using syslog to ship the docker container logs to logstash

Can logs in a docker container … say logs located in /var/log/syslog get shipped to logstash without using any additional components such as lumberjack and logspout?

Just wondering because I set up an environment and tried to make it work with syslog (so syslog ships the logs from docker container to logstash) but for now it’s not working .. just wondering if there’s something wrong with my logic.

  • Project Atomic - Cockpit doesnt install through Vagrant
  • Having Docker image renaming issue
  • Node-inspector in docker container using docker-compose
  • Unable to bring apache2 home page in my browser while configuring nodes by puppet
  • Which commands of the defined Linux Distribution are available in a Docker container?
  • how can I find docker image with specific tag in docker registry in docker command line?
  • apt-add-repository: command not found error in Dockerfile
  • Docker: How to connect to Postgresql container without exposing port
  • Visual studio 2017 docker error running app
  • Link nodejs app to Rethinkdb from another container
  • How to create an serverless infrastructure with docker?
  • Kafka and Docker: Pushing a Kafka Messages to the another's Dockerized Consumer
  • 2 Solutions collect form web for “using syslog to ship the docker container logs to logstash”

    There’s no way for messages in /var/log/syslog to magically route to logstash without something configured to forward messages. Something must send the logs to logstash. You have a few options:

    1. Configure your app to send log messages to stdout rather than to /var/log/syslog, and run logspout to collect stdout from all the running containers and send messages to your logstash endpoint.
    2. Run rsyslog inside your container and configure a syslog daemon such as rsyslog to send messages to your logstash endpoint
    3. Bind mount /dev/log from the host to your container by passing -v /dev/log:/dev/log to docker run when starting your container. On the host, configure your syslog daemon to send messages to logstash.

    You could use the docker syslog driver to send docker logs straight from docker containers to logstash. Just have to add some parameters when you run your container

    https://docs.docker.com/engine/admin/logging/overview/#supported-logging-drivers

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.