Docker: syslog-ng setup

Submitted by root on

root's picture

In this article I will show you how to create and set up a syslog-ng in docker container and redirect logs from another container to it.
You should have already a running docker set up. If you do not know how to do that, do a search on this page as I have created several articles for it. Also, web is full of it.

1. Edit the syslog-ng configuration file

What I did was to get the default syslog-ng.conf from within the docker container and edit it according to my needs.
This set up below will create messages_local for syslog-ng logs and messages_HOST_PROGRAM for each docker container, automatically, without any additional filter.
It will work on the fly, you do not need to add custom filters for each docker you configure to send it's messages there.

@version: 3.29
@include "scl.conf"

source s_local {
	internal();
};

source s_network {
	default-network-drivers(
	);
};

destination d_local {
        file("/var/log/messages_local");
};

destination d_network {
	file("/var/log/messages_${HOST}_${PROGRAM}" template("$(format-welf --scope all-nv-pairs)\n") frac-digits(3));
};

log {
        source(s_local);
        destination(d_local);
};

log {
	source(s_network);
	destination(d_network);
};

2. Start syslog-ng docker container - this is how I run mine:

DOCKER_IP=192.168.11.30
DOCKER_NAME=syslog
DOCKER_IMAGE=balabit/syslog-ng:latest
DATA_DIR=/docker/DATA/services/syslog/logs
CONFIG_FILE=/docker/DATA/services/syslog/syslog-ng.conf

docker run -d \
  --name ${DOCKER_NAME} \
  --restart=always \
  --publish ${DOCKER_IP}514:514/udp \
  --publish ${DOCKER_IP}601:601 \
  --publish ${DOCKER_IP}6514:6514 \
  --volume ${DATA_DIR}:/var/log \
  --volume ${CONFIG_FILE}:/etc/syslog-ng/syslog-ng.conf \
  ${DOCKER_IMAGE}

The running container should look like this:

23:22:55 root@sonic:logs# docker container ls | grep syslog
dd5bcd591fb4        balabit/syslog-ng:latest                         "/usr/sbin/syslog-ng…"   4 hours ago         Up 4 hours (healthy)   192.168.11.30:601->601/tcp, 192.168.11.30:514->514/udp, 192.168.11.30:6514->6514/tcp                                                                                                                                                   syslog

3. Start the container for which you want to send the logs to our newly created syslog container as follows:

This container runs bind9 with a custom docker image.

DOCKER_IP=192.168.11.25
DOCKER_IMAGE=bind9
DATA_DIR=/docker/DATA/services/bind9
docker run -d \
  --restart=always \
  --name ${DOCKER_NAME} \
  --log-driver=syslog \
  --log-opt syslog-address=udp://192.168.11.30:514 \
  --log-opt tag=${DOCKER_NAME} \
  --log-opt syslog-format=rfc5424micro \
  --publish ${DOCKER_IP}53:53/udp \
  --publish ${DOCKER_IP}53:53/tcp \
  -v ${DATA_DIR}:/etc/bind \
  ${DOCKER_IMAGE}

5. Now go to your syslog folder and see if the logs were created

In this setup, you should have the following logs there:

23:40:50 root@sonic:logs# ls
messages_local  messages_sonic_bind9

That's it. Enjoy!

Useful links:
https://docs.docker.com/config/containers/logging/syslog/

Thou shalt not steal!

If you want to use this information on your own website, please remember: by doing copy/paste entirely it is always stealing and you should be ashamed of yourself! Have at least the decency to create your own text and comments and run the commands on your own servers and provide your output, not what I did!

Or at least link back to this website.

Recent content

tmutil: command line interface into Time Machine
root
macOS: tmutil set quota
root
ESXi: how to change the MTU of vmkernek (vmk) interface (when UI fails)
root
ESXi: A bunch of useful commands and information
root
How to repair a sparsebundle image
root
macOS: How to Show and Hide Hidden Files in macOS Finder
root
Samsung 870 QVO 2TB: Speed Tests and comparison with Adata SU650 and Kingston K600
root
Ubiquiti EdgeRouter X - thoughts and tips
root
Qnap TR-004 short review - why I cannot use it
root
Speed test of Icy Box IB-3805-C31, a 5 disks enclosure from Raidsonic
root
Asus ROG Sheath in 2024: a HUGE Mousepad, Bigger Than Logitech G840 XL
root
Debian DRBD: How to resize drbd and OCFS2 online
root
Ubuntu: Fast Install With VMware Fusion
root
The one with APC Back-UPS BE850G2-GR: Charge Whatever With It, From Phone to Computer And BEYOND :D
root
File Sharing Problems? Downgrade from macOS Ventura to Monterey
root
VIOFO A139 Quad HD Dash Camera - 3 Channels Camera in a 2 Channels Package. Confused?
root
CarPlay not working with iPhone 15 Pro? Seven Type C cables tested with Mazda 3 BP with USB-A Port
root
Apple Watch Series 9? Not Yet! I Still Love My "Seven of Nine" 19 months later
root
The Wooden Playhouse Project
root
ESXi 7: Create VMFS Partition Via Command Line
root
5 Months with iPhone 15 Pro: Not PERFECT But... Must See. From Gaming to ProRes Requirements.
root
How to build a 25U 600x600 Server Rack
root
Thermaltake Pure 20 fan - HUGE and quiet!
root
Docker: how to increase php memory "the docker way"
root
Mousepad Logitech G840
root
Global Chip Shortage? Build this oddity: PC From 2009 With GeForce GTX 1050ti 4G
root
Brigadier: How to use it to Download Boot Camp Drivers
root
Bombardier: How to use it to Download Boot Camp Drivers
root
Logitech Pro X Wired Gaming Headset (2nd gen): review + mic test with G HUB on Windows 11 and macOS
root
macOS: extract user's image
root