Information
Each container maintains its logs
under /var/lib/docker/containers/$INSTANCE_ID/$INSTANCE_ID-json.log. But,
maintaining logs at a centralized place is preferable.
Storing log data on a remote host or a centralized place protects log integrity from local
attacks. If an attacker gains access on the local system, he could tamper with or remove log
data that is stored on the local system. Also, the 'docker logs' paradigm is not yet fully
developed. There are quite a few difficulties in managing the container logs namely. No logrotate for container logs
. Transient behavior of docker logs
. Difficulty in accessing application specific log files
. All stdout and stderr are loggedHence, a centralized and remote log collection service should be utilized to keep logs for all
the containers.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Configure a centralized and remote log collection service. Some of the examples to do this
are in references. Once the log collection service is active, configure all the containers to
send their logs to this service.
Impact-None.
Default Value-By default, each container logs separately.