Any best practices to getting the fleet logs into a file for

Question

Any best practices to getting the fleet logs into a file for logging I m running fleet in a docker container and i can view the logs with the docker log f command How can they be ported to a file on the local host I tried starting the container with log dirver syslog but nothing Is it a formatting issue

sundsta · Answer

Most logging platforms have a way to monitor the stdout stderr logs in your containers The setup instructions will depend on what platform you re using

Sal · Answer

Thanks the only option I have is to dump to syslog or a file

seph · Answer

I m a little confused by the question If fleet is in docker than it can only write to files inside docker I don t know much about docker log shipping

seph · Answer

Are these fleet administrative logs or osquery result logs

Sal · Answer

They are fleet logs not results or status logs

Sal · Answer

similar to ```level=info ts=2020 09 29T05 17 51 328659802Z component=service method=EnrollAgent ip addr=10 124 237 153 34884 x for ip addr= err= save enroll failed inserting Error 1205 Lock wait timeout exceeded try restarting transaction took=5m23 090762881s level=info ts=2020 09 29T05 17 51 46834596Z component=service method=EnrollAgent ip addr=10 124 237 148 38000 x for ip addr= err= save enroll failed inserting Error 1205 Lock wait timeout exceeded try restarting transaction took=2m49 583970117s```

seph · Answer

I m pretty sure those go to stderr How to capture and forward those is very init system dependent

Sal · Answer

Thanks < seph> i ll look into it further