Docker Community Forums

Share and learn in the Docker community.

Suppress certain logs with syslog driver

Hello.

I need to suppress certain logs that flood my log server with the same errors.

Is this possible at the syslog level? Maybe allow every 1/1000 messages matching a certain regex to be sent to the log server?

Thanks

To use the syslog driver as the default logging driver, set the log-driver and log-opt keys to appropriate values in the daemon.json file, which is located in /etc/docker/ on Linux hosts or C:\ProgramData\docker\config\daemon.json on Windows Server. For more about configuring Docker using daemon.json, see daemon.json.

The following example sets the log driver to syslog and sets the syslog-address option. The syslog-address options supports both UDP and TCP; this example uses UDP.

{
“log-driver”: “syslog”,
“log-opts”: {
“syslog-address”: “udp://1.2.3.4:1111”
}
}
Restart Docker for the changes to take effect.

Note

log-opts configuration options in the daemon.json configuration file must be provided as strings. Numeric and boolean values (such as the value for syslog-tls-skip-verify) must therefore be enclosed in quotes (").

You can set the logging driver for a specific container by using the --log-driver flag to docker container create or docker run:

docker run
–log-driver syslog --log-opt syslog-address=udp://1.2.3.4:1111
alpine echo hello world