Open gtmtech opened 9 years ago
I'm also very interested in this. Are there currently any tricks or work arounds to get logspout to send to the Docker host's syslog?
Also interested on this, let me know is there are a workaround without touching the syslog config
Hey folks, not sure if this is still relevant to you, but a pretty simple work-around is to run a second docker container that uses socat to listen on a UDP port and forward it to the /dev/log datagram socket. For example:
docker pull alpine/socat
docker run --volume=/dev/log:/dev/log alpine/socat UDP4-LISTEN:514,fork UNIX-CLIENT:/dev/log
Followed by:
docker run --rm -P --name="logspout" --volume=/var/run/docker.sock:/var/run/docker.sock --volume=/dev/log:/dev/log gliderlabs/logspout syslog://172.17.0.2:514
where 172.17.0.2 is the IP address of the socat container. Alternatively, you can forward port 514 from the socat container to the host and then use the host IP instead of the container IP.
You'll likely want to add an "always" restart policy to the socat container to be safe.
@michaelshobbs @progrium What about this request. Is there any progess? Will there be a unix (unixgram) support for syslog in the near future?
I'm not opposed to this functionality and would certainly accept a well tested and documented PR implementing this
I found a blog: "Log management for docker made easy (EN)", as it says, we can use logspout and syslog-ng to achieve local central log management.
Below is the docker-compose.yml
and syslog-ng.conf
files that the blog use in this setup. When putting these files in the same folder, and execute docker-compose up -d
, then the logspout
and syslogng
container will spin up, and aggregate all container's log into /logs
folder.
docker-compose.yml
version: '3'
services:
logspout:
image: gliderlabs/logspout:latest
restart: always
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
command: syslog+udp://syslogng:514
syslogng:
image: balabit/syslog-ng:latest
restart: always
command: -F --no-caps
volumes:
- "/logs/:/var/log/syslogng/"
- "./syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf"
syslog-ng.conf
@version: 3.19
@include "scl.conf"
source s_network {
default-network-drivers();
};
destination d_local {
file("/var/log/syslogng/${PROGRAM}.${HOST}-${YEAR}.${MONTH}.${DAY}.log");
};
log {
source(s_network);
destination(d_local);
};
But as the blog author says, there are no auto log rotation/flushing, you may setup a cron job to achieve this:
create a file named rotate_and_flush.sh as below
rotate_and_flush.sh
# to compress 2 days old logs
find /var/log/syslogng/ -name "*.log" -daystart -ctime +2 -type f -exec gzip {} \;
# to remove 14 days old logs
find /var/log/syslogng/ -name "*.gz" -daystart -ctime +14 -type f -exec rm {} \;
adding a volumes entry - "./rotate_and_flush.sh:/etc/cron.daily/rotate_and_flush.sh"
at syslogng
container to mount rotate_and_flush.sh
into container's /etc/cron.hourly/
, which will execute that script hourly:
docker-compose.yml
version: '3'
services:
logspout:
image: gliderlabs/logspout:latest
restart: always
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
command: syslog+udp://syslogng:514
syslogng:
image: balabit/syslog-ng:latest
restart: always
command: -F --no-caps
volumes:
- "/logs/:/var/log/syslogng/"
- "./syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf"
- "./rotate_and_flush.sh:/etc/cron.daily/rotate_and_flush.sh"
I have created a repo to do the above things and modified to use logrotate to rotate log files. see: https://github.com/allenyllee/locallogm
It would be great if logspout could ship logs to the local host syslog, rather than just remote syslog, without having to have a UDP or TCP listener on the host syslog.
I know docker 1.6 kind of introduces this anyway with --log-driver, but its missing many options, not very configurable until docker 1.8 --log-opt, and it would be great if logspout could do this anyway.