docker => syslog (RFC5424, non-transparent) => telegraf => (*)
Docker can use syslog as a log driver.
Anyway it transport syslog message towards destination using the non-transparent framing technique (also if deprecated by the octet-counting).
Using the telegraf syslog input plugin link.
Steps:
-
Start a telegraf on your localhost with
telegraf.conf
-
Configure docker to use the syslog log driver placing the following JSON into
/etc/docker/daemon.json
directory.{ "log-driver": "syslog", "log-opts": { "syslog-address": "tcp://127.0.0.1:6514", "syslog-format": "rfc5424", "mode": "non-blocking", } }
-
Look at the telegraf logs (configure a
output.influxdb
output to send the measurements, fields, and tags extracted from syslog messages directly to InfluxDB)
Another possible setup:
-
Start a containerised telegraf with such configuration
docker run -v $(pwd)/telegraf.conf:/etc/telegraf/telegraf.conf -p 6514:6514 --name tele -d telegraf:1.9.2
-
Start some spammy container with syslog log driver and options
docker run -it --log-driver syslog --log-opt syslog-address="tcp://127.0.0.1:6514" --log-opt syslog-format=rfc5424 somespammyimage somespammycommand
-
Enjoy at
docker logs -f tele
(same as above applies to send them to InfluxDB or other outputs).