Skip to main content
Sumo Logic

Docker Sources

Docker is a lightweight open platform that provides a way to package applications in containers for a software development environment. 

You can add the following types of Docker Sources to an Installed Collector:

  • Docker Logs. Collects stdout/stderr logs from processes that are running within Docker containers.

  • Docker Stats. Collects metrics about Docker containers.

Notes regarding Docker Sources

Add a Docker Source

  1. In Sumo Logic select Manage Data > Collection > Collection (Manage > Collection in the classic UI).

  2. Locate the Collector for which you want to add a Docker Source, and select Add > Add Source.

  3. Click Docker Logs or Docker Stats.

  4. Specify these settings. The settings are the same for Docker Logs and Docker Stats.

  • Name. Enter a name for the Source.

  • Description. Enter a text description.

  • URI. Enter the URI of the Docker daemon.

    • Same host (typically applies for Linux hosts). If your Collector agent runs on the same host as Docker containers, use the non-networked unix socket:

      unix:///var/run/docker.sock
    • Remote access (typically applies for hosts on Mac or Windows where the docker process runs within a VM and the Collector agent runs outside of the Docker host). Run the docker-machine command to find the Docker environment variables.

      $ docker-machine env <machine-name>

    Example:

    $ docker-machine env default
    export DOCKER_TLS_VERIFY="1"
    export DOCKER_HOST="tcp://192.168.99.100:2376"
    export DOCKER_CERT_PATH="/Users/sumo/.docker/machine/machines/default"
    export DOCKER_MACHINE_NAME="default"
    # Run this command to configure your shell: 
    # eval "$(docker-machine env default)"
    

    ​​Change tcp to https in the DOCKER_HOST environment variable, for example, this is the URI:

    https://192.168.99.100:2376
    
  • Cert path. (Required for remote access only) Enter the path to the certificate files on the local machine where the Collector is running. Following the example above, the cert path is /Users/sumo/.docker/machine/machines/default.

  • Collect from/Containers. You can select all containers or enter a comma-separated list of container filters. By default, you can collect from up to 40 containers. If you need to increase the limit, edit the collector.properties file and change the value of  docker.maxPerContainerConnections. The maximum supported value is 100.

A container filter can be any of the following:

  • A specific container name (example: my-container)

  • A wildcarded filter (example: my-container-*)

  • An exclusion indicated by an exclamation mark (example: !master-container or !prod-*)

For example, if your comma separated list looks like this:
prod-*, !prod-*-mysql, master-*-app-*, sumologic-collector
The source will collect all containers with names that start with prod- except the ones that match prod-*-mysql. It will also collect from containers with names that match master-*-app-*, and the container sumologic-collector.

If your list contains only exclusions, the source will collect all containers excluding the containers matching your exclusion filters. For example:
!container123*, !prod-*
This list will allow the source to filter out all containers matching container123* and prod-*.

  • Source host. Enter the hostname or IP address of the Source host. If not specified, it’s assumed that the host is the machine where Docker is running.  The hostname can be a maximum of 128 characters.

  • Source category. Enter the Sumo Logic Source category (such as OS_Security).
    Screen shot of input options

5. Click Save.