我的目标

我在主机中运行着几个不同的容器.它们都与彼此的/ dev / log套接字共享一个卷.主机将这些日志转发到中央日志服务器.其他所有容器日志都显示在主机的/ var / log / messages中.其他容器是python程序,它允许日志记录直接附加到/ dev / log unix域套接字.

基本配置

我有一个从jar文件运行scala应用程序的docker容器. / dev / log套接字在主机和容器之间作为卷共享.该应用程序的log4j.properties文件对我来说似乎不错,并且设置如下：

# Root logger option
log4j.rootLogger=INFO,file,stdout,SYSLOG
# Direct log messages to a log file
log4j.appender.file=org.apache.log4j.RollingFileAppender
log4j.appender.file.File=log/associationRules.log
log4j.appender.file.MaxFileSize=10MB
log4j.appender.file.MaxBackupIndex=10
log4j.appender.file.layout=org.apache.log4j.PatternLayout
log4j.appender.file.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} [%c{1}:%L] %-5p <%X{jobID}> %m%n
# Direct log messages to stdout
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.Target=System.out
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} [%c{1}:%L] %-5p <%X{jobID}> %m%n
# Log to syslog
log4j.appender.SYSLOG=org.apache.log4j.net.SyslogAppender
log4j.appender.SYSLOG.syslogHost=localhost
log4j.appender.SYSLOG.layout=org.apache.log4j.PatternLayout
log4j.appender.SYSLOG.layout.conversionPattern=%d{yyyy-MM-dd HH:mm:ss} [%c{1}:%L] %-5p <%X{jobID}> %m%n
log4j.appender.SYSLOG.Facility=LOCAL0
log4j.appender.SYSLOG.Threshold=debug
log4j.appender.SYSLOG.FacilityPrinting=true

标准输出和文件日志正确完成,但是SYSLOG似乎无法正常工作.日志显示在容器的/ var / log / syslog中,但不显示在主机的/ var / log / messages中.我以为SyslogAppender也会输出到/ dev / log,但似乎并没有这样做.

额外细节

这是我在容器的/ var / log / syslog中获得的输出.我看到imuxsock无法运行的一些问题,但我不明白日志如何存储在/ var / log / syslog上.最后两行来自应用程序,与stdout和文件附加程序一致

Jul  6 18:07:18 26056b722779 rsyslogd: [origin software="rsyslogd" swVersion="7.4.4" x-pid="25" x-info="http://www.rsyslog.com"] start
Jul  6 18:07:18 26056b722779 rsyslogd: cannot create '/dev/log': Address already in use
Jul  6 18:07:18 26056b722779 rsyslogd: imuxsock does not run because we could not aquire any socket
Jul  6 18:07:18 26056b722779 rsyslogd-3000: activation of module imuxsock Failed
Jul  6 18:07:18 26056b722779 rsyslogd: imklog: cannot open kernel log (/proc/kmsg): Operation not permitted.
Jul  6 18:07:18 26056b722779 rsyslogd-2145: activation of module imklog Failed [try http://www.rsyslog.com/e/2145 ]
Jul  6 18:07:19 localhost local0: 2015-07-06 18:07:19 [AssocApp$:112] INFO  <Undefined> Listening to queue ASSOCIATIONRULES 
Jul  6 18:07:19 localhost local0: 2015-07-06 18:07:19 [AssocApp$:113] INFO  <Undefined> Listening to queue ASSOCIATIONRULES

容器的基本映像是ubuntu 14.04,安装了java.在dockerfile中,该容器映像的My CMD为：

CMD sudo service rsyslog start; java -cp /root/AssociationRules.jar AssocApp

然后像这样启动容器：

docker run -d -v /dev/log:/dev/log <IMAGE> 

/etc/rsyslog.conf

#################
#### MODULES ####
#################
$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog   # provides kernel logging support
#$ModLoad immark  # provides --MARK-- message capability
# provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514
# provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
# Enable non-kernel facility klog messages
$KLogPermitNonKernelFacility on
###########################
#### GLOBAL DIRECTIVES ####
###########################
#
# Use traditional timestamp format.
# To enable high precision timestamps,comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# Filter duplicated messages
$RepeatedMsgReduction on
#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
#$PrivDropToUser syslog
#$PrivDropToGroup syslog
#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog
#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf
$ModLoad imudp
$UDPServerRun 514

和/etc/rsyslog.d/50-default.conf

auth,authpriv.*                 /var/log/auth.log                                                                                    
*.*;auth,authpriv.none          -/var/log/syslog                                                                                     
#cron.*                         /var/log/cron.log                                                                                    
#daemon.*                       -/var/log/daemon.log                                                                                 
kern.*                          -/var/log/kern.log                                                                                   
#lpr.*                          -/var/log/lpr.log                                                                                    
mail.*                          -/var/log/mail.log                                                                                   
#user.*                         -/var/log/user.log
#
# Logging for the mail system.  Split it up so that
# it is easy to write scripts to parse these files.
#
#mail.info                      -/var/log/mail.info
#mail.warn                      -/var/log/mail.warn
mail.err                        /var/log/mail.err
#
# Logging for INN news system.
#
news.crit                       /var/log/news/news.crit
news.err                        /var/log/news/news.err
news.notice                     -/var/log/news/news.notice
#
# Some "catch-all" log files.
#
#*.=debug;\
#       auth,authpriv.none;\
#       news.none;mail.none     -/var/log/debug
#*.=info;*.=notice;*.=warn;\
#       auth,authpriv.none;\
#       cron,daemon.none;\
#       mail,news.none          -/var/log/messages
#
# Emergencies are sent to everybody logged in.
#
*.emerg                                :omusrmsg:*
#
# I like to have messages displayed on the console,but only on a virtual
# console I usually leave idle.
#
#daemon,mail.*;\
#       news.=crit;news.=err;news.=notice;\
#       *.=debug;*.=info;\
#       *.=notice;*.=warn       /dev/tty8
# The named pipe /dev/xconsole is for the `xconsole' utility.  To use it,# you must invoke `xconsole' with the `-file' option:
# 
#    $xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below,or you'll go crazy if you have a reasonably
#      busy site..
#
daemon.*;mail.*;\
        news.err;\
        *.=debug;*.=info;\
        *.=notice;*.=warn       |/dev/xconsole