docs/reference/loggingplugin/log-driver-configuration.md
Use the following options to configure the Elastic Logging Plugin for Docker. You can pass these options with the --log-opt flag when you start a container, or you can set them in the daemon.json file for all containers.
To set configuration options when you start a container:
docker run --log-driver=elastic/elastic-logging-plugin:{{version.stack}} \
--log-opt hosts="https://myhost:9200" \
--log-opt user="myusername" \
--log-opt password="mypassword" \
-it debian:jessie /bin/bash
To set configuration options for all containers in the daemon.json file:
{
"log-driver" : "elastic/elastic-logging-plugin:{{version.stack}}",
"log-opts" : {
"hosts" : "https://myhost:9200",
"user" : "myusername",
"password" : "mypassword"
}
}
For more examples, see Usage examples.
| Option | Description |
|---|---|
cloud_id | The Cloud ID found in the Elastic Cloud web console. This ID isused to resolve the {{stack}} URLs when connecting to {{ech}}. |
cloud_auth | The username and password combination for connecting to {{ech}}. Theformat is "username:password". |
| Option | Default | Description |
|---|---|---|
hosts | "localhost:9200" | The list of {{es}} nodes to connect to. Specify each node as a URL orIP:PORT. For example: http://192.0.2.0, https://myhost:9230 or192.0.2.0:9300. If no port is specified, the default is 9200. |
user | The basic authentication username for connecting to {{es}}. | |
password | The basic authentication password for connecting to {{es}}. | |
index | A format stringvalue that specifies the index to write events to when you’re using dailyindices. For example: "dockerlogs-%{+yyyy.MM.dd}". | |
| Advanced: | ||
name | testbeat | A custom value that will be inserted into the document as agent.name.If not set, it will be the hostname of Docker host. |
backoff_init | 1s | The number of seconds to wait before trying to reconnect to {{es}} aftera network error. After waiting backoff.init seconds, the Elastic Logging Plugintries to reconnect. If the attempt fails, the backoff timer is increasedexponentially up to backoff.max. After a successful connection, the backofftimer is reset. |
backoff_max | 60s | The maximum number of seconds to wait before attempting to connect to{{es}} after a network error. |
api_key | Instead of using usernames and passwords,you can use API keys to secure communication with {{es}}. | |
pipeline | A format string value that specifies the {{es}} ingest pipeline to write events to. | |
timeout | 90 | The http request timeout in seconds for the Elasticsearch request. |
proxy_url | The URL of the proxy to use when connecting to the Elasticsearch servers. Thevalue may be either a complete URL or a host[:port], in which case the httpscheme is assumed. If a value is not specified through the configuration filethen proxy environment variables are used. See theGo documentationfor more information about the environment variables. |
This plugin fully supports docker logs, and it maintains a local copy of logs that can be read without a connection to Elasticsearch. The plugin mounts the /var/lib/docker directory on the host to write logs to /var/log/containers on the host. If you want to change the log location on the host, you must change the mount inside the plugin:
Disable the plugin:
docker plugin disable elastic/elastic-logging-plugin:{{version.stack}}
Set the bindmount directory:
docker plugin set elastic/elastic-logging-plugin:{{version.stack}} LOG_DIR.source=NEW_LOG_LOCATION
Enable the plugin:
docker plugin enable elastic/elastic-logging-plugin:{{version.stack}}
The local log also supports the max-file, max-size and compress options that are a part of the Docker default file logger. For example:
docker run --log-driver=elastic/elastic-logging-plugin:{{version.stack}} \
--log-opt hosts="myhost:9200" \
--log-opt user="myusername" \
--log-opt password="mypassword" \
--log-opt max-file=10 \
--log-opt max-size=5M \
--log-opt compress=true \
-it debian:jessie /bin/bash
In situations where logs can’t be easily managed, for example, you can also configure the plugin to remove log files when a container is stopped. This will prevent you from reading logs on a stopped container, but it will rotate logs without user intervention. To enable removal of logs for stopped containers, you must change the DESTROY_LOGS_ON_STOP environment variable:
Disable the plugin:
docker plugin disable elastic/elastic-logging-plugin:{{version.stack}}
Enable log removal:
docker plugin set elastic/elastic-logging-plugin:{{version.stack}} DESTROY_LOGS_ON_STOP=true
Enable the plugin:
docker plugin enable elastic/elastic-logging-plugin:{{version.stack}}