Hi all, I followed the instruction Chris posted above and added these parameters to my docker run: docker run --name guacamole --link guacd:guacd --link guac-mysql:mysql --log-driver=splunk \--log-opt splunk-token='.......' \--log-opt splunk-url='https://.....:8088' \........ But it times out:
docker: Error response from daemon: failed to initialize logging driver: Options https://.....:8088/services/collector/event/1.0: dial tcp IP:8088: getsockopt: connection timed out. Is there something I did wrong? Thanks On Thursday, June 7, 2018, 3:46:39 PM EDT, Tezarin <[email protected]> wrote: Thanks much for your replies Nick and Chris. Let me read up on the splunk logging driver. On Thursday, June 7, 2018, 2:29:45 PM EDT, Nick Couchman <[email protected]> wrote: On Thu, Jun 7, 2018 at 2:20 PM, Tezarin <[email protected]> wrote: > Hi all, > I have Guacamole running inside a docker container. We use Splunk for > managing the logs on all of our applications. Is there any way I could > forward the guacamole logs to Splunk? > As of right now, the only way I know to manage the logs is by running the > docker logs guacamole command. > > Thanks in advance First, which Guacamole logs are you talking about - server (guacd) or client (Tomcat + guacamole.war)? For guacd, these should already be logged via syslog (journalctl, etc.), so you should be able to pick those up via whatever mechanism Splunk can use to capture them. Kris mentioned the Splunk Log Driver for Docker, and presumably Splunk also is capable of intergrating directly with syslog. For Guacamole Client (Tomcat), you'll probably need to do a little more configuration to get the logs sent either to a stdout/stderr where they can be picked up by something like the Splunk Log Driver, or configure logback.xml (slf4j's logging configuration) to send to syslog and pick them up the same way you would the guacd logs, or anything else that logs either to the console or to syslog. -Nick
