How to forward systemd logs from a Docker container to the host journalctl?

Question

I have an app writing logs to systemd. I would like to run this app in a Docker container and access the logs from host journal system.

The answer is given here but does not work in my case for a unknown reason: https://stackoverflow.com/a/45701983/2291710

Given the following C++ program:

#include <systemd/sd-journal.h>
#include <unistd.h>
#include <stdlib.h>

int main(int argc, char *argv[]) {
    return sd_journal_send("MESSAGE=Hello World!", "PRIORITY=5", NULL);
}

I create a new container and open bash while binding /run/systemd/journal/socket:

docker run -v /run/systemd/journal/socket:/run/systemd/journal/socket -v $PWD:/test -it -w /test ubuntu:20.04 bash

Then install the dependencies and compile my file from within the container:

apt-get update && apt-get install -y g++ strace libsystemd-dev
g++ main.cpp -o out -lsystemd

But then when I run ./out nothing show up while I opened journalctl --user -f on host. However, if I run ./out from host, then the expected message is displayed by journalctl.

Running strace on ./out from the container or the host demonstrates they are both writing to /run/systemd/journal/socket.

Is there any reason for which it would not work?

Socket seen from host:

$ stat /run/systemd/journal/socket 
  File: /run/systemd/journal/socket
  Size: 0           Blocks: 0          IO Block: 4096   socket
Device: 19h/25d Inode: 506         Links: 1
Access: (0666/srw-rw-rw-)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2022-03-23 13:29:18.401063839 +0100
Modify: 2022-03-21 13:00:06.487999531 +0100
Change: 2022-03-21 13:00:06.487999531 +0100
 Birth: -

Socket seen from container:

# stat /run/systemd/journal/socket 
  File: /run/systemd/journal/socket
  Size: 0           Blocks: 0          IO Block: 4096   socket
Device: 19h/25d Inode: 506         Links: 1
Access: (0666/srw-rw-rw-)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2022-03-23 12:29:18.401063839 +0000
Modify: 2022-03-21 12:00:06.487999531 +0000
Change: 2022-03-21 12:00:06.487999531 +0000
 Birth: -

Using Docker 20.10.12 and not running SELinux.

Using /run/systemd/journal/ did not work either.

@DeanVanGreunen Sorry, I could have simplified the snippet. I removed irrelevant parts (including `MESSAGE_ID` which is optional). The issue occurs with a very basic call to `sd_journal_send()` shared above (I tested again). — Delgan, Mar 23 '22 at 17:38
i suggest reading [this](https://manpages.debian.org/testing/libsystemd-dev/sd_journal_send.3.en.html) and [this](https://cpp.hotexamples.com/examples/-/-/sd_journal_send/cpp-sd_journal_send-function-examples.html) — Dean Van Greunen, Mar 23 '22 at 17:41
and lastly [this](https://stackoverflow.com/questions/45617872/any-way-to-redirect-sd-journal-send-to-stdout-or-stderr) — Dean Van Greunen, Mar 23 '22 at 17:41
@DeanVanGreunen Yeah... Quoting the docs: "If systemd-journald(8) is not running (the socket is not present), those functions do nothing, and also return 0." For sure "journald" isn't running within my container. I'm wondering why the socket binding did the trick in the answer I linked. — Delgan, Mar 23 '22 at 17:46
What is the output of `stat /run/systemd/journal/socket` from the container and from host? Do you have selinux running? What version of docker do you use? Please try `-v /run/systemd/journal/:/run/systemd/journal/`. — KamilCuk, Mar 23 '22 at 18:26
@KamilCuk I updated my question with the additional information requested. Do you mean this is working fine on your computer and is an issue on my side only? — Delgan, Mar 23 '22 at 19:20
`Do you mean this is working fine on your computer` yes. `while I opened journalctl --user` why did you opened user journalctl? Check the non-user one. Is the host also running ubuntu? — KamilCuk, Mar 23 '22 at 21:46
@KamilCuk Thanks! I tried on another computer and indeed it worked. I didn't expect this issue to be specific to my configuration. I'll keep investigating it and make an update if I figure out the solution. I'm watching `--user`, `--system` and default `journalctl` to be sure, but nothing appears in any of them. Both my PC and docker container are running Ubuntu 20.04. — Delgan, Mar 24 '22 at 07:54

How to forward systemd logs from a Docker container to the host journalctl?

0 Answers0