Docker is a lightweight open platform that provides a way to package applications in containers for a software development environment.
You can add the following types of Docker Sources to an Installed Collector:
Docker Logs. Collects stdout/stderr logs from processes that are running within Docker containers.
Docker Stats. Collects metrics about Docker containers.
Notes regarding Docker Sources
- We recommend running the Sumo Logic Collector process on the same host where you run Docker. You may deploy the Sumo Logic Collector agent as a Docker container. https://hub.docker.com/r/sumologic/collector/
- The Sumo Logic Collector uses the Docker Remote API to collect Docker logs. But this only works when the log driver configured on the container uses either the json-file or journald option, as described in https://docs.docker.com/engine/admin/logging/overview/.
Add a Docker Source
In Sumo Logic select Manage Data > Collection > Collection (Manage > Collection in the classic UI).
Locate the Collector for which you want to add a Docker Source, and select Add > Add Source.
Click Docker Logs or Docker Stats.
Specify these settings. The settings are the same for Docker Logs and Docker Stats.
Name. Enter a name for the Source.
Description. Enter a text description.
URI. Enter the URI of the Docker daemon.
Same host (typically applies for Linux hosts). If your Collector agent runs on the same host as Docker containers, use the non-networked unix socket:
Remote access (typically applies for hosts on Mac or Windows where the docker process runs within a VM and the Collector agent runs outside of the Docker host). Run the
docker-machinecommand to find the Docker environment variables.
$ docker-machine env <machine-name>
$ docker-machine env default export DOCKER_TLS_VERIFY="1" export DOCKER_HOST="tcp://192.168.99.100:2376" export DOCKER_CERT_PATH="/Users/sumo/.docker/machine/machines/default" export DOCKER_MACHINE_NAME="default" # Run this command to configure your shell: # eval "$(docker-machine env default)"
httpsin the DOCKER_HOST environment variable, for example, this is the URI:
Cert path. (Required for remote access only) Enter the path to the certificate files on the local machine where the Collector is running. Following the example above, the cert path is
Collect from/Containers. You can select all containers or enter a comma-separated list of container filters. By default, you can collect from up to 40 containers. If you need to increase the limit, edit the collector.properties file and change the value of
docker.maxPerContainerConnections. The maximum supported value is 100.
A container filter can be any of the following:
A specific container name (example:
A wildcarded filter (example:
An exclusion indicated by an exclamation mark (example:
For example, if your comma separated list looks like this:
prod-*, !prod-*-mysql, master-*-app-*, sumologic-collector
The source will collect all containers with names that start with
prod- except the ones that match
prod-*-mysql. It will also collect from containers with names that match
master-*-app-*, and the container
If your list contains only exclusions, the source will collect all containers excluding the containers matching your exclusion filters. For example:
This list will allow the source to filter out all containers matching
Source host. Enter the hostname or IP address of the Source host. If not specified, it’s assumed that the host is the machine where Docker is running. The hostname can be a maximum of 128 characters.
Source category. Enter the Sumo Logic Source category (such as OS_Security).
5. Click Save.