No Logs in Log Folder


(uber) #1

Hi All,

I am using the docker image for elasticsearch 5.5.2 and so far I have been able to set it up fine. Now I want to take a copy of the logs and do something with them. I mount a folder to the docker run command so that the log files are available to me outside of the container.

I have set "xpack.security.audit.enabled: true" and also added path.logs in the elasticsearch.yml file. (path.logs: "/usr/share/elasticsearch/logs") which is mounted to a external folder. (- -volume ~/documents/elasticsearch/logs:/usr/share/elasticsearch/logs). Also made sure that the elasticsearch user has permissions to the data and log folder (owned by root and chmod to 777 as it is only in dev).

When I go to the log folder on the host machine, it is empty also when I exec into the docker container and cd to /usr/share/elasticsearch/logs that is empty as well.

I have read the online documentation and I think I have covered everything. It also seems from the documentation that the logs should be saved automatically after changing the xpack.security.audit.enabled
Have I missed a setting with needs to be changed in order for the logs to be saved?


(Thiago Souza) #2

Logs should have been written even without those settings defined. Can you post here your Dockerfile? Also, what's the output of docker logs?


(Jason Tedor) #3

I assume that you're referring to the official Elastic images.

By default, the Elasticsearch and audit logs go to stdout: https://github.com/elastic/elasticsearch-docker/blob/5.5/build/elasticsearch/x-pack/log4j2.properties

You have to collect these logs via that, or override this behavior if you want something different.


(Thiago Souza) #4

Forget what I said. I was not aware that our Docker images would send only to stdout. Thanks @jasontedor


(system) #5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.