I’d like to use a Docker logging driver to take the logs from the many DTR containers and send them elsewhere–in my case Splunk. I would be able do my own analytics on activity, and see issues as they are happening.
I see the “dtr reconfigure” option
–log-host Endpoint to send logs to, required if –log-protocol is tcp or udp
–log-level Log level for container logs. Default: INFO
–log-protocol The protocol for sending container logs: tcp, tcp+tls, udp or internal. Default: internal
Is it safe to assume i cannot use other docker engine logging drivers and should only use tcp/ucp (syslog, i’d assume)?
Also… i know all the logs are right now “internal”. If i change the logging config, does DTR ship the whole pile of logs that are internal, out via TCP, or just new logs?