|
1 | 1 | # logspout |
2 | 2 |
|
3 | | -A log router and HTTP interface for Docker container log streams, made to run inside Docker. Besides the routes you make, it's a stateless log appliance. It's not meant for managing log files or looking at history, just a means to get your logs out to live somewhere else, where they belong. |
| 3 | +A log router for Docker container log streams that runs entirely inside Docker. It attaches to all containers on a host, then routes their logs wherever you want. Other than the routes you make, it's a stateless log appliance. It's not meant for managing log files or looking at history, just a means to get your logs out to live somewhere else, where they belong. |
4 | 4 |
|
5 | | -## Getting and running |
| 5 | +## Getting logspout |
6 | 6 |
|
7 | 7 | Logspout is a (very small) Docker container, so you can just pull it from the index: |
8 | 8 |
|
9 | 9 | $ docker pull progrium/logspout |
10 | 10 |
|
11 | | -When running logspout, it exposes port 8000 and needs two mounts. The first is the Docker Unix socket. The second is a directory to persist routes. We mount both with `-v`: |
| 11 | +### Using logspout |
12 | 12 |
|
13 | | - $ docker run -d -P \ |
14 | | - -v=/var/run/docker.sock:/var/run/docker.sock \ |
15 | | - -v=/var/lib/logspout:/mnt/routes \ |
| 13 | +#### Route all logs to remote syslog |
| 14 | + |
| 15 | +The simplest way to use logspout is to just take all logs and ship to a remote syslog. Just pass a default syslog target URI as the command. Also, we always mount the Docker Unix socket with `-v` to `/tmp/docker.sock`: |
| 16 | + |
| 17 | + $ docker run -v=/var/run/docker.sock:/tmp/docker.sock progrium/logspout syslog://logs.papertrailapp.com:55555 |
| 18 | + |
| 19 | +Logs will be tagged with the container name. The hostname will be the hostname of the logspout container, so you probably want to set it to the hostname of the host by adding `-h $HOSTNAME`. |
| 20 | + |
| 21 | +#### Inspect log streams using curl |
| 22 | + |
| 23 | +Whether or not you run it with a default routing target, if you publish it's port 8000, you can connect with curl to see your local aggregated logs in realtime. |
| 24 | + |
| 25 | + $ docker run -d -p 8000:8000 \ |
| 26 | + -v=/var/run/docker.sock:/tmp/docker.sock \ |
16 | 27 | progrium/logspout |
| 28 | + $ curl $(docker port `docker ps -lq` 8000)/logs |
| 29 | + |
| 30 | +You should see a nicely colored stream of all your container logs. You can also filter by name, ID, log type, and more. Or you can get JSON objects, or you can upgrade to WebSocket and get JSON logs in your browser. |
| 31 | + |
| 32 | +See [Streaming Endpoints](#streaming-endpoints) for more details. |
| 33 | + |
| 34 | +#### Create custom routes via HTTP |
| 35 | + |
| 36 | +Along with streaming endpoints, logspout also exposes a `/routes` resource to create and manage routes. |
17 | 37 |
|
18 | | -Both need to be mounted in these specific paths inside the container, but where you keep the routes on the host could be anywhere. It could also be a regular Docker volume. If you don't mount a volume at `/mnt/routes`, it will only store routes in memory. |
| 38 | + $ curl $(docker port `docker ps -lq` 8000)/logs -X POST \ |
| 39 | + -d '{"source": {"filter": "db", "types": ["stderr"]}, target": {"type": "syslog", "addr": "logs.papertrailapp.com:55555"}}' |
19 | 40 |
|
20 | | -You can optionally pass an argument to install a catch-all route in the form `<type>://<addr>`. For example, to route all logs via syslog to `192.168.1.111:514`, run like this: |
| 41 | +That example creates a new syslog route to [Papertrail](https://papertrailapp.com) of only `stderr` for containers with `db` in their name. |
21 | 42 |
|
22 | | - $ docker run -d -P \ |
23 | | - -v=/var/run/docker.sock:/var/run/docker.sock \ |
24 | | - -v=/var/lib/logspout:/mnt/routes \ |
25 | | - progrium/logspout syslog://192.168.1.111:514 |
| 43 | +By default, routes are ephemeral. But if you mount a volume to `/mnt/routes`, they will be persisted to disk. |
26 | 44 |
|
27 | 45 | ## HTTP API |
28 | 46 |
|
|
0 commit comments