Logging drivers – Containerization with Docker

Docker logging and logging drivers

Docker not only changed how applications are deployed but also the workflow for log management. Instead of writing logs to files, containers write logs to the console (stdout/stderr). Docker then uses a logging driver to export container logs to the specified destinations.

Container log management

Log management is an essential function within Docker, as with any application. However, due to the transient nature of Docker workloads, it becomes more critical as we lose the filesystem and potentially logs when the container is deleted or faces any issue. So, we should use log drivers to export the logs into a particular place and store and persist it. If you have a log analytics solution, the best place for your logs to be is within it. Docker supports multiple log targets via logging drivers. Let’s have a look.

Logging drivers

At the time of writing, the following logging drivers are available:

  • none: No logs are available for the container, and therefore they are not stored anywhere.
  • local: Logs are stored locally in a custom format, which minimizes overhead.
  • json-file: The log files are stored in JSON format. This is the default Docker logging driver.
  • syslog: This driver usessyslog for storing the Docker logs as well. This option makes sense when you use syslog as your default logging mechanism.
  • journald: Uses journald to store Docker logs. You can use the journald command line to browse the container and the Docker daemon logs.
  • gelf: Sends logs to a Graylog Extended Log Format (GELF) endpoint such as Graylog or Logstash.
  • fluentd: Sends logs to Fluentd.
  • awslogs: Sends logs to AWS CloudWatch.
  • splunk: Sends logs to Splunk using the HTTP Event Collector.
  • etwlogs: Sends logs to Event Tracing for Windows (ETW) events. You can only use it on Windows platforms.
  • gcplogs: Sends logs to Google Cloud Logging.
  • logentries: Sends logs to Rapid7 Logentries.

While all these are viable options, we will look at journald and Splunk. While journald is a native operating system service monitoring option, Splunk is one of the most famous log analytics and monitoring tools. Now, let’s understand how to configure a logging driver.

Leave a Reply

Your email address will not be published. Required fields are marked *