Docker Sidecar Logging

Logging with Docker can be tricky, and often times there are constraints around where logs can be sent. Especially in an enterprise environment, popular logging providers may not be a possibility. Not to mention, configuring logging at the daemon level isn’t supported by all of the Docker tools and products, which can throw a major monkey wrench into your plans. The sidecar approach side steps all of these issues by running just like another container on the machine and forwarding the logs to the destination of your choosing. In this post I am going to focus on syslog, but this can also be translated to other formats if necessary.

Configuring the Daemon

So I know what you are thinking, I thought this was the sidecar approach. Since, we are forwarding our logs we need to put limits on the json-file logs locally as to not overflow the machine. You will need to add the follow configuration to your Docker daemon configuration method. Feel free to adjust any of the following settings to meet your needs.

--log-driver json-file # logging driver
--log-opt max-size=50m # max size of a log file
--log-opt max-file=4 # number of files to create before discarding logs

Configuring Logspout

Logspout is from Gliderlabs, it forwards the logs from the host to a central source. Below is the default syslog implementation, it will also restart if the container loses connection and on system restarts.

# syslog over udp
docker run -d --name=logspout \
    --restart always \
    -v /var/run/docker.sock:/var/run/docker.sock \
    gliderlabs/logspout \
    syslog://logs.example.com:1111


# syslog over tcp
docker run -d --name=logspout \
    --restart always \
    -v /var/run/docker.sock:/var/run/docker.sock \
    gliderlabs/logspout \
    syslog+tcp://logs.example.com:1111