Cloud Resource
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage

Docker Logs

Logs play a crucial role in monitoring and debugging your applications. When using Docker, these logs can quickly grow in size and number. It’s important to manage them effectively to prevent them from filling up your storage space, and also to make them easy to parse and search. One solution is to send these logs to the syslog daemon, a common log management solution. This post will guide you through configuring Docker to send its logs to syslog.

Before we start, make sure that the syslog daemon is running on your host machine. This will vary based on your specific Linux distribution and configuration.

Set Docker Log Driver to Syslog

We will need to configure the Docker daemon’s log driver. This can be done by editing the /etc/docker/daemon.json file. The following commands will create this file with the required configuration:

cat <<EOF |sudo tee /etc/docker/daemon.json
{
    "log-driver": "syslog",
    "log-opts": {
        "syslog-format": "rfc5424micro",
        "cache-max-size": "1m",
        "cache-max-file": "2",
        "tag": "docker/{{.Name}}/{{.ID}}"
    }
}
EOF

In this configuration file, several options have been set:

  • log-driver: This is set to “syslog” to direct Docker’s log output to the syslog daemon.

  • log-opts: These are specific options for the syslog log driver.

    • syslog-format: We use “rfc5424micro” to specify that the logs should be formatted according to the RFC-5424 standard with microsecond timestamp resolution. This is preferable for more precise logging.

    • cache-max-size: We limit the maximum size of each log cache to 1MB. When a cache reaches this size, it’s rotated, meaning a new cache is started. This helps prevent any single log file from becoming too large.

    • cache-max-file: We limit the number of log cache files to 2. If more cache files are created due to rotation, the oldest cache file is removed. This helps manage storage space.

    • tag: We tag each log message with a string based on the name and ID of the Docker container. This can be very useful when searching and sorting logs.

After you’ve updated your configuration, you’ll need to restart the Docker daemon for these changes to take effect. Now your Docker logs will be managed by the syslog daemon, making them easier to handle and review.