No Logs in Log Folder

Hi All,

I am using the docker image for elasticsearch 5.5.2 and so far I have been able to set it up fine. Now I want to take a copy of the logs and do something with them. I mount a folder to the docker run command so that the log files are available to me outside of the container.

I have set "xpack.security.audit.enabled: true" and also added path.logs in the elasticsearch.yml file. (path.logs: "/usr/share/elasticsearch/logs") which is mounted to a external folder. (- -volume ~/documents/elasticsearch/logs:/usr/share/elasticsearch/logs). Also made sure that the elasticsearch user has permissions to the data and log folder (owned by root and chmod to 777 as it is only in dev).

When I go to the log folder on the host machine, it is empty also when I exec into the docker container and cd to /usr/share/elasticsearch/logs that is empty as well.

I have read the online documentation and I think I have covered everything. It also seems from the documentation that the logs should be saved automatically after changing the xpack.security.audit.enabled
Have I missed a setting with needs to be changed in order for the logs to be saved?

Logs should have been written even without those settings defined. Can you post here your Dockerfile? Also, what's the output of docker logs?

I assume that you're referring to the official Elastic images.

By default, the Elasticsearch and audit logs go to stdout: https://github.com/elastic/elasticsearch-docker/blob/5.5/build/elasticsearch/x-pack/log4j2.properties

You have to collect these logs via that, or override this behavior if you want something different.

Forget what I said. I was not aware that our Docker images would send only to stdout. Thanks @jasontedor

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.