Using Filebeat in Docker... to Monitor nginx in Docker

This is really part of a much longer story about how I set up infrastructure in my pseudo home-lab, involving a neat piece of kit running VMWare ESXi with a VM dedicated as a DNS server and the whole works.

I will add to this post when I can, but for now I’ll explain what I just learned about using Filebeat to monitor Docker processes when using Moby in place of Docker on Fedora 32.

For some reason, I’ve had to pull my hair out trying to get Filebeat to send anything to Elastic. Nothing was showing up in Kibana, and being new to pretty much everything I’m playing with, I didn’t have the finesse to troll through the log and find the point of failure.

What I discovered after running docker info (and this is why I single out Moby above) is that the log driver Docker is using is not json-file as the docs indicate is the default, but rather syslog. This means that all of the *-json.log files that Filebeat expects to see and pick up simply don’t exist.

I will change this and test in a moment, but nothing shows up from a quick Google search indicating that Moby is special here. Odd.

