using syslog to ship the docker container logs to logstash

Can logs in a docker container … say logs located in /var/log/syslog get shipped to logstash without using any additional components such as lumberjack and logspout?

Just wondering because I set up an environment and tried to make it work with syslog (so syslog ships the logs from docker container to logstash) but for now it’s not working .. just wondering if there’s something wrong with my logic.

  • docker-machine on mac does not work with docker-engine protected by self-create CA
  • Difference between Docker ENTRYPOINT and Kubernetes container spec COMMAND?
  • Firewall for the container in docker
  • How to grab remote latest maven tar.gz file?
  • Transmit Heroku environement variables to Docker instance
  • Configure the network interfaces of the host a docker container is running on
  • Docker build state
  • Run docker as non-root in a development environment for an specific process
  • Setup Java development environment with Docker
  • How to run a command in a container using Docker Compose?
  • Docker Build Error
  • How to reduce memory consumption of docker containers?
  • 2 Solutions collect form web for “using syslog to ship the docker container logs to logstash”

    There’s no way for messages in /var/log/syslog to magically route to logstash without something configured to forward messages. Something must send the logs to logstash. You have a few options:

    1. Configure your app to send log messages to stdout rather than to /var/log/syslog, and run logspout to collect stdout from all the running containers and send messages to your logstash endpoint.
    2. Run rsyslog inside your container and configure a syslog daemon such as rsyslog to send messages to your logstash endpoint
    3. Bind mount /dev/log from the host to your container by passing -v /dev/log:/dev/log to docker run when starting your container. On the host, configure your syslog daemon to send messages to logstash.

    You could use the docker syslog driver to send docker logs straight from docker containers to logstash. Just have to add some parameters when you run your container

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.