How To Run Rsyslog in a Docker Container for Logging

I’ve been playing around with Docker this morning (read as I have followed their 15 min tutorial and have installed it on an Ubuntu instance – so I’m not quite the expert yet). I was initially interested in figuring out what log management looks like for any Docker users out there.

From first look, Docker has a “logs” command that will fetch the logs from a container. You can run this via the docker daemon and it will  captures all the stdout/stderr from the process you’re running:

$ docker logs $CONTAINER_ID.

I ran the ‘hello world daemon’ example, routed the output to a log file and even managed to send the events to Logentries using the Logentries agent on my Ubuntu host that was running the Docker container.

Screen Shot 2014-03-04 at 11.02.51 AM

However, using the Docker “logs” command  is a little primitive, as  every time you run docker logs container_id you get all the logs of that process from the beginning.

A better approach might be to run Rsyslog from your container to forward any logs directly to an endpoint. One of our clever engineers put together a quick Dockerfile for me to test this out. (Thanks Chris!)

Here’s what it looks like:
FROM ubuntu:saucy
RUN echo "deb http://us.archive.ubuntu.com/ubuntu/ precise main universe" >> /etc/apt/source.list
RUN apt-get update
RUN apt-get -y install rsyslog
ADD ./logentries.conf /etc/rsyslog.d/logentries.conf

And what it does:

  • grabs the ubuntu:saucy image
  • installs Rsyslog
  • adds a config file for forwarding your log events to Logentries (note you can modify this with any endpoint so that you can forward your logs to wherever you want)

To test this out I cloned Chris’ git repo,

$ git clone https://github.com/m0wfo/le-docker.git

Then ran the following commands, which builds the Docker image, launches the container and attaches to the container instance:
$ cd le-docker
$ sudo docker build -t le/example .
$ sudo docker run -i -t le/example /bin/bash

I next opened the logentries.conf file and added my Logentries log token of a new “token based” log that I created in my Logentries UI:

$ vi /etc/rsyslog.d/logentries.conf

It looks like this:

Screen Shot 2014-03-04 at 12.05.20 PM

Simply replace TOKEN with your log token found here:

Screen Shot 2014-03-04 at 12.07.07 PM

Finally I started Rsyslog, and created some test events using the “logger” command.

$ rsyslogd
$ logger this is a test

Screen Shot 2014-03-04 at 11.45.47 AM

Now I see logs streaming into Logentries from my Docker container via Rsyslog!!!

(Thanks again Chris!)


Ready to start getting insights from your applications? Sign up for a Logentries free trial today.

Tagged with: , ,
Posted in DevOps, How To, Syslog, Tips & Tricks

Leave a Reply