Documentation forLoggly

Docker Logging Through Syslog

You can send syslog from your applications to Loggly by linking them with the Loggly Docker container. It uses ryslog to listen for syslog events and then forwards them to Loggly. Docker will automatically manage the port mapping. It’s made available by SendGrid Labs on GitHub or Docker Hub. These instructions were tested with Docker client version 1.3.0 and nginx 1.7.7. For alternatives, see the Advanced Options below.

Docker Syslog and Logging Container Diagram

Docker Syslog Setup

1. Start the Loggly Docker Container

Run the following command to download and run the Loggly docker container. The rsyslog daemon is running inside this container and will send syslog to Loggly. This will also open a high numbered port on the host machine, which maps to port 514 inside the container where rsyslog will receive it and send it to Loggly.

sudo docker run -d -p 514/udp --name loggly-docker -e TOKEN=TOKEN -e TAG=Docker sendgridlabs/loggly-docker 


Note: You may get some standard output like shown below. You can ignore this and rsyslog will continue running as usual.

rsyslogd: imklog: cannot open kernel log(/proc/kmsg): Operation not permitted.
rsyslogd: activation of module imklog failed [try ]

2. Send Test Logs From The Host

You can verify the container is running and see the port that Docker has opened up for syslog by running

sudo docker ps -a

Here you can see it’s redirecting port 49154 on the host to port 514 in the container

CONTAINER ID    IMAGE                              COMMAND          CREATED          STATUS               PORTS                            NAMES
1a9d7496ae42    sendgridlabs/loggly-docker:latest  "/tmp/"    18 minutes ago   Up 5 seconds         514/tcp,>514/udp  loggly-docker 

If you send test messages to the host’s port, they will be sent to Loggly

echo netcat:"Host test log" | nc -u -w 1 UDP_PORT


  • UDP_PORT: the high numbered port as shown above that maps to port 514 inside the loggly container

3. Link To Other Containers

You can link other containers to Loggly’s container so that all your syslog gets sent to Loggly. Docker will automatically inject environment variables telling you the IP and Port to send syslog to.

In this example, we will configure an Nginx container to send syslog to Loggly. Run the Nginx Docker container in interactive terminal mode and link it with the running loggly-docker container

sudo docker run -i -t --name nginx --link loggly-docker:loggly nginx /bin/bash

Now run the following command inside the container to check the linked environment variables.

env | grep LOGGLY_PORT_514_UDP

Here is an example output with the values for my variables. Yours will be different.


4. Send Test Logs From Nginx Container

Try sending a test event from inside the Nginx container. You can use netcat to confirm the link is working and that logs are reaching to Loggly.

apt-get install netcat
echo netcat:"Nginx test log" | nc -u -w 1 $LOGGLY_PORT_514_UDP_ADDR $LOGGLY_PORT_514_UDP_PORT

5. Configure Nginx for Syslog

We can change nginx’s configuration to log over syslog to our Loggly container instead. Here’s how you can edit the Dockerfile of the existing Nginx container.

Insert the line below in the Nginx Docker file before the command which starts the Nginx server inside the container. This will configure the Nginx container to send logs to the "loggly" link we just set up.

RUN sed -i "s/server {/server {n n error_log syslog_server=loggly;n  access_log syslog_server=loggly;n/" /etc/nginx/conf.d/default.conf

Build the image and run your container normally. Then, visit a webpage from the host machine to generate a log. The access log event should show up inside Loggly.

6. Verify Events

Search Loggly for events with the Docker tag over the past 20 minutes. It may take a few minutes to index the events. If it doesn’t work, see the troubleshooting section below.


Docker Syslog Example

Advanced Docker Syslog Options

Docker Logging Troubleshooting

If you don’t see any data show up in the verification step, then check for these common problems.

Check Docker Container:

  • Wait a few minutes in case indexing needs to catch up
  • Verify the container is running and that it has mapped port 514 by running sudo docker ps -a
  • Send test events from inside each of the containers and from the host to see which point in the chain is dropping logs
  • Make sure your app is sending syslog to the injected environment variable address instead of the usual syslog address
  • See our Rsyslog Troubleshooting Guide if the files are not being sent to Loggly
  • If you see any GnuTLS error then you can use the updated docker image from Docker Hub also available on GitHub. See Pull Request where you can get both the updated Loggly certificate and updated rsyslog format.

Still Not Working?

  • Search or post your own Docker logs, Docker daemon, or other Docker question in the community forum.

Docker Logging

When the APM Integrated Experience is enabled, Loggly shares a common navigation and enhanced feature set with the other integrated experiences' products. How you navigate the product and access its features may vary from these instructions. For more information, go to the APM Integrated Experience documentation.

The scripts are not supported under any SolarWinds support program or service. The scripts are provided AS IS without warranty of any kind. SolarWinds further disclaims all warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The risk arising out of the use or performance of the scripts and documentation stays with you. In no event shall SolarWinds or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the scripts or documentation.