This integration is a Docker container that uses Filebeat to collect logs from other Docker containers and forward them to your Logz.io account.

To use docker-collector-logs, you’ll set environment variables when you run the container. The Docker logs directory and docker.sock are mounted to the container, allowing Filebeat to collect the logs and metadata.

Upgrading to a newer version

  • Upgrading to a newer version of docker-collector-logs while it is already running will cause it to resend logs that are within the ignoreOlder timeframe. You can minimize log duplicates by setting the ignoreOlder parameter of the new docker to a lower value (for example, 20m).

  • Version 0.1.0 of docker-collector-logs includes breaking changes. Please see the project’s change log for further information.

Deploy the Docker collector

Pull the Docker image

Download the logzio/docker-collector-logs image.

docker pull logzio/docker-collector-logs
Run the Docker image

For a complete list of options, see the parameters below the code block.👇

docker run --name docker-collector-logs \
--env LOGZIO_TOKEN="<<SHIPPING-TOKEN>>" \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
-v /var/lib/docker/containers:/var/lib/docker/containers \
logzio/docker-collector-logs
Parameters
Parameter Description
LOGZIO_TOKEN Your Logz.io account token. Replace <<SHIPPING-TOKEN>> with the token of the account you want to ship to.
LOGZIO_REGION Default: US region.
Logz.io region code to ship the logs to. This region code changes depending on the region your account is hosted in. For example, accounts in the EU region have region code eu.
For more information, see Account region on the Logz.io Docs.
LOGZIO_TYPE Docker image name The log type you’ll use with this Docker. This is shown in your logs under the type field in Kibana.
Logz.io applies parsing based on type.
LOGZIO_CODEC plain Set to json if shipping JSON logs. Otherwise, set to plain.
ignoreOlder 3h Set a time limit on back shipping logs. Upgrading to a newer version of docker-collector-logs while it is already running will cause it to resend logs that are within the ignoreOlder timeframe. You can minimize log duplicates by setting the ignoreOlder parameter of the new docker to a lower value (for example, 20m).
additionalFields Include additional fields with every message sent, formatted as "fieldName1=fieldValue1;fieldName2=fieldValue2".
To use an environment variable, format as "fieldName1=fieldValue1;fieldName2=$ENV_VAR_NAME". In that case, the environment variable should be the only value in the field. If the environment variable can’t be resolved, the field is omitted.
matchContainerName Comma-separated list of containers you want to collect the logs from. If a container’s name partially matches a name on the list, that container’s logs are shipped. Otherwise, its logs are ignored.
Note: Can’t be used with skipContainerName
skipContainerName Comma-separated list of containers you want to ignore. If a container’s name partially matches a name on the list, that container’s logs are ignored. Otherwise, its logs are shipped.
Note: Can’t be used with matchContainerName
includeLines Comma-separated list of regular expressions to match the lines that you want to include.
Note: Regular expressions in this list should not contain commas.
excludeLines Comma-separated list of regular expressions to match the lines that you want to exclude.
Note: Regular expressions in this list should not contain commas.

By default, logs from docker-collector-logs and docker-collector-metrics containers are ignored.

Check Logz.io for your logs

Spin up your Docker containers if you haven’t done so already. Give your logs some time to get from your system to ours, and then open Kibana.

If you still don’t see your logs, see log shipping troubleshooting.

Set up logzio-logging-plugin

Before you begin, you’ll need: Docker Engine 17.05 or later, Docker Community Edition (Docker CE) 18.03 or later

Install the plugin from the Docker store
docker plugin install store/logzio/logzio-logging-plugin:1.0.0 \
--alias logzio/logzio-logging-plugin

Check to see if logzio-logging-plugin is enabled.

docker plugin ls --filter enabled=true

If logzio-logging-plugin isn’t on the list, enable it now.

docker plugin enable logzio/logzio-logging-plugin
Configure global settings with daemon.json

You can configure all containers with the same options using daemon.json.

For a complete list of options, see the configuration parameters below the code sample.👇

Code sample
{
  "log-driver": "logzio/logzio-logging-plugin",
  "log-opts": {
    "logzio-url": "<<LISTENER-HOST>>",
    "logzio-token": "<<SHIPPING-TOKEN>>",
    "logzio-dir-path": "/path/to/logs/"
  }
}
Parameters
Parameter Description
logzio-token Your Logz.io account token. Replace <<SHIPPING-TOKEN>> with the token of the account you want to ship to.
logzio-url Listener URL and port.
Replace <<LISTENER-HOST>> with your region’s listener host (for example, listener.logz.io). For more information on finding your account’s region, see Account region.
logzio-dir-path Unsent logs are saved to this location on the disk.
logzio-source Event source.
logzio-format text Log message format, either json or text.
logzio-tag {{.ID}} (Container ID) Log tag. For more information, see Log tags for logging driver from Docker.
labels Comma-separated list of labels to include in the log message.
env Comma-separated list of environment variables to include in the log message.
env-regex A regular expression to match logging-related environment variables. Used for advanced log tag options. If there is collision between the label and env keys, env wins. Both options add additional fields to the attributes of a logging message.
logzio-attributes JSON-formatted metadata to include in the log message.
(Optional) Set environment variables

Some logzio-logging-plugin options are controlled using environment variables. Each of these variables has a default value, so you can skip this step if you’re comfortable with the defaults.

Environment variables
Parameter Description
LOGZIO_DRIVER_LOGS_DRAIN_TIMEOUT 5s Time to wait between sending attempts.
LOGZIO_DRIVER_DISK_THRESHOLD 70 Threshold, as % of disk usage, over which plugin will start dropping logs.
LOGZIO_DRIVER_CHANNEL_SIZE 10000 The number of pending messages that can be in the channel before adding them to the disk queue.
LOGZIO_MAX_MSG_BUFFER_SIZE 1048576 (1 MB) Appends logs that are segmented by Docker with 16kb limit. Specifies the biggest message, in bytes, that the system can reassemble. 1048576 (1 MB) maximum.
LOGZIO_MAX_PARTIAL_BUFFER_DURATION 500ms How long the buffer keeps the partial logs before flushing them.
(Optional) Override global settings for an individual container

You can configure the plugin separately for each container when using the docker run command.

Code sample
docker run --log-driver=logzio/logzio-logging-plugin \
--log-opt logzio-token=<<SHIPPING-TOKEN>> \
--log-opt logzio-url=https://<<LISTENER-HOST>>:8071 \
--log-opt logzio-dir-path=./docker_logs \
--log-opt logzio-tag="{{Name}}/{{FullID}}" \
--log-opt labels=region \
--log-opt env=DEV \
--env "DEV=true" \
--label region=us-east-1 \
<<DOCKER-IMAGE-NAME>>

Replace <<SHIPPING-TOKEN>> with the token of the account you want to ship to.

Replace <<LISTENER-HOST>> with your region’s listener host (for example, listener.logz.io). For more information on finding your account’s region, see Account region.

For a complete list of options, see the configuration parameters in step 2.☝️

Check Logz.io for your logs

Spin up your Docker containers if you haven’t done so already. Give your logs some time to get from your system to ours, and then open Kibana.

If you still don’t see your logs, see log shipping troubleshooting.