Journald logging driver

The journald logging driver sends container logs to the systemd journal. Log entries can be retrieved using the journalctl command, through use of the journal API, or using the docker logs command.

In addition to the text of the log message itself, the journald log driver stores the following metadata in the journal with each message:

Field Description
CONTAINER_ID The container ID truncated to 12 characters.
CONTAINER_ID_FULL The full 64-character container ID.
CONTAINER_NAME The container name at the time it was started. If you use docker rename to rename a container, the new name is not reflected in the journal entries.
CONTAINER_TAG The container tag (log tag option documentation).
CONTAINER_PARTIAL_MESSAGE A field that flags log integrity. Improve logging of long log lines.

Usage

Configure the default logging driver by passing the --log-driver option to the Docker daemon:

$ dockerd --log-driver=journald

To configure the logging driver for a specific container, use the --log-driver flag on the docker run command.

$ docker run --log-driver=journald ...

Options

Use the --log-opt NAME=VALUE flag to specify additional journald logging driver options.

tag

Specify template to set CONTAINER_TAG value in journald logs. Refer to log tag option documentation to customize the log tag format.

labels and env

The labels and env options each take a comma-separated list of keys. If there is collision between label and env keys, the value of the env takes precedence. Each option adds additional metadata to the journal with each message.

Note regarding container names

The value logged in the CONTAINER_NAME field is the name of the container that was set at startup. If you use docker rename to rename a container, the new name is not reflected in the journal entries. Journal entries will continue to use the original name.

Retrieving log messages with journalctl

Use the journalctl command to retrieve log messages. You can apply filter expressions to limit the retrieved messages to those associated with a specific container:

$ sudo journalctl CONTAINER_NAME=webserver

You can use additional filters to further limit the messages retrieved. The -b flag only retrieves messages generated since the last system boot:

$ sudo journalctl -b CONTAINER_NAME=webserver

The -o flag specifies the format for the retried log messages. Use -o json to return the log messages in JSON format.

$ sudo journalctl -o json CONTAINER_NAME=webserver

Retrieving log messages with the journal API

This example uses the systemd Python module to retrieve container logs:

import systemd.journal

reader = systemd.journal.Reader()
reader.add_match('CONTAINER_NAME=web')

for msg in reader:
  print '{CONTAINER_ID_FULL}: {MESSAGE}'.format(**msg)

journald configuration

Docker hosts with many containers may produce large amounts of logging data. By default, journald limits the number of messages stored per service per time-unit.

If your application needs large-scale logging, configure RateLimitIntervalSec and RateLimitBurst in the journald configuration file. By default, systemd drops messages in excess of 1000 messages per service per 30 seconds. For more information about configuring journald, see the journald documentation.

© 2017 Docker, Inc.
Licensed under the Apache License, Version 2.0.
Docker and the Docker logo are trademarks or registered trademarks of Docker, Inc. in the United States and/or other countries.
Docker, Inc. and other parties may also have trademark rights in other terms used herein.
https://docs.docker.com/v1.12/engine/admin/logging/journald/