Docker Compose logs provide invaluable insights into the behavior of your containerized applications, providing visibility into runtime events, errors, and system interactions. Understanding and managing these logs is vital or maintaining and troubleshooting Docker Compose environments effectively.

This guide covers what you need to know about Docker Compose logs, including their use cases, how they can be accessed and best practices for optimal logging within Docker Compose environments.

What are Docker Compose Logs?

Docker Compose logs are the combined output generated by the services (containers) running in a Docker Compose environment. These logs include the output (stdout and stderr) from each service container defined in your Docker Compose configuration file.

Docker Compose is a tool that simplifies the management and orchestration of multi-container Docker applications. It lets you define and configure all the services, networks, and volumes for your container application(s) in a single, declarative YAML file. Each service defined in this file runs in its own container within the Docker Compose environment, producing logs that capture events, activities, and errors occurring within the containers.

These logs, when aggregated and displayed together using the docker-compose logs command, are referred to as Docker Compose logs.

Use Cases for Docker Compose Logs

Docker Compose logs are essential for various tasks in application development, deployment, and maintenance. Here are some key use cases:

  1. Debugging and Troubleshooting: When developing an application, you often need to understand why something isn't working as expected. Docker Compose logs provide detailed information from all your service containers, helping you identify errors, warnings, or unexpected behavior.
  2. Monitoring and Performance Analysis: Monitoring the logs of your running services helps in understanding their performance and behavior over time. This is crucial for identifying performance bottlenecks and ensuring your services are running optimally.
  3. Audit and Compliance: Maintaining logs is often a requirement for audit and compliance purposes. Logs can provide a detailed history of what has happened within your application, which is essential for security audits and ensuring compliance with regulations.
  4. Service-Specific Analysis: Sometimes, you need to focus on a specific service rather than the entire application stack. Docker Compose allows you to view logs for individual services, making it easier to pinpoint issues or analyze the behavior of a particular component.

How to Access Docker Compose Logs

The fundamental command to access logs from your Docker Compose services is:

docker-compose logs

This command displays the combined logs of all services defined in your docker-compose.yml file.

If you have specific requirements for how your log output appears, Docker Compose provides a range of filtering options to refine the log output. Here's the syntax:

docker-compose logs [OPTIONS] [SERVICE...]
  • docker-compose logs: This is the base command to view logs from your Docker Compose services.
  • [OPTIONS]: These are optional flags that you can use to customize the log output. Options can control aspects like real-time log following, time ranges, color output, and more.
  • [SERVICE...]: This is an optional argument where you can specify one or more service names. If you provide service names, the logs will be filtered to show only those services' logs. If you omit this, logs from all services will be displayed.

Common flag options

FlagsDescription
-f, --followFollow log output in real-time.
--indexIndex of the container if the service has multiple replicas.
--no-colorDisable color output in the logs.
--no-log-prefixRemove the prefix that identifies which service the log is coming from.
--sinceShow logs since a specific timestamp or relative time (e.g., "2024-06-26T14:00:00" or "1h30m").
-n, --tailLimit the number of lines displayed.
-t, --timestampsShow timestamps for each log entry.
--untilShow logs before a specific timestamp or relative time.

To see how the Docker Compose logs command works with the flag options, you will need a Docker Compose YAML file with configuration for multiple services. This could include configurations for a web server like Nginx or Apache, a database like MySQL or PostgreSQL, a caching layer like Redis, or any other services that your application requires. This also requires that you have Docker and Docker Compose installed.

If you do not have an existing Docker Compose file, you can clone the GitHub repository below. This repository provides a pre-configured docker-compose.yml file that sets up PHP, MySQL, and phpMyAdmin containers:

git clone https://github.com/FavourDaniel/docker-compose-logs.git

After cloning the repository, navigate to the project directory:

cd docker-compose

Start the containers:

docker-compose up -d

The -d flag, short for "detached," instructs Docker Compose to start the containers in the background. This allows you to have control of your terminal immediately.

Containers running in the background
Containers running in the background


Without the -d flag, Docker Compose will run your containers in the foreground, continuously streaming their logs directly into your terminal and preventing you from executing other commands. Additionally, if you close the terminal or interrupt the process, your containers will stop running.

Docker logs outputted in the terminal (foreground)
Docker logs outputted in the terminal (foreground)


Once your containers are up and running, you can follow the next steps to access the Docker Compose logs.

View Logs of All Running Containers

To see the combined logs from all running containers in your Docker Compose environment, use the following command:

docker-compose logs

This command aggregates the logs from each service container defined in your Docker Compose file and displays them together in a single stream. It helps you get an overall view of the application's behavior and diagnose issues that might span multiple services.

View Logs of a Specific Container

If you need to focus on the logs of a particular service container, you can specify the container name with the following command:

docker-compose logs <container-name>

Replace <container-name> with the name of the specific service defined in your docker-compose.yml file. This command will filter and display only the logs from that specified container, making it easier to pinpoint issues related to a specific service.

For example:

Logs of a particular container
Logs of a particular container

Follow Container Logs

For real-time log streaming, you can use the --follow (or—f) flags. This is useful for monitoring the live output of your containers as the application runs. Docker Compose will continuously stream the logs to your terminal, updating them in real-time as new log entries are generated.

  • To follow logs of all running containers:
docker-compose logs -f
Follow flag
Follow flag


- To follow the logs of a specific container:

docker-compose logs --follow <container-name>

For example:

Follow logs of a particular container
Follow logs of a particular container

Filter Container Logs

If you want to filter logs for a specific container, you can use the grep command:

docker-compose <container-name> | grep

For example:

docker-compose mysql | grep

Similarly, you can also filter logs from multiple containers. For instance, to filter logs from containers named php and phpmyadmin for all GET requests:

docker-compose <container-name> <container-name> | grep GET

This command will list all log entries containing "GET" requests for both specified containers.

GET request logs from PHP and phpmyadmin containers
GET request logs from PHP and phpmyadmin containers

View Logs Generated Before and After a Specific Time

To view logs since a specific or particular time, you can use the --since flag:

docker-compose logs --since=<timestamp>

Replace <timestamp> with the desired time. The format for the timestamp is as follows

YYYY-MMDDTHH:MM:SS

YYYY = The four-digit year (e.g., 2024).

MM = The two-digit month (e.g., 06 for June).

DD = The two-digit day of the month (e.g., 28).

T = A separator to distinguish the date and time components.

HH = The two-digit hour in 24-hour format (e.g., 14 for 2 PM).

MM = The two-digit minute (e.g., 30).

SS = The two-digit second (e.g., 00).

The timestamp also be represented using relative time format like 1h (for logs from the past hour).

For instance, if you want to view all the logs generated by the Docker Compose services starting from the past 1 hour up to the current time:

docker-compose logs --since=1h
Since flag
Since flag


To view logs up to or until a specific time, you can use the --until flag:

docker-compose logs --until=<timestamp>

Replace <timestamp> with the desired end time.

For instance, if you want to view logs generated by the Docker Compose services up to 5 minutes ago from the current time:

docker-compose logs --until=5m
Until flag
Until flag


The —-since and --until flags can also be used together to filter logs within a specific timeframe:

docker-compose logs --since=<timestamp> --until=<timestamp>

For example:

docker-compose logs --since=2024-06-27T14:55:00 --until=5m

The above command filters the logs to show you only the entries generated between 2:55 PM and 3:00 PM on June 27, 2024.

Since and until flags used together
Since and until flags used together

View Logs Without Color

If you prefer to view logs of all running containers without color coding, you can disable color with the --no-color flag:

docker-compose logs --no-color

This can be helpful for easier reading or when piping logs to other commands or files.

To see logs without color coding of a particular container:

docker-compose logs <container-name> --no-color
Container log output with no color
Container log output with no color

Limit the Number of Log Lines

The --tail flag allows you to limit the number of log lines displayed:

docker-compose logs --tail <number>

Replace <number> with the number of log lines you want to display. For example, --tail 100 will show the last 100 lines of logs.

To see the last 10 logs lines of all running containers:

docker-compose logs --tail 10
The last 10 log lines of all running containers
The last 10 log lines of all running containers


To see the last 10 log lines of a particular container:

docker-compose logs <container-name> --tail 10

For example:

Lat 10 log lines of the MySQL container
Lat 10 log lines of the MySQL container

Docker Compose Logs Best Practices

To effectively manage your Docker Compose logs, there are are some best practices to adopt. They include:

  1. Use a Centralized Logging Solution

Centralizing logs from multiple containers and services simplifies log management and analysis. It allows for easier access, search, and analysis of logs across different application components. This is particularly useful in large-scale applications where logs need to be monitored and analyzed in real time.

  1. Log Rotation and Retention

Log rotation and retention policies are essential for managing disk space and ensuring that old logs do not consume excessive resources. Docker provides built-in log rotation capabilities that can be configured in the Docker Compose file.

  1. Adopt Structured Logging

Structured logging refers to logging data in a consistent, machine-readable format. Adopt structured logging formats like JSON to standardize log messages. This enhances readability and enables automated parsing and analysis, making it easier to troubleshoot issues and monitor application behavior.

  1. Include Relevant Information in Logs:

Ensure that your logs include relevant information to aid in debugging and monitoring. This might include timestamps, log levels, service names, request IDs, user IDs, and any other context-specific data.

  1. Configure Logging Drivers

Docker supports various logging drivers that determine how logs are collected, stored, and managed. Configuring the appropriate logging driver for your use case can optimize log performance and integration with external systems.

Analyzing Docker Compose Logs with SigNoz

While Docker Compose provides essential logging to stdout and stderr, it lacks advanced features crucial for effective log management in complex environments. As your application scales, it becomes difficult to manage logs from multiple containers and services. In addition, troubleshooting issues across distributed services can be difficult without consolidated logs and insights provided by log analysis tools, hence the need for a centralized log analysis tool.

SigNoz is a full-stack open-source APM tool that simplifies the process of monitoring logs, metrics, and traces in a single pane of glass.

The logs tab in SigNoz is packed with advanced features that streamline the process of analyzing logs. Features such as a log query builder, search across multiple fields, structured table view, and JSON view make the process of analyzing Docker logs easier and more efficient.

Logs management in SigNoz
Logs management in SigNoz


SigNoz offers real-time analysis of logs, enabling you to search, filter, and visualize them as they are generated. This can assist in identifying patterns, trends, and problems in the logs and resolving issues efficiently.

Live tail logging in SigNoz
Live tail logging in SigNoz


With the advanced Log Query Builder, you can filter out logs quickly with a mix and match of fields.

Advanced query builder to search and filter logs quickly in SigNoz dashboard
Advanced query builder to search and filter logs quickly in SigNoz dashboard

Conclusion

Docker Compose logs are invaluable for managing and maintaining your application services. They offer a window into the runtime behavior, errors, and performance bottlenecks of your services. By actively monitoring and analyzing these logs, you can:

  • Quickly identify and diagnose errors, crashes, or unexpected behavior in your applications.
  • Pinpoint performance bottlenecks, resource contention, or inefficient code paths.
  • Detect unauthorized access attempts, suspicious activity, or potential vulnerabilities.
  • Track the overall health and stability of your applications in real time.

FAQs

How to see logs of docker-compose?

Use the docker-compose logs command.

Where do I see Docker logs?

By default, Docker logs are stored in /var/lib/docker/containers/<container-id>/<container-id>-json.log. You can also view them using docker logs <container-id>.

How do I add logs in Docker?

You don't explicitly add logs in Docker since they are generated by the applications running inside the containers. You can view, configure, and manage the logs using Docker logging drivers and the docker logs command.

How do I get Docker logs into a file?

By running the command docker logs <container-id> > filename.log.

How to debug docker-compose up?

To debug docker-compose up, check logs for errors and use docker-compose logs for detailed output.

How to check Docker running status?

Use the command: docker ps.

What is docker-compose used for?

To define and manage multi-container Docker applications.

How do I restart a docker-compose file?

Use the command: docker-compose restart.

Where does a container store logs?

Logs are stored in the container’s default logging driver, often as JSON files.

What is a Docker log driver?

A logging mechanism to control how logs are collected, stored, and managed.

How do I list all Docker containers?

Use the command: docker ps -a.

How do I exit from Docker logs?

Press Ctrl+C.

What is the command for Docker logs tail?

docker logs --tail <number> <container-id>

What is tty in docker-compose?

It allocates a pseudo-TTY for the container, useful for interactive applications.

How to check stdout log in Linux?

Use the cat or tail command with the path to the log file.

How do I see the console of a Docker container?

Use the command: docker attach <container_id> or docker exec -it <container_id> /bin/bash