logging - Java app in Docker container does not log to syslog properly -
my goal
i have couple of different containers running inside host. share volume each other's /dev/log socket. host forwards these logs central logging server. other containers logs showing on host's /var/log/messages. other containers python programs allows logging directly append /dev/log unix domain socket.
basic configuration
i have docker container running scala app jar file. /dev/log sockets shared volumes between host , container. log4j.properties file app seems fine me , set follows:
# root logger option log4j.rootlogger=info, file, stdout, syslog # direct log messages log file log4j.appender.file=org.apache.log4j.rollingfileappender log4j.appender.file.file=log/associationrules.log log4j.appender.file.maxfilesize=10mb log4j.appender.file.maxbackupindex=10 log4j.appender.file.layout=org.apache.log4j.patternlayout log4j.appender.file.layout.conversionpattern=%d{yyyy-mm-dd hh:mm:ss} [%c{1}:%l] %-5p <%x{jobid}> %m%n # direct log messages stdout log4j.appender.stdout=org.apache.log4j.consoleappender log4j.appender.stdout.target=system.out log4j.appender.stdout.layout=org.apache.log4j.patternlayout log4j.appender.stdout.layout.conversionpattern=%d{yyyy-mm-dd hh:mm:ss} [%c{1}:%l] %-5p <%x{jobid}> %m%n # log syslog log4j.appender.syslog=org.apache.log4j.net.syslogappender log4j.appender.syslog.sysloghost=localhost log4j.appender.syslog.layout=org.apache.log4j.patternlayout log4j.appender.syslog.layout.conversionpattern=%d{yyyy-mm-dd hh:mm:ss} [%c{1}:%l] %-5p <%x{jobid}> %m%n log4j.appender.syslog.facility=local0 log4j.appender.syslog.threshold=debug log4j.appender.syslog.facilityprinting=true the stdout , file logs done properly, syslog not seem work correctly. logs show in container's /var/log/syslog, not show on host's /var/log/messages. thought syslogappender output /dev/log doesn't seem doing that.
additional details
here output in container's /var/log/syslog. see issues imuxsock not running, don't understand how logs stored on /var/log/syslog. last 2 lines app , consistent stdout , file appenders
jul 6 18:07:18 26056b722779 rsyslogd: [origin software="rsyslogd" swversion="7.4.4" x-pid="25" x-info="http://www.rsyslog.com"] start jul 6 18:07:18 26056b722779 rsyslogd: cannot create '/dev/log': address in use jul 6 18:07:18 26056b722779 rsyslogd: imuxsock not run because not aquire socket jul 6 18:07:18 26056b722779 rsyslogd-3000: activation of module imuxsock failed jul 6 18:07:18 26056b722779 rsyslogd: imklog: cannot open kernel log (/proc/kmsg): operation not permitted. jul 6 18:07:18 26056b722779 rsyslogd-2145: activation of module imklog failed [try http://www.rsyslog.com/e/2145 ] jul 6 18:07:19 localhost local0: 2015-07-06 18:07:19 [assocapp$:112] info <undefined> listening queue associationrules jul 6 18:07:19 localhost local0: 2015-07-06 18:07:19 [assocapp$:113] info <undefined> listening queue associationrules the container's base image ubuntu 14.04 java installed cmd in dockerfile container's image is:
cmd sudo service rsyslog start; java -cp /root/associationrules.jar assocapp and start container this:
docker run -d -v /dev/log:/dev/log <image> /etc/rsyslog.conf
################# #### modules #### ################# $modload imuxsock # provides support local system logging $modload imklog # provides kernel logging support #$modload immark # provides --mark-- message capability # provides udp syslog reception #$modload imudp #$udpserverrun 514 # provides tcp syslog reception #$modload imtcp #$inputtcpserverrun 514 # enable non-kernel facility klog messages $klogpermitnonkernelfacility on ########################### #### global directives #### ########################### # # use traditional timestamp format. # enable high precision timestamps, comment out following line. # $actionfiledefaulttemplate rsyslog_traditionalfileformat # filter duplicated messages $repeatedmsgreduction on # # set default permissions log files. # $fileowner syslog $filegroup adm $filecreatemode 0640 $dircreatemode 0755 $umask 0022 #$privdroptouser syslog #$privdroptogroup syslog # # place spool , state files # $workdirectory /var/spool/rsyslog # # include config files in /etc/rsyslog.d/ # $includeconfig /etc/rsyslog.d/*.conf $modload imudp $udpserverrun 514 and /etc/rsyslog.d/50-default.conf
auth,authpriv.* /var/log/auth.log *.*;auth,authpriv.none -/var/log/syslog #cron.* /var/log/cron.log #daemon.* -/var/log/daemon.log kern.* -/var/log/kern.log #lpr.* -/var/log/lpr.log mail.* -/var/log/mail.log #user.* -/var/log/user.log # # logging mail system. split # easy write scripts parse these files. # #mail.info -/var/log/mail.info #mail.warn -/var/log/mail.warn mail.err /var/log/mail.err # # logging inn news system. # news.crit /var/log/news/news.crit news.err /var/log/news/news.err news.notice -/var/log/news/news.notice # # "catch-all" log files. # #*.=debug;\ # auth,authpriv.none;\ # news.none;mail.none -/var/log/debug #*.=info;*.=notice;*.=warn;\ # auth,authpriv.none;\ # cron,daemon.none;\ # mail,news.none -/var/log/messages # # emergencies sent logged in. # *.emerg :omusrmsg:* # # have messages displayed on console, on virtual # console leave idle. # #daemon,mail.*;\ # news.=crit;news.=err;news.=notice;\ # *.=debug;*.=info;\ # *.=notice;*.=warn /dev/tty8 # named pipe /dev/xconsole `xconsole' utility. use it, # must invoke `xconsole' `-file' option: # # $ xconsole -file /dev/xconsole [...] # # note: adjust list below, or you'll go crazy if have reasonably # busy site.. # daemon.*;mail.*;\ news.err;\ *.=debug;*.=info;\ *.=notice;*.=warn |/dev/xconsole
it seems me you're overthinking this. if read question correctly, want docker container write it's syslog host machine's syslog.
the error you've described arises because you're starting second syslog daemon inside container, wants open /dev/log socket (which there).
several ideas come mind (all untested, though. enjoy caution):
why don't configure log4j write remote syslog daemon directly? eliminate both need syslog daemon inside container, , need mount
/dev/logcontainer?# log syslog log4j.appender.syslog=org.apache.log4j.net.syslogappender log4j.appender.syslog.sysloghost=<your-host-ip> # <-- insert host ip here log4j.appender.syslog.layout=org.apache.log4j.patternlayoutto keep container portable, best configure ip address of syslog server on container creation using
--add-hostflag:docker run -d --add-host sysloghost:<host-ip-here> <image>that way, can use
sysloghosthostname in log4j configuration file.if you're insistent running syslog server inside application container, should able (remember: untested!) configure relay messages remote syslog server (somewhere in
/etc/rsyslog.confor/etc/rsyslog.d):*.* @sysloghost:512 # udp forwarding # *.* @@sysloghost:512 # tcp forwardingbetter yet, why not run syslog daemon inside it's own docker container , link container application containers?
keep in mind both solutions, syslog daemon on host needs configured listen on tcp or udp socket [ref]:
$modload imudp $udpserverrun 514 alternatively [ref]:
$modload imtcp # needs done once $inputtcpmaxsessions 500 $inputtcpserverrun 514 
Comments
Post a Comment