Docker Hub automated builds for
gliderlabs/logspout:latest
andprogrium/logspout:latest
are now pointing to therelease
branch. Formaster
, usegliderlabs/logspout:master
. Individual versions are also available as saved images in releases.
Logspout is a log router for Docker containers that runs inside Docker. It attaches to all containers on a host, then routes their logs wherever you want. It also has an extensible module system.
It's a mostly stateless log appliance. It's not meant for managing log files or looking at history. It is just a means to get your logs out to live somewhere else, where they belong.
For now it only captures stdout and stderr, but a module to collect container syslog is planned.
Logspout is a very small Docker container (15.2MB virtual, based on Alpine). Pull the latest release from the index:
$ docker pull gliderlabs/logspout:latest
You can also download and load a specific version:
$ curl -s dl.gliderlabs.com/logspout/v2.tgz | docker load
The simplest way to use logspout is to just take all logs and ship to a remote syslog. Just pass a syslog URI (or several comma separated URIs) as the command. Here we show use of the tls
encrypted transport option in the URI. Also, we always mount the Docker Unix socket with -v
to /var/run/docker.sock
:
$ docker run --name="logspout" \
--volume=/var/run/docker.sock:/var/run/docker.sock \
gliderlabs/logspout \
syslog+tls://logs.papertrailapp.com:55555
logspout will gather logs from other containers that are started without the -t
option and are configured with a logging driver that works with docker logs
(journald
and json-file
).
To see what data is used for syslog messages, see the syslog adapter docs.
You can tell logspout to ignore specific containers by setting an environment variable when starting your container, like so:-
$ docker run -d -e 'LOGSPOUT=ignore' image
Or, by adding a label which you define by setting an environment variable when running logspout:
$ docker run --name="logspout" \
-e EXCLUDE_LABEL=logspout.exclude \
--volume=/var/run/docker.sock:/var/run/docker.sock \
gliderlabs/logspout
$ docker run -d --label logspout.exclude=true image
You can tell logspout to only include certain containers by setting filter parameters on the URI:
$ docker run \
--volume=/var/run/docker.sock:/var/run/docker.sock \
gliderlabs/logspout \
raw://192.168.10.10:5000?filter.name=*_db
$ docker run \
--volume=/var/run/docker.sock:/var/run/docker.sock \
gliderlabs/logspout \
raw://192.168.10.10:5000?filter.id=3b6ba57db54a
$ docker run \
--volume=/var/run/docker.sock:/var/run/docker.sock \
gliderlabs/logspout \
raw://192.168.10.10:5000?filter.sources=stdout%2Cstderr
Note that you must URL-encode parameter values such as the comma in filter.sources
.
You can route to multiple destinations by comma-separating the URIs:
$ docker run \
--volume=/var/run/docker.sock:/var/run/docker.sock \
gliderlabs/logspout \
raw://192.168.10.10:5000?filter.name=*_db,syslog+tls://logs.papertrailapp.com:55555?filter.name=*_app
Using the httpstream module, you can connect with curl to see your local aggregated logs in realtime. You can do this without setting up a route URI.
$ docker run -d --name="logspout" \
--volume=/var/run/docker.sock:/var/run/docker.sock \
--publish=127.0.0.1:8000:80 \
gliderlabs/logspout
$ curl http://127.0.0.1:8000/logs
You should see a nicely colored stream of all your container logs. You can filter by container name and more. You can also get JSON objects, or you can upgrade to WebSocket and get JSON logs in your browser.
See httpstream module for all options.
Using the routesapi module logspout can also expose a /routes
resource to create and manage routes.
$ curl $(docker port `docker ps -lq` 8000)/routes \
-X POST \
-d '{"source": {"filter": "db", "types": ["stderr"]}, "target": {"type": "syslog", "addr": "logs.papertrailapp.com:55555"}}'
That example creates a new syslog route to Papertrail of only stderr
for containers with db
in their name.
Routes are stored on disk, so by default routes are ephemeral. You can mount a volume to /mnt/routes
to persist them.
See routesapi module for all options.
Logspout relies on the Docker API to retrieve container logs. A failure in the API may cause a log stream to hang. Logspout can detect and restart inactive Docker log streams. Use the environment variable INACTIVITY_TIMEOUT
to enable this feature. E.g.: INACTIVITY_TIMEOUT=1m
for a 1-minute threshold.
You can tell logspout to use your custom CA certificate by simply mounting your directory with certificates to /mnt/ca/:
$ docker run -d \
--name logspout \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /path/to/ca/dir/:/mnt/ca/ \
gliderlabs/logspout \
tls://logs.my.server.com
You can set custom CA certificate directory by adding CA_PATH env:
$ docker run -d \
--name logspout \
-e "CA_PATH=/data/ca/" \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /path/to/ca/dir/:/data/ca/ \
gliderlabs/logspout \
tls://logs.my.server.com
You can tell logspout to use your custom client certificate by simply mounting your directory with certificate and key to /mnt/cert/:
$ docker run -d \
--name logspout \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /path/to/cert/dir/:/mnt/cert/ \
gliderlabs/logspout \
tls://logs.my.server.com
Logspout will automatically load certificates with file extensions crt and cert, keys with .key extension.
Example: user.cert, user.key
You can set custom client certificate directory by adding CERT_PATH env:
$ docker run -d \
--name logspout \
-e "CERT_PATH=/data/cert/" \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /path/to/cert/dir/:/data/cert/ \
gliderlabs/logspout \
tls://logs.my.server.com
The standard distribution of logspout comes with all modules defined in this repository. You can remove or add new modules with custom builds of logspout. Just edit the modules.go
file and do a docker build
.
- adapters/raw
- adapters/syslog
- transports/tcp
- transports/tls
- transports/udp
- httpstream
- routesapi
- logspout-kafka
- logspout-redis...
- logspout-logstash
- logspout-redis-logstash
Use logspout to stream your docker logs to Loggly via the Loggly syslog endpoint.
$ docker run --name logspout -d --volume=/var/run/docker.sock:/var/run/docker.sock \
-e SYSLOG_STRUCTURED_DATA="<Loggly API Key>@41058 tag=\"some tag name\"" \
gliderlabs/logspout \
syslog+tcp://logs-01.loggly.com:514
As usual, pull requests are welcome. You can also propose releases by opening a PR against the release
branch from master
. Please be sure to bump the version and update CHANGELOG.md
and include your changelog text in the PR body.
Discuss logspout development with us on Freenode in #gliderlabs
.
This project was made possible by DigitalOcean and Deis.