Docker LEMP stack: get your logs with rsyslog

February 21, 2018

Docker

Get your LEMP logs with Docker

In this post, i will explain howto collect your logs when you have a LEMP stack with Docker and rsyslog.

Change in /etc/php/7.0/fpm/php-fpm.conf :
```
error_log = /proc/self/fd/2
```
Change in /etc/php/7.0/fpm/pool.d/www.conf:
```
access.log = /proc/self/fd/2
```

Now restart your PHP container and you will see that all your PHP logs will display on your terminal.

Hints: if you use the official PHP docker image, no needs to change these parameters. They are already set

Change in /etc/nginx/nginx.conf:

access_log /dev/stdout;
error_log /dev/stderr;

	services:
	  web:
		image: "customer/nginx"
		container_name: web
		networks:
			- core
		ports:
      			- "80:80"
    		volumes:
      			- ./src/:/var/www/
    		logging:
      			driver: syslog
      			options:
        		 	syslog-address: "tcp://x.x.x.x:514"
        			syslog-format: rfc3164
        			tag: web

The import part is the last 6 lines :

driver: syslog : tell Docker which driver to use
syslog-address : put the address and port of your syslog server
syslog-format : the syslog message format to use
tag : A string that is appended to ‘APP-NAME’ in the syslog message. It’s important because we will use it to sort messages

As usual the Docker documentation is usefull.

We will do the same for our PHP container:

    logging:
      driver: syslog
      options:
        syslog-address: "tcp://127.0.0.1:514"
        syslog-format: rfc3164
        tag: php

For the MariaDB container :

    logging:
      driver: syslog
      options:
        syslog-address: "tcp://127.0.0.1:514"
        syslog-format: rfc3164
        tag: db

We will store our logs in ‘/var/log/docker/xxx’

Here is the rsyslog configuration file :

# Files locations
$template webaccess,"/var/log/docker/web/access/%timereported:0:10:date-rfc3339%.log"
$template weberror,"/var/log/docker/web/error/%timereported:0:10:date-rfc3339%.log"
$template php,"/var/log/docker/php/access/%timereported:0:10:date-rfc3339%.log"
$template phperror,"/var/log/docker/php/error/%timereported:0:10:date-rfc3339%.log"
$template mysql,"/var/log/docker/mysql/%timereported:0:10:date-rfc3339%.log"

# Nginx
if $programname == "web" and $syslogseverity-text == "info" then ?webaccess
& stop

if $programname == "web" and $syslogseverity-text == "error" then ?weberror
& stop

# PHP
if $programname == "php" and $syslogseverity-text == "info" then ?php
& stop
if $programname == "php" and $syslogseverity-text == "error" then ?phperror
& stop

# MySQL
if $programname == "db" then ?mysql
& stop

./mysql: total 24K -rw-r—– 1 root adm 21K Feb 23 15:15 2018-02-23.log

./php: total 8.0K drwxr-xr-x 2 root root 4.0K Feb 23 15:23 access drwxr-xr-x 2 root root 4.0K Feb 23 14:09 error

./php/access: total 0

./php/error: total 4.0K -rw-r—– 1 root adm 561 Feb 23 15:15 2018-02-23.log

./web: total 4.0K drwxr-xr-x 2 root root 4.0K Feb 23 14:02 access

./web/access: total 4.0K -rw-r—– 1 root adm 820 Feb 23 14:09 2018-02-23.log


Everything is fine (not for me because I have a php error file). 

Now you can use your LEMP stack and check your logs if you have some problems.

Enjoy 😉

Use constraints with Swarm

September 4, 2018

Docker

Setup a Let's encrypt certificate with Traefik

May 23, 2018

Docker traefik

Traefik for the beginners

May 4, 2018