-
Build the syslog container:
docker build -t syslog . -
Monitor the logs:
docker run --volumes-from syslog ubuntu tail -f /var/log/syslog -
Run it:
docker run --name syslog -d -v /tmp/syslogdev:/dev syslogallow syslogging from localhost over UDP (eg: port 1514):
docker run --name syslog -d -v /tmp/syslogdev:/dev -p 127.0.0.1:1514:514/udp syslog -
Start another container to send logs:
docker run -v /tmp/syslogdev/log:/dev/log ubuntu logger hello -
Alternative to #2, as of docker v1.3 use the
docker-execcommand to inspect syslog container directly, after some logs have been generateddocker exec -t syslog tail -f /var/log/syslog -
See in the log message show up in the "tail" container.
-
Logging to SemaText's Logsene service:
To log to remote Logsene service, run with these environment variables:
LOGSENE_SYSLOG_HOST- remote hostname, usually:logsene-receiver-syslog.sematext.comLOGSENE_APP_TOKEN- your Logsene application token
docker run --name syslog -d -v /tmp/syslogdev:/dev -e LOGSENE_SYSLOG_HOST=logsene-receiver-syslog.sematext.com -e LOGSENE_APP_TOKEN=<your token> -p 127.0.0.1:1514:514/udp syslog -
Logging to any remote Syslog (over UDP):
To log to a remote syslog deamon (currently UDP), run with these environment variables:
REMOTE_SYSLOG_HOST- remote hostname, eg. syslog.example.comREMOTE_SYSLOG_PORT- syslog port, defaults to 514REMOTE_SYSLOG_PROTO- protocol, udp or tcp, to talk to remote syslog server; defaults to 'udp'
docker run --name syslog -d -v /tmp/syslogdev:/dev -e REMOTE_SYSLOG_HOST=syslog.example.com -e REMOTE_SYSLOG_PORT=5140 -e REMOTE_SYSLOG_PORT=udp -p 127.0.0.1:1514:514/udp syslog -
With systemd-journald forwarding host journal to container:
READ_FROM_JOURNALD- set to 1 if you want rsyslog to read from mapped socket (assumes the socket was created by "something" eg. a syslog.socket systemd unit) Ensure that journald is configured for syslog forwarding, set the following in /etc/systemd/journal.conf.d/99-forward-to-sylog.conf
[Journal] ForwardToSyslog=yes MaxLevelSyslog=debugdocker run --name syslog -d -v /tmp/syslogdev:/dev -e READ_FROM_JOURNALD=1 -v /run/systemd/journal/syslog:/run/systemd/journal/syslog -e REMOTE_SYSLOG_HOST=syslog.example.com -e REMOTE_SYSLOG_PORT=5140 -e REMOTE_SYSLOG_PORT=udp -p 127.0.0.1:1514:514/udp syslog
Note: this container is also available on Docker Hub: https://hub.docker.com/r/mbessler/syslogdocker/
For more information on this approach, see Multiple Docker containers logging to a single syslog.
Written with StackEdit.