Estimated reading time: 5 minutes
The journald logging driver sends container logs to thesystemd journal.Log entries can be retrieved using the journalctl command, through use of thejournal API, or using the docker logs command.
Edit the docker configuration file (/etc/sysconfig/docker on RHEL/CentOS based systems). Add the log driver parameter (-log-driver=syslog -log-opt syslog-facility=local6 -log-level=warn) to the OPTIONS line. # /etc/sysconfig/docker # Modify these options if you want to change the way the docker daemon runs OPTIONS='-selinux-enabled. Docker syslog monitoring SolarWinds Loggly is an advanced log management and analytics solution which allows you to manage all your syslog messages from different applications in a seamless manner. Start FREE Trial. Versions used: Ubuntu 16.04 Docker version 17.03.1-ce, build c6d412e Docker-Compose version 1.12.0-rc2, build 08dc2a4 Install Docker CE Install a few basics that we need: sudo apt-get install apt.
Docker Syslog Location
In addition to the text of the log message itself, the journald log driverstores the following metadata in the journal with each message:
| Field | Description |
|---|---|
CONTAINER_ID | The container ID truncated to 12 characters. |
CONTAINER_ID_FULL | The full 64-character container ID. |
CONTAINER_NAME | The container name at the time it was started. If you use docker rename to rename a container, the new name is not reflected in the journal entries. |
CONTAINER_TAG, SYSLOG_IDENTIFIER | The container tag (log tag option documentation). |
CONTAINER_PARTIAL_MESSAGE | A field that flags log integrity. Improve logging of long log lines. |
Usage
To use the journald driver as the default logging driver, set the log-driverand log-opt keys to appropriate values in the daemon.json file, which islocated in /etc/docker/ on Linux hosts orC:ProgramDatadockerconfigdaemon.json on Windows Server. For more aboutconfiguring Docker using daemon.json, seedaemon.json.
The following example sets the log driver to journald:
Restart Docker for the changes to take effect.
To configure the logging driver for a specific container, use the --log-driverflag on the docker run command.
Docker Syslog Option
Options
Use the --log-opt NAME=VALUE flag to specify additional journald loggingdriver options.
| Option | Required | Description |
|---|---|---|
tag | optional | Specify template to set CONTAINER_TAG and SYSLOG_IDENTIFIER value in journald logs. Refer to log tag option documentation to customize the log tag format. |
labels | optional | Comma-separated list of keys of labels, which should be included in message, if these labels are specified for the container. |
labels-regex | optional | Similar to and compatible with labels. A regular expression to match logging-related labels. Used for advanced log tag options. |
env | optional | Comma-separated list of keys of environment variables, which should be included in message, if these variables are specified for the container. |
env-regex | optional | Similar to and compatible with env. A regular expression to match logging-related environment variables. Used for advanced log tag options. |
If a collision occurs between label and env keys, the value of the env takesprecedence. Each option adds additional fields to the attributes of a loggingmessage.
Below is an example of the logging options required to log to journald.
See Full List On Syslog-ng.com
This configuration also directs the driver to include in the payload the labellocation, and the environment variable TEST. If the --env 'TEST=false'or --label location=west arguments were omitted, the corresponding key wouldnot be set in the journald log.
Note regarding container names
The value logged in the CONTAINER_NAME field is the name of the container thatwas set at startup. If you use docker rename to rename a container, the newname is not reflected in the journal entries. Journal entries continueto use the original name.
Retrieve log messages with journalctl
Use the journalctl command to retrieve log messages. You can apply filterexpressions to limit the retrieved messages to those associated with a specificcontainer:
You can use additional filters to further limit the messages retrieved. The -bflag only retrieves messages generated since the last system boot:
The -o flag specifies the format for the retried log messages. Use -o jsonto return the log messages in JSON format.
View logs for a container with a TTY enabled
If TTY is enabled on a container you may see [10B blob data] in the outputwhen retrieving log messages.The reason for that is that r is appended to the end of the line andjournalctl doesn’t strip it automatically unless --all is set:
Retrieve log messages with the journal API
This example uses the systemd Python module to retrieve containerlogs: