Categories: Docker, Linux

Using syslog to log Docker containers

TL DR; If you need to setup syslog for your docker container here is a great example.

Docker supports using syslog protocol to capture the logs of the containers.

I found this example amazing. However when trying to implement it, faced some issues with the rsyslog regex notation. Also I found some applications do not have a timestamp if I want to add a timestamp, I pass a tag ‘add_timestamp’

In the end here is what I used:

Created a docker directory /var/log/docker and a container log directory /var/log/docker/container

sudo mkdir /var/log/docker
sudo mkdir /var/log/docker/container

Created the following rsyslog config /etc/rsyslog.d/docker.conf

$template DockerLogs, "/var/log/docker/daemon.log"
if $programname startswith 'dockerd' then -?DockerLogs
& stop

$template ContainerLog,"/var/log/docker/container/%syslogtag:R,ERE,1,FIELD:container_(\w*)--end%.log"
$template ContainerLogFormat, "%msg:::sp-if-no-1st-sp%%msg:::space-cc,drop-last-lf%\n"
$template ContainerLogFormatTimestamp, "%TIMESTAMP:::date-rfc3339% %msg:::sp-if-no-1st-sp%%msg:::space-cc,drop-last-lf%\n"

if $syslogtag contains  'add_timestamp' then ?ContainerLog;ContainerLogFormatTimestamp
else if $syslogtag contains  'container_' then ?ContainerLog;ContainerLogFormat
& stop

Configured /etc/docker/daemon.json with the log-driver and options to use as default (You need to create daemon.json it if it does not exist)

{
"log-driver":"syslog",
"log-opts": {
    "tag":"container_{{.Name}}"
 }
}

For the logs that need a timestamp we pass the add_timestamp tag when running them i.e:

docker run -d  --log-opt tag="container_{{.Name}}/add_timestamp" container_image_name

Article info

Categories

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.