Details
Docker now supports various log drivers. A preferable way to store logs is the one that supports centralized and remote logging.
Rationale:
Centralized and remote logging ensures that all important log records are safe despite catastrophic events. Docker now supports various such logging drivers. Use the one that suits your environment the best.
Solution
Step 1: Setup the desired log driver by following its documentation.
Step 2: Start the docker daemon with that logging driver.
For example,
dockerd –log-driver=syslog –log-opt syslog-address=tcp://192.xxx.xxx.xxx
Impact:
None.
Default Value:
By default, container logs are maintained as json files
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.