I’ve been playing around with Docker this morning (read as I have followed their 15 min tutorial and have installed it on an Ubuntu instance – so I’m not quite the expert yet). I was initially interested in figuring out what log management looks like for any Docker users out there.

From first look, Docker has a “logs” command that will fetch the logs from a container. You can run this via the docker daemon and it will captures all the stdout / stderr from the process you’re running:

$ docker logs $CONTAINER_ID .

I ran the ‘hello world daemon’ example, routed the output to a log file and even managed to send the events to Logentries using the Logentries agent on my Ubuntu host that was running the Docker container.

However, using the Docker “logs” command is a little primitive, as every time you run docker logs container_id you get all the logs of that process from the beginning.

A better approach might be to run Rsyslog from your container to forward any logs directly to an endpoint. One of our clever engineers put together a quick Dockerfile for me to test this out. (Thanks Chris!)

Here’s what it looks like:

FROM ubuntu:saucy<br></br>

RUN echo "deb http://us.archive.ubuntu.com/ubuntu/ precise main

universe" >> /etc/apt/source.list

RUN apt-get update

RUN apt-get -y install rsyslog

ADD ./logentries.conf /etc/rsyslog.d/logentries.conf

And what it does:

grabs the ubuntu:saucy image

installs Rsyslog

adds a config file for forwarding your log events to Logentries (note you can modify this with any endpoint so that you can forward your logs to wherever you want)

To test this out I cloned Chris’ git repo,

$ git clone https://github.com/m0wfo/le-docker.git

Then ran the following commands, which builds the Docker image, launches the container and attaches to the container instance:

$ cd le-docker<br></br>

$ sudo docker build -t le/example .<br></br>

$ sudo docker run -i -t le/example /bin/bash<br></br>```

I next opened the logentries.conf file and added my Logentries log token of a new “token based” log that I created in my Logentries UI:

$ vi /etc/rsyslog.d/logentries.conf

It looks like this:

Simply replace TOKEN with your log token found here:

Finally I started Rsyslog, and created some test events using the “logger” command.

$ rsyslogd<br></br>

$ logger this is a test

Now I see logs streaming into Logentries from my Docker container via Rsyslog!!!

(Thanks again Chris!)