🔍 Docker Log Analysis 101

This guide covers several ways to inspect and analyze Docker container logs. You can use docker logs with grep to filter logs for specific content, or use --tail to view recent logs. For real-time monitoring, combine docker logs -f or directly tail the container's log file (if using the json-file logging driver). These methods are useful for debugging, monitoring, and understanding container behavior.

🔍 GREP: Search for Specific Logs

---

To search for specific entries (e.g., by date), use grep. Using 2>&1 ensures both stdout and stderr are included:

docker logs <container_id> 2>&1 | grep "2024-06-20"

📌 Tip: You can also pipe into less for easier navigation:

docker logs <container_id> 2>&1 | less

📄 TAIL: View Recent Logs

---

you can use the tail option to specify the number of logs you want to see

docker logs --tail 100 <container_id>

You can combine this with -f to follow logs in real-time:

tail -f /var/lib/docker/containers/<container_id>/<container_id>-json.log

📂 Access Log Files Directly (Live Tailing)

---

If your Docker engine is using the default json-file logging driver, logs are stored here:

/var/lib/docker/containers/<container_id>/<container_id>-json.log

Live tail the log file directly:

sudo tail -f /var/lib/docker/containers/<container_id>/<container_id>-json.log