Docker Logs

Overview

Evidence: Docker Logs Description: Collect Docker Logs on Filesystem Category: Applications Platform: linux Short Name: dckl Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes

Background

Docker container logs on Linux are stored as JSON files within the Docker data directory. Each container has its own log file containing stdout/stderr output from the containerized application.

Data Collected

This collector gathers structured data about docker logs.

Collection Method

This collector gathers Docker container JSON log files from /var/lib/docker///, which contain container output logs organized by container ID.

Forensic Value

Docker logs are essential for investigating containerized application activities, malicious container behavior, data exfiltration, command execution, and understanding attack chains in containerized environments.

PreviousDocker Info NextDocker Networks

Last updated 3 days ago

Was this helpful?