Where does Docker keep log files? – CloudSavvy IT

Debugging most Linux programs usually involves checking log files, which can be a complicated process. When running in a container environment under Docker, you will need to use more specific tools for debugging applications in production.

Where are records stored?

The simple answer is that Docker stores container records in the main storage location, /var/lib/docker/. Each container has a record of their ID (the full ID, not the short ID that is usually displayed) and you can access it like this:


This where They are stored, but since they are in JSON format they are not easily readable and having to use the full container identifier is annoying. Docker provides a built-in command to watch them:

docker logs -f e4bd48ef3103

Here , -f The flag will keep the prompt open and “follow” any new entries in the file. You can also --tail file or use --timestamps To display the log time, or use --until And --since To filter based on time.

If you are using Docker Compose, you can use the log command from that to view all logs easily:

docker-compose logs

However, one thing you’ll notice is that this is STDOUT and STDERR, which is useful for many things, but only shows you the console output of the entry point defined by “CMD” in the Docker file. Many applications have their own custom logging systems, which often record files such as /var/log/nginx/access.log. Such records are still accessible on the host side via Docker.

View logs from applications inside containers

Depending on the container, this may not be necessary. For example, the default NGINX container is set up to send Docker logs to STDOUT to make log verification easier. It does this with a symbolic link from /dev/stdout to the log file, and you can set up something similar for your containers.

RUN ln -sf /dev/stdout /var/log/nginx/access.log 
&& ln -sf /dev/stderr /var/log/nginx/error.log

But, if you want to drag certain files inside a container, you can do that. Docker provides a file exec -it Command to allow you to run any command within any running Docker process. With this you can create a log file inside a Docker container:

docker exec -it e4bd48ef3103 tail -f log.txt

Because this allows you to run any command, you can use journalctl Or any other debugging strategies you want, as long as you start with them docker exec -it. You can even run /bin/bash If you want to jump and enter.

A permanent solution that plays better with host services is to use a Docker volume. You can link a directory like /var/log/nginx to a volume visible from the host. First, create a new volume:

docker volume create nginx-logs

and run the container with --mount:

docker run -d 
--name devtest 
--mount source=nginx-logs,target=/var/log/nginx 

If you are using Docker Compose, the process can be automated:

version: "3.0"
    image: nginx:latest
      - "80:80"
      - nginx-logs:/var/log/nginx/

This way, the log files will be directly ingestible by any log collection services on the host machine.

View Docker Daemon logs

If you instead want to display the logs for the global Docker service on your server, and not any particular container application, you will need to display journalctl records:

sudo journalctl -fu docker.service

This is where it is stored on most systems, but it’s in a different location on some:

  • Amazon Linux: /var/log/docker
  • CentOS/RHEL: /var/log/messages | grep docker
  • macOS: ~/Library/Containers/com.docker.docker/Data/log/vm/dockerd.log
  • windows: AppDataRoamingDockerlogvmdockerd.log
(Visited 3 times, 1 visits today)

Related posts