How to track docker container log with non-root user?

Question

How to track docker container log with non-root user?

I want to track the docker container log from a non-root user (td-agent) and on the host server,

sudo chmod o+rx /var/lib/docker sudo find /var/lib/docker/containers/ -type d -exec chmod o+rx {} \; sudo find /var/lib/docker/containers/ -type f -exec chmod o+r {} \;

But the directory rollback directory is 600 and each container directory contains 600.

 # find /var/lib/docker/containers -ls 143142 4 drwx------ 4 root root 4096 Aug 14 12:01 /var/lib/docker/containers 146027 4 drwx------ 2 root root 4096 Aug 14 12:00 /var/lib/docker/containers/145efa73652aad14e1706e8fcd1597ccbbb49fd756047f3931270b46fe01945d 146031 4 -rw-r--r-- 1 root root 190 Aug 14 12:00 /var/lib/docker/containers/145efa73652aad14e1706e8fcd1597ccbbb49fd756047f3931270b46fe01945d/hostconfig.json 146046 4 -rw-r--r-- 1 root root 13 Aug 14 12:00 /var/lib/docker/containers/145efa73652aad14e1706e8fcd1597ccbbb49fd756047f3931270b46fe01945d/hostname 146047 4 -rw-r--r-- 1 root root 174 Aug 14 12:00 /var/lib/docker/containers/145efa73652aad14e1706e8fcd1597ccbbb49fd756047f3931270b46fe01945d/hosts 146030 4 -rw-r--r-- 1 root root 3305 Aug 14 12:00 /var/lib/docker/containers/145efa73652aad14e1706e8fcd1597ccbbb49fd756047f3931270b46fe01945d/config.json 146049 4 -rw------- 1 root root 1853 Aug 14 12:00 /var/lib/docker/containers/145efa73652aad14e1706e8fcd1597ccbbb49fd756047f3931270b46fe01945d/145efa73652aad14e1706e8fcd1597ccbbb49fd756047f3931270b46fe01945d-json.log 146050 4 drwx------ 2 root root 4096 Aug 14 12:01 /var/lib/docker/containers/f09796f978ef5bab1449d2d10d400228eb76376579e7e33c615313eeed53f370 146054 4 -rw-r--r-- 1 root root 190 Aug 14 12:01 /var/lib/docker/containers/f09796f978ef5bab1449d2d10d400228eb76376579e7e33c615313eeed53f370/hostconfig.json 146056 4 -rw-r--r-- 1 root root 13 Aug 14 12:01 /var/lib/docker/containers/f09796f978ef5bab1449d2d10d400228eb76376579e7e33c615313eeed53f370/hostname 146057 4 -rw-r--r-- 1 root root 174 Aug 14 12:01 /var/lib/docker/containers/f09796f978ef5bab1449d2d10d400228eb76376579e7e33c615313eeed53f370/hosts 146053 4 -rw-r--r-- 1 root root 3286 Aug 14 12:01 /var/lib/docker/containers/f09796f978ef5bab1449d2d10d400228eb76376579e7e33c615313eeed53f370/config.json 146058 4 -rw------- 1 root root 1843 Aug 14 12:01 /var/lib/docker/containers/f09796f978ef5bab1449d2d10d400228eb76376579e7e33c615313eeed53f370/f09796f978ef5bab1449d2d10d400228eb76376579e7e33c615313eeed53f370-json.log

How to track this every json.log ? or any other good way to monitor?

+5

docker fluentd

sanemat Aug 14 '14 at 16:10

source share

4 answers

As I discussed in detail in this answer , which the OP never recognized, I believe that the best approach is to configure the applications running in the container to write messages to syslog and mount the host syslog socket into the container.

docker run -v /dev/log:/dev/log ...

The disadvantage of this approach is that if the syslog daemon on the host restarts, the container will lose its socket, since the daemon restores the socket when it restarts.

The fix is to add another socket (in rsyslog this can be done using the imuxsock module ). Create an additional socket in some known directory, and then directly bind the directory instead of /dev/log . The additional socket will also be deleted when rsyslog reboots, but will be updated and available to the application in the directory after the restart.

+1

Ben whaley Aug 14 '14 at 21:52

source share

One easy way to deal with this problem is to connect the host /sys/fs/cgroup to the Docker container that runs in_docker_metrics. See https://github.com/bdehamer/docker-librato

+1

Kiyoto tamura Sep 03 '14 at 0:21

source share

With the help of the Sematext Docker Agent (open-source, github), you can do this for you. You do not need td-agent. The SDA will collect logs, as well as events and indicators. See https://github.com/sematext/sematext-agent-docker and https://sematext.com/docker

0

user3148164 Aug 05 '16 at 4:34

source share

nacyot · Accepted Answer · 2014-08-14T18:14:37+0000

logspout is another way to collect logs. I'm not sure this is the best solution, but it is very interesting and consistent way to collect containers containers logs. I'm not sure this is the best solution, but it is very interesting and consistent way to collect containers logs. I'm not sure this is the best solution, but it is very interesting and consistent way to collect containers magazines.

You just need to run the logspout container. This container has a function that sends docker container logs to another syslog server. (or you can also use HTTP api. see repository )

 # (172.17.42.1 is host ip address) $ docker run -v=/var/run/docker.sock:/tmp/docker.sock progrium/logspout syslog://172.17.42.1:5140

And fluentd, which runs on the host, can process these logs through syslog protocal. The following is an example of td-agent.conf. It receives the logs from syslog protocal and sends them to the elasticsearch server. (check out this sample project )

 <source> type syslog port 5140 bind 0.0.0.0 tag syslog.udp format /^(?<time>.*?) (?<container_id>.*?) (?<container_name>.*?): (?<message>.*?)$/ time_format %Y-%m-%dT%H:%M:%S%z </source> <match syslog.**> index_name <ES_INDEX_NAME> type_name <ES_TYPE_NAME> type elasticsearch host <ES_HOST> port <ES_PORT> flush_interval 3s </match>

How to track docker container log with non-root user?

More articles: