discuss the steps to enable syslog logging driver in docker.
Docker comes with a syslog logging driver, which routes logs to a syslog server. Syslog has the advantage of being already available on most of docker hosts, like the case of an Ubuntu host.
We will first setup rsyslog, and then tell docker to use it.
rsyslog set-up
We will collect logs for the docker daemon and for the containers.
We will create a rsyslog conf file /etc/rsyslog.d/10-docker.conf
with the following content
$FileCreateMode 0644
$template DockerDaemonLogFileName,"/var/log/docker/docker.log"
$template DockerContainerLogFileName,"/var/log/docker/%SYSLOGTAG:R,ERE,1,FIELD:docker/(.*)\[--end:secpath-replace%.log"
if $programname == 'dockerd' then {
?DockerDaemonLogFileName
stop
}
if $programname == 'containerd' then {
?DockerDaemonLogFileName
stop
}
if $programname == 'docker' then {
if $syslogtag contains 'docker/' then {
?DockerContainerLogFileName
stop
}
}
$FileCreateMode 0600
Once rsyslog configuration is defined we will create the directory to store logs
sudo mkdir /var/log/docker
sudo chown syslog:adm /var/log/docker/
verify that configuration is correct
rsyslogd -f /etc/rsyslog.conf -N1
rsyslogd -f /etc/rsyslog.d/10-docker.conf -N1
In my test system I get this
rsyslogd: version 8.2112.0, config validation run (level 1), master config /etc/rsyslog.conf
rsyslogd: End of config validation run. Bye.
restart rsyslog
sudo systemctl restart rsyslog
logrotate set-up
We will set-up logrotate to take care of our docker logs, you will need to do sudo nano /etc/logrotate.d/docker
then enter this
/var/log/docker/*.log {
copytruncate
compress
delaycompress
dateext
size 20M
weekly
dateformat -%Y%m%d
missingok
rotate 4
}
now we will restart the logrotate
daemon
sudo systemctl restart logrotate
Docker set-up
Once we have rsyslog setup, we can now tell Docker to use it.
In order to enable syslog logging driver you need to edit /etc/docker/daemon.json
file
{
"log-driver": "syslog",
"log-opts": {
"syslog-address": "unixgram:///dev/log",
"tag": "docker/{{.Name}}",
"syslog-facility": "daemon"
}
}
Once you save the configuration file you need to reload the docker daemon
sudo systemctl reload docker
Check logs
You should now be able to see docker log files in /var/log/docker/
have fun!
References
Some useful references
-
https://docs.docker.com/config/containers/logging/syslog/
-
https://www.loggly.com/use-cases/docker-syslog-logging-and-troubleshooting/
-
https://www.commandprompt.com/blog/docker-logging-with-rsyslog/