Managing (too) lafrge logs and maybe using syslog for container output

Hi, need a little help please.

Container logs are expanding quickly.
I know I could manage using logging options, but that would require a container restart afaik - not an option atm
If I had access to the directory tree I could truncate the log easily enough, but that needs a CHG to grant the extended permissions restricted environment, no access to the/var/lib/docker directory tree).
Unless there’s another way around I think I’m stuck with one of the two options to control the current situation.

Going forward it would be useful to write selected container logs to the host syslog (or a remote syslog). I’ve played with this but hitting issues. Current config:
driver: “syslog”
syslog-address: “udp://”
tag: “{{.Name}}/{{.ID}}”
The container starts ok, but host syslog gets the message:
dockerd[755287]: time=“2023-03-22T14:50:25.626510207Z” level=info msg=“Configured log driver does not support reads, enabling local file cache for container logs” container=f4aba6094c6a1865bcdebdeaee9104c8f4a1ce4fea08e2313912aef2ca53fc07 driver=syslog

sudo docker inspect -f ‘{{.HostConfig.LogConfig}}’ mycontainer
{syslog map[syslog-address:udp:// tag:{{.Name}}/{{.ID}}]}

Is there something I’ve missed ? Searching suggests using /etc/daemon.json but from what I can tell that just changes the default driver - and we don’t have access to it anyway


Make sure rsyslog is configured to accept udp:


$ModLoad imudp
$UDPServerRun 514