brianz
commented
8 years ago I'm also very interested in this. Are there currently any tricks or work arounds to get logspout to send to the Docker host's syslog?
Open gtmtech opened 9 years ago
brianz
commented
8 years ago I'm also very interested in this. Are there currently any tricks or work arounds to get logspout to send to the Docker host's syslog?
kassanmoor
commented
7 years ago Also interested on this, let me know is there are a workaround without touching the syslog config
freerobby
commented
6 years ago Hey folks, not sure if this is still relevant to you, but a pretty simple work-around is to run a second docker container that uses socat to listen on a UDP port and forward it to the /dev/log datagram socket. For example:
docker pull alpine/socat
docker run --volume=/dev/log:/dev/log alpine/socat UDP4-LISTEN:514,fork UNIX-CLIENT:/dev/logFollowed by:
docker run --rm -P --name="logspout" --volume=/var/run/docker.sock:/var/run/docker.sock --volume=/dev/log:/dev/log gliderlabs/logspout syslog://172.17.0.2:514
where 172.17.0.2 is the IP address of the socat container. Alternatively, you can forward port 514 from the socat container to the host and then use the host IP instead of the container IP.
You'll likely want to add an "always" restart policy to the socat container to be safe.
dickerpulli
commented
4 years ago @michaelshobbs @progrium What about this request. Is there any progess? Will there be a unix (unixgram) support for syslog in the near future?
michaelshobbs
commented
4 years ago I'm not opposed to this functionality and would certainly accept a well tested and documented PR implementing this
allenyllee
commented
3 years ago I found a blog: "Log management for docker made easy (EN)", as it says, we can use logspout and syslog-ng to achieve local central log management.
Below is the docker-compose.yml and syslog-ng.conf files that the blog use in this setup. When putting these files in the same folder, and execute docker-compose up -d, then the logspout and syslogng container will spin up, and aggregate all container's log into /logs folder.
docker-compose.yml
version: '3'
services:
logspout:
image: gliderlabs/logspout:latest
restart: always
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
command: syslog+udp://syslogng:514
syslogng:
image: balabit/syslog-ng:latest
restart: always
command: -F --no-caps
volumes:
- "/logs/:/var/log/syslogng/"
- "./syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf"syslog-ng.conf
@version: 3.19
@include "scl.conf"
source s_network {
default-network-drivers();
};
destination d_local {
file("/var/log/syslogng/${PROGRAM}.${HOST}-${YEAR}.${MONTH}.${DAY}.log");
};
log {
source(s_network);
destination(d_local);
};But as the blog author says, there are no auto log rotation/flushing, you may setup a cron job to achieve this:
create a file named rotate_and_flush.sh as below
rotate_and_flush.sh
# to compress 2 days old logs
find /var/log/syslogng/ -name "*.log" -daystart -ctime +2 -type f -exec gzip {} \;
# to remove 14 days old logs
find /var/log/syslogng/ -name "*.gz" -daystart -ctime +14 -type f -exec rm {} \; adding a volumes entry - "./rotate_and_flush.sh:/etc/cron.daily/rotate_and_flush.sh" at syslogng container to mount rotate_and_flush.sh into container's /etc/cron.hourly/, which will execute that script hourly:
docker-compose.yml
version: '3'
services:
logspout:
image: gliderlabs/logspout:latest
restart: always
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
command: syslog+udp://syslogng:514
syslogng:
image: balabit/syslog-ng:latest
restart: always
command: -F --no-caps
volumes:
- "/logs/:/var/log/syslogng/"
- "./syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf"
- "./rotate_and_flush.sh:/etc/cron.daily/rotate_and_flush.sh"I have created a repo to do the above things and modified to use logrotate to rotate log files. see: https://github.com/allenyllee/locallogm
It would be great if logspout could ship logs to the local host syslog, rather than just remote syslog, without having to have a UDP or TCP listener on the host syslog.
I know docker 1.6 kind of introduces this anyway with --log-driver, but its missing many options, not very configurable until docker 1.8 --log-opt, and it would be great if logspout could do this anyway.