docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Clean up auditing/logging 

This refines our logging and auditing a bit to make
things easier to search for within kibana (or similar external systems)

See ./docs/logging.md for more details.
This commit is contained in:
Daniel Hiltgen 2015-12-03 13:35:43 -08:00 committed by Joao Fernandes
parent 2f3f331c5f
commit 84a11c4ffc
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
logging.md
View File

@ -59,7 +59,7 @@ docker run -d \
--name logstash \
--link elasticsearch:es \
logstash \
sh -c "logstash -e 'input { syslog { } } output { stdout { } elasticsearch { hosts => [ \"es\" ] } }'"
sh -c "logstash -e 'input { syslog { } } output { stdout { } elasticsearch { hosts => [ \"es\" ] } } filter { json { source => \"message\" } }'"
docker run -d \
--name kibana \
@ -68,6 +68,15 @@ docker run -d \
kibana
```
You can then browse to port 5601 on the system running kibana and browse log/event entries.
You can then browse to port 5601 on the system running kibana and browse log/event entries. You should specify the "time" field
for indexing.
Note: When deployed in production, you should secure kibana (not described in this doc)
## Example Searches
Here are a few examples demonstrating some ways to view the aggregated log data:
* `type:"api" AND (tags:"post" OR tags:"put" OR tags:"delete")` -- Show all the modifications on the system
* `username:"admin"` -- Show all access from a given user
* `type:"auth fail"` -- Show all authentication failures on the system