Docker Logging Driver
Loggly provides the infrastructure to aggregate and normalize log events so they are available to explore interactively, build visualizations, or create threshold-based alerting. In general, any method to send logs from a system or application to an external source can be adapted to send logs to Loggly. The following instructions provide one scenario for sending logs to Loggly.
The Docker logging driver allows you send stdout and stderr output from your container to the host’s syslog daemon. The syslog daemon on the host will then forward the logs to Loggly. For alternatives, please see the Advanced Options section below.
1. Configure Syslog Daemon
If you haven’t already, run our automatic Configure-Syslog script below to configure rsyslog on the host. Alternatively, you can Manually Configure Rsyslog or Syslog-ng.
curl -O https://www.loggly.com/install/configure-linux.sh sudo bash configure-linux.sh -a SUBDOMAIN -u USERNAME
Replace:
- SUBDOMAIN: your account subdomain that you created when you signed up for Loggly
- USERNAME: your Loggly username
2. Configure Docker
Set –log-driver=syslog to route stdout and stderr to the host’s syslog daemon. The syslog daemon will forward them to Loggly. Here is an example using the Ubuntu container. The tag log option specifies how to format a tag that identifies the container’s log messages. By default, the system uses the first 12 characters of the container ID. To override this behavior, specify a tag option like below:
sudo docker run -d --log-driver=syslog --log-opt tag="{{.ImageName}}\{{.Name}}\{{.ID}}" ubuntu echo "Test Log"
You should be able to see the logs in the host machine’s syslog log file. The log messages will include the image name used by the container, container name and the conatiner ID (the first 12 characters), plus the actual output of the container respectively.
$ tail /var/log/syslog Nov 27 05:46:50 ip-172-31-46-70 ubuntu\berserk_lichterman\523470867bb4[1206]: Test Log
3. Verify Events
Search Loggly for events with the appName of ‘Docker-Image-Name\Docker-Container-Name\Docker-Container-ID’ over the past 20 minutes. It may take a few minutes to index the events. If it doesn’t work, see the troubleshooting section below.
syslog.appName:"Docker-Image-Name\Docker-Container-Name\Docker-Container-ID"
Replace:
- Docker-Image-Name: Your Docker image name used by your container.
- Docker-Container-Name: Your Docker Container name.
- Docker-Container-ID: Your Docker Container ID.
Advanced Docker Logging Driver Options
- Docker Logging Strategies – See the top ways to log on Docker and pick the best one for you
- Use Directory file-monitoring to monitor docker log files on the host.
- Docker Loggly Container – Send logs over UDP to the Loggly container. Does not require host access.
Docker Logging Driver Troubleshooting
- Wait a few minutes in case indexing needs to catch up.
- Verify that the docker logging driver and syslog daemon are working by checking the host machine’s syslog file
tail -F /var/log/syslog
- If they are in the syslog file but not showing up in Loggly, check our guide for troubleshooting rsyslog
- Search or post your own Docker Logging Driver questions in the community forum
Additional Reading
The scripts are not supported under any SolarWinds support program or service. The scripts are provided AS IS without warranty of any kind. SolarWinds further disclaims all warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The risk arising out of the use or performance of the scripts and documentation stays with you. In no event shall SolarWinds or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the scripts or documentation.