Journald logging driver
The journald logging driver sends container logs to the systemd journal. Log entries can be retrieved using the journalctl command, through use of the journal API, or using the docker logs command.
In addition to the text of the log message itself, the journald log driver stores the following metadata in the journal with each message:
| Field | Description |
|---|---|
CONTAINER_ID | The container ID truncated to 12 characters. |
CONTAINER_ID_FULL | The full 64-character container ID. |
CONTAINER_NAME | The container name at the time it was started. If you use docker rename to rename a container, the new name is not reflected in the journal entries. |
CONTAINER_TAG | The container tag (log tag option documentation). |
CONTAINER_PARTIAL_MESSAGE | A field that flags log integrity. Improve logging of long log lines. |
Usage
Configure the default logging driver by passing the --log-driver option to the Docker daemon:
$ dockerd --log-driver=journald
To configure the logging driver for a specific container, use the --log-driver flag on the docker run command.
$ docker run --log-driver=journald ...
Options
Use the --log-opt NAME=VALUE flag to specify additional journald logging driver options.
tag
Specify template to set CONTAINER_TAG value in journald logs. Refer to log tag option documentation to customize the log tag format.
labels and env
The labels and env options each take a comma-separated list of keys. If there is collision between label and env keys, the value of the env takes precedence. Each option adds additional metadata to the journal with each message.
Note regarding container names
The value logged in the CONTAINER_NAME field is the name of the container that was set at startup. If you use docker rename to rename a container, the new name is not reflected in the journal entries. Journal entries will continue to use the original name.
Retrieving log messages with journalctl
Use the journalctl command to retrieve log messages. You can apply filter expressions to limit the retrieved messages to those associated with a specific container:
$ sudo journalctl CONTAINER_NAME=webserver
You can use additional filters to further limit the messages retrieved. The -b flag only retrieves messages generated since the last system boot:
$ sudo journalctl -b CONTAINER_NAME=webserver
The -o flag specifies the format for the retried log messages. Use -o json to return the log messages in JSON format.
$ sudo journalctl -o json CONTAINER_NAME=webserver
Retrieving log messages with the journal API
This example uses the systemd Python module to retrieve container logs:
import systemd.journal
reader = systemd.journal.Reader()
reader.add_match('CONTAINER_NAME=web')
for msg in reader:
print '{CONTAINER_ID_FULL}: {MESSAGE}'.format(**msg)
journald configuration
Docker hosts with many containers may produce large amounts of logging data. By default, journald limits the number of messages stored per service per time-unit.
If your application needs large-scale logging, configure RateLimitIntervalSec and RateLimitBurst in the journald configuration file. By default, systemd drops messages in excess of 1000 messages per service per 30 seconds. For more information about configuring journald, see the journald documentation.
© 2017 Docker, Inc.
Licensed under the Apache License, Version 2.0.
Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.
Docker, Inc. and other parties may also have trademark rights in other terms used herein.
https://docs.docker.com/v1.12/engine/admin/logging/journald/