Logging for the software containers

All software containers that are provided by IBM Z® Anomaly Analytics, except for the IBM Z Resource Discovery Data Service service container, write log data exclusively to standard output. This process enables the container management tool (Docker or Podman) to take control of the log output and to manage it according to its built-in facilities. Each container management tool includes several different logging drivers that you can use.

Some options for logging drivers

json-file driver
By default, the software containers in IBM Z Anomaly Analytics are configured to use the simplest logging driver that is available in both Docker and Podman, which is the json-file driver.

This driver does not have any prerequisites. However, because data that is logged with this driver does not persist beyond the lifetime of the container, json-file might not be suitable for long-term log retention. Also, this driver does not provide any log rotation or log compression.

journald driver
The journald driver is also available in both Docker and Podman.

This driver routes container log output to the journald facility, which enables container logs to be viewed and managed with other application output that is logged by journald. This driver also provides log rotation and log compression.

Use of the journald driver

If you want to use the journald driver for logging of the software containers, complete the following steps:
  1. Open the file ZOA_HOME/zoa_env.config in a text editor.
  2. Change the value of the configuration property LOGGING_DRIVER to journald, and save and close the file.
  3. Run the following commands. If you are using Podman, replace dockerManageZoa.sh with podmanManageZoa.sh.
    
./bin/dockerManageZoa.sh down
./bin/dockerManageZoa.sh up

Support of the journald driver is subject to the limitations of the journalctl subsystem on Linux® and to the support that is provided in Docker and Podman for journald. For example, on RHEL 8, the journald driver can be used with Podman only if the Podman containers are run under the root user ID. Also, access to the log data via journalctl is managed differently by different Linux distributions and can be made available only to the root user IDs and to user IDs with elevated privileges.

To view the log output of a container in journald, use the prefix CONTAINER_NAME, as shown in the following examples. Multiple CONTAINER_NAME prefixes can be combined in a single command to view log output from multiple containers.
Docker examples for viewing log output
View the ZOA Common gateway service that is running under Docker
sudo journalctl -f CONTAINER_NAME=zoa-gateway
View the ZOA Common gateway and authentication services that are running under Docker
sudo journalctl -f CONTAINER_NAME=zoa-gateway CONTAINER_NAME=zoa-auth
Podman examples for viewing log output
View the ZOA Common gateway service that is running under Podman
sudo journalctl -f CONTAINER_NAME=gateway
View the ZOA Common gateway and authentication services that are running under Podman
sudo journalctl -f CONTAINER_NAME=gateway CONTAINER_NAME=auth
You can also use the following commands to view log output from the software containers:
  • docker logs
  • podman logs