Menu
I usually run applications as docker containers because of its high flexibility and availability. Is there a way to get the container logs into my logstash server.
841
Docker writes the container logs in files. FileBeat then reads those files and transfer the logs into ElasticSearch. FileBeat is used as a replacement for Logstash. It was created because Logstash requires a JVM and tends to consume a lot of resources.
As a default, Docker uses the json-file logging driver, which caches container logs as JSON internally.
The docker logs command shows information logged by a running container. The docker service logs command shows information logged by all containers participating in a service. The information that is logged and the format of the log depends almost entirely on the container's endpoint command.
Docker includes multiple logging mechanisms to help you get information from running containers and services by means of logging drivers.
Each Docker daemon has a default logging driver, which each container uses unless you configure it to use a different logging driver.
You can simply get your container logs by configuring Logstash as follows and running the container whose logs are to be viewed by changing its default log driver to syslog.
#logstash.conf
input {
tcp {
port => 5000
}
}
output {
stdout {}
}
The below two commands will display the hello-world container logs in logstash.
docker run -it --rm --name=logstash -p 5000:5000 -v /path/to/logstash.conf:/usr/share/logstash/config/logstash.yml docker.elastic.co/logstash/logstash:7.14.0
docker run --log-driver=syslog --log-opt syslog-address=tcp://<logstash-system-ip>:5000 hello-world
The output of Logstash can even sent to elasticsearch by simply configuring the output section as,
elasticsearch {
hosts => ["<elastic-system-ip>:9200"]
}
Visit https://docs.docker.com/engine/admin/logging/overview/
86
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With