Docker + rsyslog Log Collection

In this article, we will explore how to set up log collection using Docker and rsyslog, and also discuss the configuration of logrotate.

Dockerfile Configuration

To enable log collection in Docker, we need to configure the Dockerfile accordingly. Here's an example of a Dockerfile that installs rsyslog and sets up the necessary configurations:

FROM ubuntu
RUN apt update && apt install -y rsyslog
ADD rsyslog.conf /etc/rsyslog.conf
CMD /etc/init.d/rsyslog restart && tail -f

In the above Dockerfile, we start with an Ubuntu base image and install rsyslog using the package manager. We then add a custom rsyslog.conf file to the container's /etc directory. Finally, we restart the rsyslog service and use the tail -f command to keep the container running and display log output.

rsyslog.conf Configuration

The rsyslog.conf file contains the configuration for rsyslog, including the log input and output settings. Here's an example snippet from the rsyslog.conf file:

#module(load="imuxsock") # provides support for local system logging
# provides TCP syslog reception
input(type="imtcp" port="514")

In the above snippet, we enable the TCP syslog reception by loading the imtcp module and configuring it to listen on port 514.

docker-compose Configuration

To configure log collection for a Docker container using docker-compose, we can specify the logging driver and options in the docker-compose.yml file. Here's an example configuration:

      driver: syslog
        syslog-address: tcp://
        syslog-facility: local0
        tag: parsec

In the above configuration, we set the logging driver to syslog and specify the syslog address, facility, and tag. This will send the container logs to the specified syslog server.

Logrotate Configuration

Logrotate is a utility that allows for the automatic rotation and compression of log files. While logrotate is not a service itself, it can be triggered by a crontab entry. On Ubuntu, logrotate is already installed by default.

To configure logrotate, you can create a logrotate configuration file in the /etc/logrotate.d/ directory. Here's an example of a logrotate configuration file:

/path/to/log/file {
    rotate 7

In the above configuration, we specify the path to the log file that we want to rotate. We set the rotation count to 7, meaning that log files will be rotated and kept for 7 days. The log rotation will occur daily, and the rotated logs will be compressed. The missingok option tells logrotate to not produce an error if the log file is missing, and the notifempty option ensures that empty log files are not rotated.

By configuring logrotate, you can ensure that your log files are properly managed and do not consume excessive disk space.


In this article, we discussed how to set up log collection using Docker and rsyslog. We explored the Dockerfile configuration, rsyslog.conf settings, docker-compose configuration, and logrotate setup. By following these steps, you can effectively collect and manage logs from your Docker containers.

- Docker Logging with Syslog
- rsyslog Configuration Properties

2023-02-08 13:51:44 | NOTE | 0 Comments


Leave A Comment