Documentation forLoggly

Docker Logging Driver

The Docker logging driver allows you send stdout and stderr output from your container to the host’s syslog daemon. The syslog daemon on the host will then forward the logs to Loggly. For alternatives, please see the Advanced Options section below.

1. Configure Syslog Daemon

If you haven’t already, run our automatic Configure-Syslog script below to configure rsyslog on the host. Alternatively, you can Manually Configure Rsyslog or Syslog-ng.

curl -O https://www.loggly.com/install/configure-linux.sh
sudo bash configure-linux.sh -a SUBDOMAIN -u USERNAME 

Replace:

  • SUBDOMAIN: your account subdomain that you created when you signed up for Loggly
  • USERNAME: your Loggly username

2. Configure Docker

Set –log-driver=syslog to route stdout and stderr to the host’s syslog daemon. The syslog daemon will forward them to Loggly. Here is an example using the Ubuntu container. The tag log option specifies how to format a tag that identifies the container’s log messages. By default, the system uses the first 12 characters of the container ID. To override this behavior, specify a tag option like below:

sudo docker run -d --log-driver=syslog --log-opt tag="{{.ImageName}}\{{.Name}}\{{.ID}}" ubuntu echo "Test Log" 

You should be able to see the logs in the host machine’s syslog log file. The log messages will include the image name used by the container, container name and the conatiner ID (the first 12 characters), plus the actual output of the container respectively.

$ tail /var/log/syslog
Nov 27 05:46:50 ip-172-31-46-70 ubuntu\berserk_lichterman\523470867bb4[1206]: Test Log 

3. Verify Events

Search Loggly for events with the appName of ‘Docker-Image-Name\Docker-Container-Name\Docker-Container-ID’ over the past 20 minutes. It may take a few minutes to index the events. If it doesn’t work, see the troubleshooting section below.

 syslog.appName:"Docker-Image-Name\Docker-Container-Name\Docker-Container-ID" 

Replace:

  • Docker-Image-Name: Your Docker image name used by your container.
  • Docker-Container-Name: Your Docker Container name.
  • Docker-Container-ID: Your Docker Container ID.

Advanced Docker Logging Driver Options

Docker Logging Driver Troubleshooting

  • Wait a few minutes in case indexing needs to catch up.
  • Verify that the docker logging driver and syslog daemon are working by checking the host machine’s syslog file
    tail -F /var/log/syslog 
  • If they are in the syslog file but not showing up in Loggly, check our guide for troubleshooting rsyslog
  • Search or post your own Docker Logging Driver questions in the community forum

Additional Reading

When the APM Integrated Experience is enabled, Loggly shares a common navigation and settings with the other integrated experiences' products. How you navigate Loggly and access its features may vary from these instructions. For more information, go to the APM Integrated Experience documentation.

The scripts are not supported under any SolarWinds support program or service. The scripts are provided AS IS without warranty of any kind. SolarWinds further disclaims all warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The risk arising out of the use or performance of the scripts and documentation stays with you. In no event shall SolarWinds or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the scripts or documentation.