using syslog to ship the docker container logs to logstash

Can logs in a docker container … say logs located in /var/log/syslog get shipped to logstash without using any additional components such as lumberjack and logspout?

Just wondering because I set up an environment and tried to make it work with syslog (so syslog ships the logs from docker container to logstash) but for now it’s not working .. just wondering if there’s something wrong with my logic.

  • Extending local Dockerfile
  • How to visit another host inside docker?
  • Docker on a Server 2016 Virtual Machine
  • Transmit Heroku environement variables to Docker instance
  • docker postgres with initial data is not persisted over commits
  • How to gain bash access to a docker container after its ran
  • Is Docker running within WSL or connecting back to Windows?
  • What's a sane way to define custom travis job?
  • Docker says there is already a container with the same name that exists despite there are no containers
  • Synchronizing numeric user id's between Dockerfiles and docker-compose.yml?
  • mocha not return anything when using docker
  • Symfony - Unknown MySQL server host when using command line
  • 2 Solutions collect form web for “using syslog to ship the docker container logs to logstash”

    There’s no way for messages in /var/log/syslog to magically route to logstash without something configured to forward messages. Something must send the logs to logstash. You have a few options:

    1. Configure your app to send log messages to stdout rather than to /var/log/syslog, and run logspout to collect stdout from all the running containers and send messages to your logstash endpoint.
    2. Run rsyslog inside your container and configure a syslog daemon such as rsyslog to send messages to your logstash endpoint
    3. Bind mount /dev/log from the host to your container by passing -v /dev/log:/dev/log to docker run when starting your container. On the host, configure your syslog daemon to send messages to logstash.

    You could use the docker syslog driver to send docker logs straight from docker containers to logstash. Just have to add some parameters when you run your container

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.