docker logspout

https://hub.docker.com/r/jplock/rsyslog/

docker pull jplock/rsyslog:8.2.2

docker run -d -p 514:514 jplock/rsyslog:8.2.2

https://github.com/gliderlabs/logspout

Using logspout (cannot start without route)

Route all container output to remote syslog

The simplest way to use logspout is to just take all logs and ship to a remote syslog. Just pass a syslog URI (or several comma separated URIs) as the command. Also, we always mount the Docker Unix socket with -v to/var/run/docker.sock:

$ docker run --name="logspout" 
    --volume=/var/run/docker.sock:/var/run/docker.sock 
    gliderlabs/logspout 
    syslog://logs.papertrailapp.com:55555

logspout will gather logs from other containers that are started without the -t option.

To see what data is used for syslog messages, see the syslog adapter docs.

Ignoring specific containers

You can tell logspout to ignore specific containers by setting an environment variable when starting your container, like so:-

    $ docker run -d -e 'LOGSPOUT=ignore' image

Inspect log streams using curl

Using the httpstream module, you can connect with curl to see your local aggregated logs in realtime. You can do this without setting up a route URI.

$ docker run -d --name="logspout" 
    --volume=/var/run/docker.sock:/var/run/docker.sock 
    --publish=127.0.0.1:8000:80 
    gliderlabs/logspout
$ curl http://127.0.0.1:8000/logs

You should see a nicely colored stream of all your container logs. You can filter by container name and more. You can also get JSON objects, or you can upgrade to WebSocket and get JSON logs in your browser.

See httpstream module for all options.

Create custom routes via HTTP

Using the routesapi module logspout can also expose a /routes resource to create and manage routes.

$ curl $(docker port `docker ps -lq` 8000)/routes 
    -X POST 
    -d '{"source": {"filter": "db", "types": ["stderr"]}, "target": {"type": "syslog", "addr": "logs.papertrailapp.com:55555"}}'

That example creates a new syslog route to Papertrail of only stderr for containers with db in their name.

Routes are stored on disk, so by default routes are ephemeral. You can mount a volume to /mnt/routes to persist them.

See routesapi module for all options.