2022 Gartner® Magic Quadrant™ SIEM
Get the reportMore
Docker containerization is a virtualization method that allows devs to enclose a program and its file system into a single, portable package. Docker containers are quickly becoming a new standard since they offer a degree of automation that helps DevOps teams and other agile developers work more efficiently.
However, that certainly doesn’t mean containerization is free of maintenance, and it is the logs of Docker container events that are vital to proper container management. Dev teams using Docker must become familiar with Docker logging to support full-stack visibility, troubleshooting, performance improvements, and other enhancements.
When you’re working with containerized apps in Docker, however, logging becomes a bit more complex than it is with traditional methods. You need more data (compared to hardware-centric apps) to get to the heart of an issue.
Docker includes logging drivers in the platform to give you access to performance data. It also enables logging driver plugins for those who would like to integrate another logging tool. Using Docker’s logging capabilities, you can view log data at both the daemon process level and the container level.
Containers are at the core of the Docker platform, and they are the key innovation that has made waves in software development.
Like virtual machines, containers offer a form of virtualization. Although the technology has been around for some time, their popularity has risen only during the past few years, largely thanks to Docker’s efforts to make them accessible and easy to use.
Unlike a virtual machine, which creates a complete instance of a virtual operating system, a container uses only the files that are required to run an app that are not already running on the host computer. They share the kernel of the system they run on, and where they can, they share dependencies between apps.
Containers help apps run fast and lean. And because they isolate the application from the infrastructure, they also offer improved security over hardware-bound programs.
Further, containerization is aligned with an agile approach to development that uses a microservice architecture. Constructing apps from services connected via APIs, the microservice architecture enables a “divide and conquer” approach that traditional app development does not.
Ultimately, a Docker container packages up everything an application needs to run: the app’s code, the OS, libraries, system tools, and more. Containers are built from Docker images, which can be thought of as read-only templates that define your application and its dependencies. To turn these images into containerized apps, Docker adds a read-write file system on top of the image’s read-only system.
For all of the advantages Docker containers offer to DevOps teams, they also change how log management is done. In Docker, effective logging includes log events from the host OS, the application, and the Docker platform.
There are several methods for capturing logs in a Docker environment, each with their own advantages. Which one works best for you will depend on your application environment and unique needs.
An application inside a Docker container can use a logging framework to manage the logging process. This allows a user to bypass Docker and the host OS, logging events to a remote server, and it offers more control over the logging event.
However, it also adds significant overhead to the app processes. If you can benefit from using the app’s logging framework and do not want to add log functionality to the host, this might be an effective method for you.
When a container shuts down, it loses its data. To retain log events, those events need to be sent elsewhere. This can be an external logging service, or it can be a data volume: a directory within the container that is linked to the host machine.
Saving log events to a data volume helps ensure that log data doesn’t get lost when the container shuts down. It also makes the log data available for sharing with other containers.
Docker included logging drivers on their platform, and these drivers offer some performance advantages over other methods because they bypass the need to read or write from log files. Instead, the logging driver reads events straight from the container’s output and forwards them to the host.
This may not, however, be a reliable method for many users, as it does not allow for log parsing.
You can deploy a dedicated container to manage log events within the Docker environment. This eliminates dependency on a host for log events and scales automatically without requiring any additional configuration.
If you are using Docker for containerized app development, you may want to start exploring your options for logging from the platform and using log data to enhance your apps and the development process. Many Sumo Logic customers have adopted the Docker platform, and some have offered insights in to how they manage their logs, using Sumo Logic to automate log analysis and make the most of their data.
Check out these methods we’ve compiled for collecting Docker logs and pushing them to the Sumo Logic platform. These techniques can help you get ideas about how to work with logs in your own Docker environment.
Build, run, and secure modern applications and cloud infrastructures.Start free trial
The Amazon Web Services (AWS) Marketplace offers a large variety of commercial and open source offerings to augment software configuration and release within the AWS ecosystem. Sumo Logic's AWS Marketscape looks at the pros and cons of the most common configuration and release solutions from the Marketplace.