using syslog to ship the docker container logs to logstash
Just wondering because I set up an environment and tried to make it work with syslog (so syslog ships the logs from docker container to logstash) but for now it’s not working .. just wondering if there’s something wrong with my logic.
2 Solutions collect form web for “using syslog to ship the docker container logs to logstash”
There’s no way for messages in /var/log/syslog to magically route to logstash without something configured to forward messages. Something must send the logs to logstash. You have a few options:
- Configure your app to send log messages to stdout rather than to /var/log/syslog, and run logspout to collect stdout from all the running containers and send messages to your logstash endpoint.
- Run rsyslog inside your container and configure a syslog daemon such as rsyslog to send messages to your logstash endpoint
- Bind mount /dev/log from the host to your container by passing
docker runwhen starting your container. On the host, configure your syslog daemon to send messages to logstash.
You could use the docker syslog driver to send docker logs straight from docker containers to logstash. Just have to add some parameters when you run your container