I live just north of Houston. Houston is focused primarily on the oil industry and doesn’t have much of a “Silicon Valley” vibe—Texas has Austin for that—so I don’t get to talk with many tech companies in my own backyard. Graylog is one of the few exceptions. Graylog has an open source log management platform and it recently expanded the capabilities to include collecting and analyzing log data from Docker containers.
Lennart Koopman, Graylog’s CTO, founded the company in 2009. While working on a project adding more and more servers he had reached out to Splunk for a quote for a log management solution. After recovering from the sticker shock he started devoting his free time developing Graylog as an open source project to address his logging needs more cost-effectively.
Lennart explained to me that Graylog is essentially an open source rival to Splunk. It’s an open source, on-premise solution that aggregates and correlates log data to enable customers to extract valuable information from their datacenters. It’s open source, so it’s free—but Graylog also offers support contracts for customers that want some additional peace of mind.
That’s all fine and dandy for traditional servers—or even virtual servers—running in a datacenter. However, the advent of Docker and the rise of containers has completely changed the game. The Docker container environment is significantly more fluid as containers are constantly created and destroyed. The old method of monitoring logs from specific containers or images—and trying to keep track of the current inventory and state of all containers and images—is simply too tedious. It’s too much to try and keep track of and virtually impossible to manage using any sort of manual process.
The Graylog logging driver for Docker allows organizations to automatically collect and manage log data even though Docker containers are very dynamic and the associated log data is not persistent or stored. Graylog promises to enable customers to extract valuable intelligence from the Docker environment to pinpoint problems faster, deliver applications more efficiently, and minimize downtime.
“Docker has made building and deploying applications so much easier, but accessing logs generated within containers and their applications has been a huge blind spot for DevOps and IT Ops teams, until now,” said Michael Sklar, CEO of Graylog. “Native Graylog integration with Docker now makes application container log management easy and affordable. Now, organizations can leverage log data to ensure the performance, availability, and security of their Docker infrastructures.”
Graylog developed GELF (Graylog Extended Log Format) to enable log data collection from Docker. Customers can start Docker with a command-line switch that points to the Graylog server. Docker will then push log data from all containers and apps to Graylog. Making Docker responsible for pushing the data ensures that Graylog gets data from all containers without the burden of trying to also manage the flow as containers are created or destroyed.
Containers are revolutionizing the way organizations develop and deploy apps. The container revolution is also driving innovation in other areas out of necessity—like log management and how to address the challenge of gathering log data from a dynamic container environment. Graylog has stepped up to try and meet that challenge so check out what Graylog can do for you if you need to be able to collect and analyze log data from within your Docker environment.