Introduction

In this article, I will explain how to dockerize Rsyslog server and build a decoupled and scalable centralized logging mechanism. Below is a quick introduction of Docker and Rsyslog

Rsyslogd: Reliable and extended syslogd utility providing support for message logging.

Docker: Platform for containerizing application

Why should I containerize the Rsyslog server?

As a developer or a system administrator, it is very much important to ship logs from all devices and applications to a central logging device to troubleshoot a problem or run analytics. As the infrastructure grows, log volume increases and our central logging infrastructure should be able to dynamically scale and handle the load with minimal or no downtime. It is easy to scale an application when it is decoupled.

How to decouple the Rsyslog server?

Let me explain this with an example, suppose we have 3 microservices(frontend, backend, API) we can run 3 Rsyslog docker services with a group of containers and have highly available architecture as shown in the below diagram.

Example Rsyslogd Microservices architecture

Also, note that this is one of the ways to decouple Rsyslog. Depending on the environment you can choose the one that fits best. My intention here is to demonstrate that we can decouple Rsyslog.

Now let’s get into the implementation.