Search code examples
dockersyslog

Get syslog of application that runs inside docker and writes to syslog only

I have a dockerized application which only write logs to syslog. How can I inspect its logs Should I run syslog daemon inside docker?

I can change the Dockerfile, but cannot change the application itself.

Solution

  • Typically, you'd want your messages to end up on either standard out or standard error (stdout and stderr.) Once you can do that, all of the docker tools for managing and searching logs become available to you.

    As detailed here, there are quite a few options to force a docker application write to stdout instead of a file. However, if your application writes only to syslog, it's a little more tricky. None of the solutions in that thread worked for me to redirect syslog to stdout/stderr.

    However, I did find a project, syslog2stdout, which is a simple program which listens to the syslog socket, and writes the messages that come through to stdout.

    Here's how to use it in Docker.

    Here's an example Python program that logs to syslog. If you run this normally under docker, nothing will show up, either on your terminal or in system logs.

    import syslog
syslog.syslog("bar123")

    Here's a dockerfile which installs both that program and syslog2stdout:

    FROM python:3.10
COPY test.py /
RUN git clone https://github.com/ossobv/syslog2stdout.git \
 && cd syslog2stdout \
 && git checkout 142793f
RUN cd syslog2stdout \
 && make \
CMD /syslog2stdout/syslog2stdout /dev/log & python3 test.py

    (Note: The base image is not important - I'm just using a Python image because my test application is written in Python.)

    If I run that, I get this output:

    $ docker build . -t test
$ docker run -it test
user.info: test.py: bar123

    ...which is the message we wanted to log.

    Alternatives

    • You can also bind mount /dev/log into the container. I don't like this much from a security perspective, but it is simple and it gets the logging into your host's logging daemon.

    • You can run systemd inside a container, and have it manage your application. Since systemd has a logging daemon integrated with it, you automatically get syslog forwarding. Given the complexity of systemd, I wouldn't go this way, but it's an option.