Docker is a tool designed to make it easier to create, deploy, and run applications by using containers. Containers allow a developer to package up an application with all of the parts it needs, such as libraries and other dependencies, and ship it all out as one package.



Docker and Fluentd

You can automatically forward Docker container logs to fluentd by using Docker’s built-in fluentd log-driver. Unomaly ships with a default fluentd container that ingests log data into Unomaly. So you can use Docker to ingest logs to Unomaly via Unomaly’s fluentd component.

Log-driver configuration

You need to configure the Docker daemon to forward logs to the default fluentd receiver. The file /etc/docker/daemon.json on the instance running Docker should include the following to enable forwarding:


{
    "log-driver": "fluentd",
    "log-opts": {
        "fluentd-address": "my-unomaly-host:24224",
        "tag": "my-source-host.{{.DaemonName}}.{{.ImageName}}.{{.Name}}.{{.ID}}",
        "fluentd-async-connect": "true"
    }
}

  • The first part of tag (“my-source-host”) denotes the server hostname where the docker daemon is running, so change that to the hostname used of your source system.
  • The tag property defines the format of syslog messages that are forwarded to fluentd. For example, specifying:

 {{.ImageName}}/{{.Name}}/{{.ID}}

… yields syslog log lines like:


Aug  7 18:33:19 HOSTNAME hello-world/foobar/5790672ab6a0[9103]: Hello from Docker.

You may customize the tag as you see fit to to generate syslog messages that you think are good/informative.

  • Docker needs to be restarted after making the changes. On Debian based systems, Docker can be restarted using the following command:
sudo service docker restart

Configure system names

The default file /DATA/fluentd/etc/fluent.conf on the Unomaly host names systems in the Unomaly user interface based on the tag. You can change how those system names are created.

If, for example, the full source path from Docker looks like this:

my-source-host.docker.nginx-latest.my-container.123456

.. then you may customize the system name to be used using record transformer. For instance, if you want, to use my-source-host.docker-nginx-latest as the system name, replace:

hostname "${tag_parts[2]}"

with:

hostname "${tag_prefix[2]}"

… in the fluentd configuration file.

For changes to be applied, fluentd needs to be restarted. This can be done with the following command:

unomaly restart fluentd