Docker – How to write docker output to stdout/stderr as daemon

docker

So we can run a docker container as a daemon:

docker run -d --name foo foo

and then read the logs:

docker logs -f foo

but I am wondering how to only write to stdout/stderr, so that I can send the logs to splunk or cloudwatch etc. Something like:

(
  docker run --name foo foo &|  capture_logs
) & disown

what is the official way to do this?

Best Answer

You can use logging options as @Michael pointed out and as described in the following docs

Generally speaking there are at least two ways to do it which will be discussed briefly below.

Using splunk driver as shown in here.

Start by creating an event collector token as described in the docs. The token will be used within splunk driver configuration.

docker cli example

docker run -d \
           --log-driver=splunk \
           --log-opt splunk-token=176FCEBF-4CF5-4EDF-91BC-703796522D20 \
           --log-opt splunk-url=https://splunkhost:8088 \
           --log-opt tag=foo-logs \
           --name foo foo

docker-compose example

version: '3.7'
services:
  foo_app:
  ...
  logging:
    driver: splunk
    options:
      tag: foo-logs
      splunk-token: 176FCEBF-4CF5-4EDF-91BC-703796522D20
      splunk-url: https://splunkhost:8088
  ...

Using syslog driver as shown in here.

docker cli example:

docker run \
      -–log-driver syslog –-log-opt tag=foo-logs \
      --name foo foo

docker-compose example:

version: '3.7'
services:
  foo_app:
  ...
  logging:
    driver: syslog
    options:
      tag: foo-logs
  ...

This will send all container logs to local syslog, you can take it from there and forward these to external udp port where splunk is ready to receive your logs.

So lets say that the Splunk server will receive the logs on port 514 then you need to add this to rsyslogd configuration and then restart rsyslogd service

# /etc/rsyslog.d/20-splunk.conf
:syslogtag, contains, "foo-logs" @splunk_url:514;RSYSLOG_SyslogProtocol23Format

Alternatively, if you intend to make it global for all containers then you can configure the logging through the /etc/docker/daemon.json file itself like below (and don't forget to restart the docker service):

In case of syslog

{
  "log-driver": "syslog"
}

In case of splunk

{
  "log-driver": "splunk",
  "log-opts": {
    "splunk-token": "176FCEBF-4CF5-4EDF-91BC-703796522D20",
    "splunk-url": "https://splunkhost:8088",
    ...
  }
}

Checkout the list of supported logging driver

Related Solutions

Docker – How to debug a docker container initialization

Docker events command may help and Docker logs command can fetch logs even after the image failed to start.

First start docker events in the background to see whats going on.

docker events&

Then run your failing docker run ... command. Then you should see something like the following on screen:

2015-12-22T15:13:05.503402713+02:00 xxxxxxxacd8ca86df9eac5fd5466884c0b42a06293ccff0b5101b5987f5da07d: (from xxx/xxx:latest) die

Then you can get the startup hex id from previous message or the output of the run command. Then you can use it with the logs command:

docker logs <copy the instance id from docker events messages on screen>

You should now see some output from the failed image startup.

As @alexkb suggested in a comment: docker events& can be troublesome if your container is being constantly restarted from something like AWS ECS service. In this scenario it may be easier to get the container hex id out of the logs in /var/log/ecs/ecs-agent.log.<DATE>. Then use docker logs <hex id>.

Logging in Docker – How to Make a Docker Application Write to stdout

An amazing recipe is given in the nginx Dockerfile:

# forward request and error logs to docker log collector
RUN ln -sf /dev/stdout /var/log/nginx/access.log \
    && ln -sf /dev/stderr /var/log/nginx/error.log

Simply, the app can continue writing to it as a file, but as a result the lines will go to stdout & stderr!

Best Answer

Related Solutions

Docker – How to debug a docker container initialization

Logging in Docker – How to Make a Docker Application Write to stdout

Related Topic