The docker logs<\/b> command batch-retrieves logs present at the time of execution. The docker logs<\/b> command shows information logged by a running container. The docker service logs<\/b> command shows information logged by all containers participating in a service. The information that is logged and the format of the log depends almost entirely on the container\u2019s endpoint command.<\/p>\n
These logs are basically stored at “\/var\/lib\/docker\/containers\/.log”<\/b>, So basically it is not easy to use this file by using Filebeat<\/b> because the file will change every time when the new container is up with a new container id.<\/p>\n
So, How to monitor these logs which are formed in different files ?<\/b> For this Docker logging driver were introduced to monitor the docker logs.<\/p>\n
Docker includes multiple logging mechanisms to help you get information from running containers & services. These mechanisms are called logging drivers<\/b>. These logging drivers are configured for the docker daemon.<\/p>\n
To configure the Docker daemon to default to a specific logging driver, set the value of log-driver to the name of the logging driver in the daemon.json file, which is located in \/etc\/docker\/<\/b> on Linux hosts or C:\\ProgramData\\docker\\config\\<\/b> on Windows server hosts.<\/p>\n
The default logging driver is json-file<\/b>. The following example explicitly sets the default logging driver to syslog:<\/p>\n
{ <\/span> After configuring the log driver in daemon.json<\/b> file, you can define the log driver & the destination where you want to send the logs for example logstash & fluentd etc. You can define it either on the run time execution command as “–log-driver=syslog –log-opt syslog-address=udp:\/\/logstash:5044”<\/b> or if you are using a docker-compose file then you can define it as:<\/p>\n “` Once you have configured the log driver, it will send all the docker logs to the configured destination. And now if you will try to see the docker logs on the terminal using the docker logs<\/b> command, you will get a msg:<\/p>\n “` Because all the logs have been parsed to the destination.<\/p>\n Let me give you an example that how i configured logging driver fluentd<\/b> Step 1:<\/b> Create a docker network.<\/p>\n “` Step 2:<\/b> Create a container for elasticsearch inside a docker network.<\/p>\n “` Step 3:<\/b> Create a fluentd configuration where you will be configuring the logging driver inside the fluent.conf<\/b> which is further being copied inside the fluentd docker image.<\/p>\n fluent.conf<\/b><\/p>\n “` <\/span><\/p>\n @type forward @type copy<\/p>\n @type elasticsearch @type stdout<\/p>\n “`<\/p>\n This will also create an index naming as fluentd & host is defined in the name of the service defined for elasticsearch.<\/p>\n Step 4:<\/b> Build the fluentd image and create a docker container from that.<\/p>\n Dockerfile.fluent<\/b><\/p>\n “` Here the logging driver pluggin is been installed and configured inside the fluentd.<\/p>\n Now build the docker image. And create a container.<\/p>\n “` Step 5:<\/b> Now you need to create a container whose logs you want to see on kibana by configuring it on the run time. In this example, I am creating an nginx container and configuring it for the log driver.<\/p>\n “` Step 6:<\/b> Finally you need to create a docker container for kibana inside the same network.<\/p>\n “` Now, You will be able to check the logs for the nginx container on kibana by creating an index fluentd-*<\/b>.<\/p>\n Types of Logging driver which can be used:<\/p>\n Driver<\/b> Description<\/b><\/p>\n The docker logs command batch-retrieves logs present at the time of execution. The docker logs command shows information logged by a running container. The docker service logs command shows information logged by all containers participating in a service. The information that is logged and the format of the log depends almost entirely on the container\u2019s … Continue reading “Docker Logging Driver”<\/span><\/a><\/p>\n","protected":false},"author":172651618,"featured_media":29900,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[28070474,4504191],"tags":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/opstree.com\/blog\/wp-content\/uploads\/2025\/11\/DevSecOps-1.jpg","jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pfDBOm-46","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/posts\/254"}],"collection":[{"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/users\/172651618"}],"replies":[{"embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/comments?post=254"}],"version-history":[{"count":3,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/posts\/254\/revisions"}],"predecessor-version":[{"id":1554,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/posts\/254\/revisions\/1554"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/media\/29900"}],"wp:attachment":[{"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/media?parent=254"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/categories?post=254"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/opstree.com\/blog\/wp-json\/wp\/v2\/tags?post=254"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n “log-driver”: “syslog”<\/span>
\n}<\/span><\/p>\n
\nlogging:
\ndriver: fluentd
\noptions:
\nfluentd-address: “192.168.1.1:24224”
\ntag: “{{ container_name }}”
\n“` <\/span><\/span><\/p>\n
\nError response from daemon: configured logging driver does not support reading
\n“` <\/span><\/p>\n
\nand parse those logs onto Elasticsearch and viewed them on Kibana. In this case I am configuring the logging driver at the run-time by installing the logging driver plugin inside the fluentd but not in daemon.json. So make sure that your containers are created inside the same docker network where you will be configuring the logging driver.<\/p>\n
\ndocker network create docker-net
\n“` <\/span><\/p>\n
\ndocker run -itd –name elasticsearch -p 9200:9200 –network=docker-net elasticsearch:6.4.1
\n“` <\/span><\/p>\n
\nport 24224
\nbind 0.0.0.0<\/p>\n
\nhost elasticsearch
\nport 9200
\nlogstash_format true
\nlogstash_prefix fluentd
\nlogstash_dateformat %Y%m%d
\ninclude_tag_key true
\ntype_name access_log
\ntag_key app
\nflush_interval 1s
\nindex_name fluentd
\ntype_name fluentd<\/p>\n
\nFROM fluent\/fluentd:latest
\nCOPY fluent.conf \/fluentd\/etc\/
\nRUN [“gem”, “install”, “fluent-plugin-elasticsearch”, “–no-rdoc”, “–no-ri”, “–version”, “1.9.5”]
\n“` <\/span><\/p>\n
\ndocker build -t fluent -f Dockerfile.fluent .
\ndocker run -itd –name fluentd -p 24224:24224 –network=docker-net fluent
\n“` <\/span><\/p>\n
\ndocker run -itd –name nginx -p 80:80 –network=docker-net –log-driver=fluentd –log-opt fluentd-address=udp:\/\/:24224 opstree\/nginx:server
\n“` <\/span><\/p>\n
\ndocker run -itd –name kibana -p 5601:5601 –network=docker-net kibana
\n“` <\/span><\/p>\n\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n