using syslog to ship the docker container logs to logstash

Can logs in a docker container … say logs located in /var/log/syslog get shipped to logstash without using any additional components such as lumberjack and logspout?

Just wondering because I set up an environment and tried to make it work with syslog (so syslog ships the logs from docker container to logstash) but for now it’s not working .. just wondering if there’s something wrong with my logic.

  • Docker container linking via port forwarding?
  • How to save config file inside a running container?
  • How to use Makefile in docker-machine
  • Docker can't start MariaDB/MySQL during Docker build
  • Does Docker EXPOSE make a new layer?
  • Docker image vs container
  • Should I use separate Docker containers for my web app?
  • aws ecr access authenticator required
  • How to use docker-machine on a private server?
  • What's the purpose of binding vip addr in every container of a service in docker 1.12?
  • /bin/sh: 1: gvm: not found
  • How to link two docker containers which are spawned with two different docker-compose.yml
  • 2 Solutions collect form web for “using syslog to ship the docker container logs to logstash”

    There’s no way for messages in /var/log/syslog to magically route to logstash without something configured to forward messages. Something must send the logs to logstash. You have a few options:

    1. Configure your app to send log messages to stdout rather than to /var/log/syslog, and run logspout to collect stdout from all the running containers and send messages to your logstash endpoint.
    2. Run rsyslog inside your container and configure a syslog daemon such as rsyslog to send messages to your logstash endpoint
    3. Bind mount /dev/log from the host to your container by passing -v /dev/log:/dev/log to docker run when starting your container. On the host, configure your syslog daemon to send messages to logstash.

    You could use the docker syslog driver to send docker logs straight from docker containers to logstash. Just have to add some parameters when you run your container

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.