docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
docs/ee/ucp/admin/configure/_site/store-logs-in-an-external-s...

62 lines
2.2 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<p>You can configure UCP for sending logs to a remote logging service:</p>
<ol>
<li>Log in to UCP with an administrator account.</li>
<li>Navigate to the <strong>Admin Settings</strong> page.</li>
<li>Set the information about your logging server, and click
<strong>Save</strong>.</li>
</ol>
<p><img src="../../images/configure-logs-1.png" alt="" class="with-border" /></p>
<blockquote class="important">
<p>External system for logs</p>
<p>Administrators should configure Docker EE to store logs using an external
system. By default, the Docker daemon doesnt delete logs, which means that
in a production system with intense usage, your logs can consume a
significant amount of disk space.</p>
</blockquote>
<h2 id="example-setting-up-an-elk-stack">Example: Setting up an ELK stack</h2>
<p>One popular logging stack is composed of Elasticsearch, Logstash, and
Kibana. The following example demonstrates how to set up an example
deployment which can be used for logging.</p>
<pre><code class="language-none">docker volume create --name orca-elasticsearch-data
docker container run -d \
--name elasticsearch \
-v orca-elasticsearch-data:/usr/share/elasticsearch/data \
elasticsearch elasticsearch -Enetwork.host=0.0.0.0
docker container run -d \
-p 514:514 \
--name logstash \
--link elasticsearch:es \
logstash \
sh -c "logstash -e 'input { syslog { } } output { stdout { } elasticsearch { hosts =&gt; [ \"es\" ] } } filter { json { source =&gt; \"message\" } }'"
docker container run -d \
--name kibana \
--link elasticsearch:elasticsearch \
-p 5601:5601 \
kibana
</code></pre>
<p>Once you have these containers running, configure UCP to send logs to
the IP of the Logstash container. You can then browse to port 5601 on the system
running Kibana and browse log/event entries. You should specify the “time”
field for indexing.</p>
<p>When deployed in a production environment, you should secure your ELK
stack. UCP does not do this itself, but there are a number of 3rd party
options that can accomplish this, like the Shield plug-in for Kibana.</p>
<h2 id="where-to-go-next">Where to go next</h2>
<ul>
<li><a href="restrict-services-to-worker-nodes.md">Restrict services to worker nodes</a></li>
</ul>
Reference in New Issue View Git Blame Copy Permalink