balabit/syslog-ng
syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods
50M+
balabit/syslog-ng
docker logs [containerID]
commandsyslog-ng.conf
or fall back to use the default oneThe following ports are exposed:
Syslog-ng will listen on these ports and forwards the logs into the file
/var/log/syslog
. You can check the default configuration in the source
repository of this image.
Please check the syslog-ng image tags at the official docker repository to know what image versions exist [https://registry.hub.docker.com/u/balabit]
Assume that the following ports are not used on host machine, because they can conflict: 514
, 601
:
sudo docker run -it -p 514:514/udp -p 601:601 --name syslog-ng balabit/syslog-ng:latest
By default syslog-ng will not print any debug messages to the console. If you want to see more debug messages you need to start the containers in this way:
sudo docker run -it -p 514:514/udp -p 601:601 --name syslog-ng balabit/syslog-ng:latest -edv
You can override the default configuration by mounting a configuration file under /etc/syslog-ng/syslog-ng.conf
:
sudo docker run -it -v "$PWD/syslog-ng.conf":/etc/syslog-ng/syslog-ng.conf balabit/syslog-ng:latest
An example is used to describe how syslog-ng can read logs from other containers.
Assume that you have already running an apache2
container which exposes its logs as a mounted volume under "/var/log/apache2/". We will read the apache logs and send them to a remote host (1.2.3.4:514
). The example syslog-ng configuration file is stored in the current directory as syslog-ng.conf
.
@version: 3.7
source s_apache {
file("/var/log/apache2/access.log");
};
destination d_remote {
tcp("1.2.3.4" port(514));
};
log {
source(s_apache);
destination(d_remote);
};
Now we can start syslog-ng:
sudo docker run -it --volumes-from [containerID for apache2] -v "$PWD/syslog-ng.conf":/etc/syslog-ng/syslog-ng.conf balabit/syslog-ng:latest
Assume that your running container has a name "syslog-ng". In this case we can enter into this container by executing the following command:
sudo docker exec -it syslog-ng /bin/bash
For detailed information on how to run your central log server in Docker and other Docker-related syslog-ng use cases, see the blog post Your central log server in Docker.
If the given configuration requires, syslog-ng tries to set some POSIX capabilities at startup, but (by default) Docker do not grant capabilities to the containers. Mainly there are three methods to circumvent this:
--no-caps
option.--cap-add
option of the Docker service.privileged
option. However, we do not recommend this method in production environments.docker pull balabit/syslog-ng