So after setting up a Graylog instance, I attempted to get all my containers redirecting their logs there. I found that setting the gelf driver in every single container to be a little tedious, so I looked up some more docs and found that I could set it globally via cloud-config.
After doing so and restarting the machine, however, the docker daemon wouldn’t stop restarting, as it couldn’t access the local unix socket. Lo and behold, /var/run/docker.sock was an (empty) executable file, rather than a socket. Disabling the driver and restarting again returned it to its previous state.
Anyone know what might cause this and how I might sort it out? I don’t relish the sheer amount of copypasta required to get all my containers logging as desired.
Alternately, simple solutions to the overarching problem of collecting the logs are also acceptable, as I’m less interested in setting up the gelf driver, and more interested in getting the log data to graylog. I’ve seen a potential solution that involves switching the driver to journald, then redirecting that to systemd, then collecting that and sending it to graylog. Slightly more work than I’d prefer, but it’s likely to be my last resort.