Docker Logs

Overview

Evidence: Docker Logs Description: Collect Docker Logs on Filesystem Category: Containers Platform: macOS Short Name: dckl Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

Docker container information provides details about containerized applications, their configurations, and runtime data. This data is essential for understanding containerized workloads, detecting container-based attacks, and investigating container security incidents.## Data Collected

This collector gathers structured data about docker logs.

Docker Logs Data

Field

Description

Example

ID

Primary key (auto-increment)

LogFile

Log file path

/var/log/application.log

Timestamp

Log entry timestamp

2023-10-15 14:30:25

Level

Log level

INFO

Message

Log message content

Application started successfully

Source

Log source

Application

ProcessID

Process ID

1234

ThreadID

Thread ID

Notes

This data may contain sensitive information that should be handled according to data protection requirements. Ensure proper chain of custody is maintained during collection and analysis.

PreviousDocker Info NextDocker Networks

Last updated 13 minutes ago

Was this helpful?