so I tested with journald and it works fine
TL;DR
choosing journald as log plugin for docker will make the logs appearing in all tools (docker logs, docker-compose logs, journalctl on host, syslog on host and be able to forward to graylog2 server)
Details on how to set it up
this is what I did, so if others are looking at the same solution
enabled forward to rsyslog from journald
vi nano /etc/systemd/journald.conf
added the line:
ForwardToSyslog=yes
made syslog forward to external graylog2 server
(or any other centralised log management)
Added the following in /etc/rsyslog.conf
$ActionQueueFileName fwdRule1 # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList # run asynchronously
$ActionResumeRetryCount -1 # infinite retries if host is down
*.* @@logcentral.eea.europa.eu:1514;RSYSLOG_SyslogProtocol23Format
restarted the rsyslog service.
docker-compose example logging via journald
created a sample app with journald logging
hello:
image: hello-world
log_driver: "journald"
and when started you can see the logs both with docker-compose logs
, docker logs
or within Rancher UI.
You can also see them with journalctl CONTAINER_NAME=<container_name>
The only issue I found is that in graylog2 there is no info on from which container the logs comes from. One way to achieve this is to use the tag option as which will add some identification to each log line:
log_opt:
tag: "{{.ImageName}}\{{.Name}}\{{.ID}}"
BUT the tag option for journald has been added to docker 1.11, and Rancher only supports docker 1.10.x right now. Of course docker 1.11 will soon be supported looks like
https://github.com/rancher/rancher/issues/4491