Docker: syslog logging per container
In this article i will show you how to configure syslog logging per container, having logs organized in a <container-name>/<logfile>…
In this article i will show you how to configure syslog logging per container, having logs organized in a <container-name>/<logfile> fashion makes logs easier to parse and troubleshoot, lets see how we can do this.
First you need to edit file /etc/docker/daemon.json and append the following, note that if your setup is a swarm environment you need to append this to each swarm member, this instructs docker to write to syslog
{
"log-driver": "syslog",
"log-opts": {
"syslog-address": "unixgram:///dev/log",
"tag": "docker/{{.Name}}"
}
}Now you need to create this file /etc/rsyslog.d/40-docker.conf with the following content, this instructs rsyslog about the formatting scheme we want for syslog lines startwing with “docker-” , create a file for each container and then store logs under /var/log/containers
# Create a template for the target log file
$template CUSTOM_LOGS,"/var/log/containers/%programname%.log"
if $programname startswith 'docker-' then ?CUSTOM_LOGS
& stopNow lets do some log rotate tweaking, adjust the log rotate file to meet your needs! create file/etc/logrotate.d/docker
/var/log/containers/*.log {
daily
rotate 20
missingok
compress
}Now, a very important step! you need for each yml configuration file to append this! this section instructs the container which logging driver to use, without this it will not write logs using syslog!
logging:
driver: syslog
options:
tag: docker-<name>Conclusion
Using syslog with containerized software is like mixing the old good days and practices and maybe legacy monitoring software you allready have with modern stuff like containers! i hope you enjoyed the article just as like i enjoyed writing it!