Skip to main content

Sending logs from Docker to centralised log server

Docker logs are not handled through rsyslog (at least not by default), since I am using Graylog, I use a version of logspout which has been built with a GELF adapter.

 

Step 1 - Add container to docker-compose

For my purposes I am using logspout to send logs from my home assistant docker deployment, but the same configuration can be used along with any other docker setup.

  logspout: # chose to use this instead of setting logging levels on each container
    container_name: logspout
    image: vincit/logspout-gelf
    hostname: ha-docker
    restart: unless-stopped
    environment:
      - TZ=Europe/Dublin
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    command:
      - "gelf://${LOGSPOUT_SERVER}:12201"

hostname will be the name that will show up as the source in graylog.

LOGSPOUT_SERVER should be the address of the graylog server. Note that if Graylog is on the internal proxmox network behind PfSense, this should be the PfSense WAN address and the port should be forwarded to the graylog server <guide to come>

 

Step 2 - Add Input to Graylog

Log in to Graylog and select Systems/Inputs -> Inputs

Back to top