Sematext's DevOps Evangelist, Stefan Thies (@seti321), takes a Docker Logging tour through the different log collection options Docker users have, the pros and cons of each, specific and existing Docker logging solutions, tooling, the role of syslog, log shipping to ELK Stack, and more. Q&A session at end.
3. Intro
Logsene: Centralized Log Management
Search and Big Data Consulting
Support for Solr and Elasticsearch
SPM: Performance monitoring,
Anomaly Detection and Alerting
10. Docker Logging Challenges
● Access Logs
● Log Forwarding to central data stores
● Log Parsing
● Deployment of Logging Tools
○ Containers on local Host
○ Separate Hosts
○ SaaS
11. What are Docker Logs?
● Traditionally separate files for
each Application and Log-Type
○ error.log
○ access.log
● Docker Logs are stdout / stderr of
processes running in a container
● Most official images log to console
14. Docker Log Drivers
Cons:
- No Log Parser - only Log Forwarding
- “docker logs” command works only
with Log-Driver “JSON-files”
- Containers terminate when the TCP
Server (e.g. syslog or fluentd) is not
reachable
- No TLS encryption for syslog
Pros:
- Simple way to forward logs to remote
destinations
- Setup per container or global setting
for Docker
15. Example: Log Drivers
# Start a syslog server :)
logagent -u 1514 -y -t af648d4f-xxxx-xxxx-8ec0-fcb33f884f57
# Start a Web Server with TCP syslog -> container terminates
docker run -d --name my_web_app -p 80:80 --log-driver=syslog --log-opt syslog-
address=tcp://localhost:1514 httpd
# Start a Web Server with UDP syslog -> container starts
docker run -d --name my_web_app -p 80:80 --log-driver=syslog --log-opt syslog-
address=udp://localhost:1514 httpd
# run docker logs -> fails
docker logs my_web_app
> logsene search http
16. Logging Containers: Logspout
Pros:
- Logging does not affect app
container
- ANSI Escape Sequence removal
- TLS support
- Real-time View with HTTP API
- Config for Filters and Syslog-Tags
- Log-Driver Files / journald Logs
are available on the Host
Cons:
- Logging Container must be online
- Only forwarding, no Log Parser,
rsyslog could be used for parsing
- Limited to log collection
18. Logging Containers: SPM for Docker
Pros:
- ANSI Escape Sequence handling
- TLS by default
- Near Real-time View in UI
- Filters by regex for Image,
Container Names
- Structured Logs with included
Log-Parser and Pattern Library
- Collects Logs, Metrics and
Events
- Hosted ELK Stack in Logsene
Cons:
- Logging container must be online