- With Docker 1.8.0 shipped new log-driver for GELF via UDP, this means that the logs from Docker Container(s) can be shipped directly to the ELK stack for further analysis.
- This tutorial will illustrate how to use the GELF log-driver with Docker engine.
- Step 1: Setup ELK Stack:
docker run -d --name es elasticsearchdocker run -d --name logstash --link es:elasticsearch logstash -v /tmp/logstash.conf:/config-dir/logstash.conf logstash logstash -f /config-dir/logstash.conf- Note the config for Logstash can be found at this link
docker run --link es:elasticsearch -d kibana
- Once the ELK stack is up now let's fire up our nginx container which ships its logs to ELK stack.
LOGSTASH_ADDRESS=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' logstash)docker run -d --net=host --log-driver=gelf --log-opt gelf-address=udp://$LOGSTASH_ADDRESS:12201 --log-opt gelf-tag="fe" nginx- All logs from the nginx container will be shipped to our ELK stack for slicing and dicing.
- To verify that logs are being passed in visit
http://<kibana-container-ip>:5601follow through the setup and you should see the logs in Kibana.
Can I use this to send logs directly in ELK and keep them in the journal of the host?