Greetings,

I am very new to Docker and I am impressed with what I am seeing so far but I need some help. One of our vendors has delivered its application as Docker containers. I need to get better logging setup so that the application logs are in our central log repository for alerting and so on. Is it possible to setup a default host wide log driver and not have to setup it up per container?

We are using Splunk but our vendor can only support Docker 1.09 so I understand the Splunk log driver is not an option, but syslog forwarding is just fine.

We could do forwarding to remote syslog or to the local journald and then have rsyslog forward the data out to Splunk.

I see an option to set the docker daemon log driver which is either json or journald. Would that option cover all containers or do I need to set the log driver for each container as well? Is syslog an option for the daemon driver?

Thanks!

Please refer

One thing to note is that when you set the logging driver options on the daemon, that just sets a default logging driver. It won’t change existing containers drivers, and individual containers can still be created with other logging configurations explicitly.