Skip to content

Log Aggregation

Basic Rule: Logspout can only collect data that gets written to stdout/-err of a container.

If you want to collect and analyze logging from files look into Filebeat.

Logspout

Image: gismbh/insight-logspout

Responsible to read everything logged in Docker and send it to Logstash. It needs access to the docker.socket.

Containers can opt-out of being traced with LOGSPOUT=ignore in their environment.

logspout:
 environment:
  LOGSPOUT: "ignore"
 image: gismbh/insight-logspout:${INSIGHT_VERSION}
 volumes:
  - /var/run/docker.sock:/var/run/docker.sock

Logstash

Image: gismbh/insight-logstash

Responsible to catch logs send to it by clients, analyze them and send them to Elasticsearch to be analyzed with Kibana.

When Filebeat should be used Logstash port 5600 must be reachable on the network.

logstash:
 environment:
  LOGSPOUT: "ignore"
 image: gismbh/insight-logstash:${INSIGHT_VERSION}
 links:
  - elastic:insight-es