Location of docker logs in Ubuntu Linux Mint - docker

I am able to find my application logs using docker logs --follow containerId
But which is the physical location of these logs?
I used this link, But nothing is useful: Where is the Docker daemon log?
Thanks,
Harry

Those aren't the docker daemon logs. Those are normally stored in JSON files unless otherwise specified by the driver you select for logging.
They're normally stored in :
/var/lib/docker/containers/<container id>/<container id>-json.log
But you can verify with
docker inspect <container> | grep LogPath

Docker native command to find log location for any container docker inspect --format={{.LogPath}} <ContainerName>
ContainerId can also be used if needed to

Related

Azure IoT Edge module log location

Where are the logs exposed by the iotedge logs <container> command stored?
Where would that be generally on Linux?
Simply do a docker inspect <Container ID> and under LogPath you will get the current location of the container. E.g. for EdgeHub on my machine: LogPath:
/var/lib/docker/containers/f8ecdf408f94f5627ac635223ce89dd9b1433705f342d548e09863cedf0fc950/f8ecdf408f94f5627ac635223ce89dd9b1433705f342d548e09863cedf0fc950-json.log
By default, they are stored in /var/lib/docker/containers//-json.log.

How to docker container logs to a local file?

I need to look up into docker logs for some days ago and checking by docker service logs SERVICE | grep WHAT_I_NEED takes forever so I want to download the container logs from docker swarm and check those locally. I found that the container logs in Swarm can be found by:
docker inspect --format='{{.LogPath}}' $INSTANCE_ID
but I can't find a way to download the log from the location.
Doing: docker cp CONTAINER_ID:/var/lib/docker/containers/ABC/ABC-json.log ./ tells me that the path is not present. I understand that this path is in Swarm but then how to get the log from the container itself? Or is there another way to copy this file directly to a local file?
Try running this one from your terminal:
docker logs your_container_name 2> file.log
This will redirect the container logs to the local file file.log

How can I see which user launched a Docker container?

I can view the list of running containers with docker ps or equivalently docker container ls (added in Docker 1.13). However, it doesn't display the user who launched each Docker container. How can I see which user launched a Docker container? Ideally I would prefer to have the list of running containers along with the user for launched each of them.
You can try this;
docker inspect $(docker ps -q) --format '{{.Config.User}} {{.Name}}'
Edit: Container name added to output
There's no built in way to do this.
You can check the user that the application inside the container is configured to run as by inspecting the container for the .Config.User field, and if it's blank the default is uid 0 (root). But this doesn't tell you who ran the docker command that started the container. User bob with access to docker can run a container as any uid (this is the docker run -u 1234 some-image option to run as uid 1234). Most images that haven't been hardened will default to running as root no matter the user that starts the container.
To understand why, realize that docker is a client/server app, and the server can receive connections in different ways. By default, this server is running as root, and users can submit requests with any configuration. These requests may be over a unix socket, you could sudo to root to connect to that socket, you could expose the API to the network (not recommended), or you may have another layer of tooling on top of docker (e.g. Kubernetes with the docker-shim). The big issue in that list is the difference between the network requests vs a unix socket, because network requests don't tell you who's running on the remote host, and if it did, you'd be trusting that remote client to provide accurate information. And since the API is documented, anyone with a curl command could submit a request claiming to be a different user.
In short, every user with access to the docker API is an anonymized root user on your host.
The closest you can get is to either place something in front of docker that authenticates users and populates something like a label. Or trust users to populate that label and be honest (because there's nothing in docker validating these settings).
$ docker run -l "user=$(id -u)" -d --rm --name test-label busybox tail -f /dev/null
...
$ docker container inspect test-label --format '{{ .Config.Labels.user }}'
1000
Beyond that, if you have a deployed container, sometimes you can infer the user by looking through the configuration and finding volume mappings back to that user's home directory. That gives you a strong likelihood, but again, not a guarantee since any user can set any volume.
I found a solution. It is not perfect, but it works for me.
I start all my containers with an environment variable ($CONTAINER_OWNER in my case) which includes the user. Then, I can list the containers with the environment variable.
Start container with environment variable
docker run -e CONTAINER_OWNER=$(whoami) MY_CONTAINER
Start docker compose with environment variable
echo "CONTAINER_OWNER=$(whoami)" > deployment.env # Create env file
docker-compose --env-file deployment.env up
List containers with the environment variable
for container_id in $(docker container ls -q); do
echo $container_id $(docker exec $container_id bash -c 'echo "$CONTAINER_OWNER"')
done
As far as I know, docker inspect will show only the configuration that
the container started with.
Because of the fact that commands like entrypoint (or any init script) might change the user, those changes will not be reflected on the docker inspect output.
In order to work around this, you can to overwrite the default entrypoint set by the image with --entrypoint="" and specify a command like whoami or id after it.
You asked specifically to see all the containers running and the launched user, so this solution is only partial and gives you the user in case it doesn't appear with the docker inspect command:
docker run --entrypoint "" <image-name> whoami
Maybe somebody will proceed from this point to a full solution (:
Read more about entrypoint "" in here.
If you are used to ps command, running ps on the Docker host and grep with parts of the process your process is running. For example, if you have a Tomcat container running, you may run the following command to get details on which user would have started the container.
ps -u | grep tomcat
This is possible because containers are nothing but processes managed by docker. However, this will only work on single host. Docker provides alternatives to get container details as mentioned in other answer.
this command will print the uid and gid
docker exec <CONTAINER_ID> id
ps -aux | less
Find the process's name (the one running inside the container) in the list (last column) and you will see the user ran it in the first column

Docker log (driver json-file) location for Docker for windows

I want to locate a container's log location.
I use Docker Desktop for Windows
I know that on linux they are at /var/lib/docker/containers/
But where is it. Is it hidden away somewhere in an inaccessible VM?
Windows 10 + WSL 2 (Ubuntu 20.04), Docker version 20.10.2, build 2291f61
Logging Driver
docker info --format '{{.LoggingDriver}}'
'json-file'
Docker Inspect LogPath
docker inspect --format='{{.LogPath}}' <Some_Container_id>
'/var/lib/docker/containers/bb69ae7df957c5f8c8b6d63372aa9cf9b94fa6ef0e44ccecbccb6d190baadb51/bb69ae7df957c5f8c8b6d63372aa9cf9b94fa6ef0e44ccecbccb6d190baadb51-json.log'
Docker Artifacts are stored in following location
DOCKER_ARTIFACTS == \\wsl$\docker-desktop-data\version-pack-data\community\docker
Location of container logs
DOCKER_ARTIFACTS\containers\[Your_container_ID]\[Your_container_ID]-json.log
Here is an example:
On windows you can find the containers logs inside:
C:\ProgramData\docker\containers\[Your_container_ID]\[Your_container_ID]-json.log
For windows , the container storage is the Hyper V's virtual Hard disk.You would have to connect to that hard disk to get the container logs.
See this lonk for more details :https://forums.docker.com/t/where-are-images-stored/9794/7

View logs for all docker containers simultaneously

I currently use docker for my backend, and when I first start them up with
docker-compose up
I get log outputs of all 4 dockers at once, so I can see how they are interacting with each other when a request comes in. Looking like this, one request going from nginx to couchdb
The issue is now that I am running on GCE with load balancing, when a new VM spins up, it auto starts the dockers and runs normally, I would like to be able to access a load balanced VM and view the live logs, but I can not get docker to allow me this style, when I use logs, it gives me normal all white font with no label of where it came from.
Using
docker events
does nothing, it won't return any info.
tldr; what is the best way to obtain a view, same as the log output you get when running "docker-compose up"
If using docker-compose, you use
docker-compose logs --tail=0 --follow
instead of
docker logs --tail=0 --follow
This will get the output I was originally looking for.
You can see the logs for all running containers with
docker ps -q | xargs -L 1 docker logs
In theory this might work for the --follow too if xargs is ran with -P <count>, where the count is higher than the number of running containers.
I use a variation of this to live tail (--follow) all logs and indicate which log is tailing at the time. This bash includes both stdout and stderr. Note you may need to purge the /tmp dir of *.{log,err} afterwards.
for c in $(docker ps -a --format="{{.Names}}")
do
docker logs -f $c > /tmp/$c.log 2> /tmp/$c.err &
done
tail -f /tmp/*.{log,err}
Hope this helps. Logging has become so problematic these days, and other get-off-my-lawn old man rants...
Try "watch"
Here's a quick and dirty multitail/xtail for docker containers.
watch 'docker ps --format "{{.Names}}" | sort | xargs --verbose --max-args=1 -- docker logs --tail=8 --timestamps'
How this works:
watch to run every few seconds
docker ps --format "{{.Names}}" to get the names of all running containers
sort to sort them
xargs to give these names to docker logs:
docker logs to print the actual logs
Adjust parameter "--tail=8" as needed so that everything still fits on one screen.
The "xargs" methods listed above (in another user's answer) will stop working as containers are stopped and restarted. This "watch" method here does not have that problem. (But it's not great either.)
If you are using Docker Swarm, you can find your services by
docker service ls
Grap the id, and then run
docker service logs $ID -f
if the service is defined with tty: true, then you must run with the --raw flag. Notice, this wont tell you which container is giving the outputted log entry.

Resources