Skip to:
Container Level Logs
Logs can be forwarded to a remote host via docker supported protocols. By default, Docker writes all logs to the Docker Host. Complete documentation on supported logging drivers can be found here: https://docs.docker.com/config/containers/logging/configure/
Warning
If the container logs are redirected at the container level, the logs will not show in the local logs. The only place the logs will show will be in the Remote Logging host.
Example:
- Ubuntu Docker Host
- Container Name: oe-9001
- Remote Syslog Server: 192.168.10.15
- Remote Syslog Server Port: 10514
- Remote Syslog Transport: TCP
cd /var/virtru/vg/scripts
nano setup-oe-9001.sh
Once inside the script file, modify the logging entries to match:
docker run \
--env-file /var/virtru/vg/env/oe-9001.env \
-v /var/virtru/vg/tls/:/etc/postfix/tls \
-v /var/virtru/vg/queue/oe-9001/:/var/spool/postfix \
-v /var/virtru/vg/dkim/:/etc/opendkim/keys \
--hostname gw.example.com \
--name oe-9001 \
--publish 9001:25 \
--interactive --tty --detach \
--restart unless-stopped \
--log-driver syslog \
--log-opt syslog-address=tcp://192.168.10.15:10514 \
virtru/gateway:2.2.18
Host Level Logs
Logs can be read locally and directed to a remote syslog server.
Note: There will be additional events generated beyond the container logs
Example:
- Ubuntu Docker Host
- Remote Syslog Server: 192.168.10.15
- Remote Syslog Server Port: 10514
- Remote Syslog Transport: TCP
nano /etc/rsyslog.d/50-default.conf
Add at the top:
*.* action(type="omfwd" target="192.168.10.15" port="10514" protocol="tcp" action.resumeRetryCount="100" queue.type="linkedList" queue.size="10000")
This will forward all host syslog entries to the remote syslog and retry 100 times and queue up 10000 entries before discarding any. Due to the nature of TCP, if the remote syslog server is unavailable all entries will be blocked and discarded if the remote server is unavailable and a retry queue is not set.