From f33b8241921ee904d87ef4a6b1ad54b86d02df84 Mon Sep 17 00:00:00 2001 From: Pascal Gollor Date: Tue, 23 May 2017 12:39:10 +0200 Subject: [PATCH 1/2] use `daemon.json` for configuration --- docs/firststeps-syslog.md | 37 ++++++++++++++++++------------------- 1 file changed, 18 insertions(+), 19 deletions(-) diff --git a/docs/firststeps-syslog.md b/docs/firststeps-syslog.md index 2cd29ec50..edd809401 100644 --- a/docs/firststeps-syslog.md +++ b/docs/firststeps-syslog.md @@ -1,4 +1,4 @@ -Enable Rsyslog to receive logs on 524/tcp: +Enable Rsyslog to receive logs on 524/tcp at `rsyslog.conf`: ``` # This setting depends on your Rsyslog version and configuration format. @@ -21,32 +21,31 @@ Restart rsyslog after enabling the TCP listener. Now setup Docker daemon to start with the syslog driver. This enables the syslog driver for all containers! -Debian users can change the startup configuration in `/etc/default/docker` while CentOS users find it in `/etc/sysconfig/docker`: +Linux users can add or change the configuration in `/etc/docker/daemon.json`. Windows users please have a look at the [docker documentation](https://docs.docker.com/engine/reference/commandline/dockerd//#windows-configuration-file) : ``` +{ ... -DOCKER_OPTS="--log-driver=syslog --log-opt syslog-address=tcp://127.0.0.1:524" + "log-driver": "syslog", + "log-opts": { + "syslog-address": "tcp://127.0.0.1:524" + } ... +} + ``` -!!! warning - For some reason Ubuntu 16.04 and some, but not all, systemd based distros do not read the defaults file parameters. - -Just run `systemctl edit docker.service` and add the following content to fix it. - !!! info - If "systemctl edit" is not available, just copy the content to `/etc/systemd/system/docker.service.d/override.conf`. - -The first empty ExecStart parameter is not a mistake. - -``` -[Service] -EnvironmentFile=/etc/default/docker -ExecStart= -ExecStart=/usr/bin/docker daemon -H fd:// $DOCKER_OPTS -``` - + If you prefere the udp protocol use: + ``` + $ModLoad imudp + $UDPServerRun 524 + ``` + + at `rsyslog.conf` and `"syslog-address": "udp://127.0.0.1:524"` at `daemon.json`. + Restart the Docker daemon and run `docker-compose down && docker-compose up -d` to recreate the containers. + ### Fail2ban **This is a subsection of "Log to Syslog", which is required for Fail2ban to work.** From 5d8bed62229c2f2965c8aa1d34a6859a037ced51 Mon Sep 17 00:00:00 2001 From: Pascal Gollor Date: Tue, 23 May 2017 12:40:54 +0200 Subject: [PATCH 2/2] fix formatting --- docs/firststeps-syslog.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/firststeps-syslog.md b/docs/firststeps-syslog.md index edd809401..06687506e 100644 --- a/docs/firststeps-syslog.md +++ b/docs/firststeps-syslog.md @@ -36,6 +36,7 @@ Linux users can add or change the configuration in `/etc/docker/daemon.json`. Wi !!! info If you prefere the udp protocol use: + ``` $ModLoad imudp $UDPServerRun 524