$ sudo docker logs 985d45dc3840 Error response from daemon: configured logging driver does not support reading This time, if you try to read the logs from the container using the log command, you’ll get an error: $ sudo docker psĩ85d45dc3840 busybox "/bin/sh -c 'i=0 wh…" 12 minutes ago Up 12 minutes affectionate_newton To make sure everything is working, let’s create a new container: docker run -d busybox /bin/sh -c 'i=0 while true do echo "$i: $(date)" i=$((i+1)) sleep 1 done' Now, let’s restart the Docker daemon: sudo systemctl daemon-reload You might use the local syslog server to avoid losing logs for network connectivity and to forward logs to a centralized server. Modify (or create it, as I did) the Docker daemon configuration (“/etc/docker/daemon.json”) with sudo permissions, and add the following content: :514" Once rsyslog is ready to process the Docker logs, let’s configure the Docker daemon to send the logs to syslog. If $syslogtag contains 'container_name' then -?DockerContainerLogsĪnd let’s restart the rsyslog server to confirm everything is working: sudo service rsyslog restart Configuring Docker for Sending Logs to Syslog Create a file at “/etc/rsyslog.d/nf” using sudo with the following content: $template DockerContainerLogs,"/var/log/docker/%hostname%_%syslogtag:R,ERE,1,ZERO.*container_name/(+)-end%.log" Now, create a configuration file to collect logs from containers in a separate file. If $programname startswith 'dockerd' then -?DockerLogs Create a file at “/etc/rsyslog.d/nf” using sudo with the following content: $template DockerLogs, "/var/log/docker/daemon.log" We’d like to have a dedicated location for these types of logs, including the Docker daemon and container logs.įirst, create a configuration file to collect all logs from the Docker daemon. Once you have rsyslog, it’s good practice to create a configuration file specifically for the Docker daemon.
#Check docker syslog install
Otherwise, you’ll install it with the sudo apt install -y rsyslog command if you’re using Ubuntu.
I’m using an Ubuntu 18.04 server in AWS, which already comes with rsyslog (the syslog server) installed. Nonetheless, troubleshooting without proper logs is challenging, so syslog provides a quick and easy way to start. Or, perhaps you’re even planning on removing syslog soon, but you need to process Docker logs in the meantime.
Additionally, for performance reasons at the networking level, you could decide to have a syslog server locally as a buffer to network traffic.
#Check docker syslog how to
It’s likely you already have a logging architecture using syslog and the missing piece was how to collect logs from Docker.įor instance, you could use a central syslog server as an aggregation location and then process all logs for removal of sensitive or private information, aggregating data, or forwarding logs to other places. However, it’s a cheap and straightforward strategy to help you get started. Using a syslog server might not be the first option you think of when you think about collecting container logs. You’ll notice, though, there’s going to be a missing piece once logs are there-I’ll come back to this later. There are many ways you can process and retain Docker container logs. We need a better way to collect container logs, so we don’t lose them when the container stops-containers come and go all the time. This command only works while the container is running. However, if the container goes away, you can’t read its logs anymore using the logs command. That’s initially good because you can read the logs from a container. See below for an example of the commands you’d usually run: $ docker psĬONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMESģ40461436e07 busybox "/bin/sh -c 'i=0 wh…" 7 seconds ago Up 7 seconds fervent_shtern Then, you can read the logs with the docker logs CONTAINER, and you can add the -f flag to see logs live. If you want to read the logs from that container, you need either the name or the ID of the container. docker run -d busybox /bin/sh -c 'i=0 while true do echo "$i: $(date)" i=$((i+1)) sleep 1 done' The following command runs a container that simply prints a text indefinitely. Reading Logs From a Containerĭocker comes with a native command, docker logs, to read logs from a container. Then, I’ll show you how you can integrate syslog and Docker to improve your troubleshooting strategy through logs. In this post, I’ll provide a quick overview of why having a syslog server might be a good option. Also, if the container has gone away, we can read the logs collected while it was running. We need to have a centralized location for our logs to have a better context of the problem. However, we live in a world where we won’t have only one container running, and our systems have multiple dependencies.