turbot/docker_compliance
GitHub
Loading controls...

Control: 2.13 Ensure centralized and remote logging is configured

Description

Docker supports various logging mechanisms. A preferable method for storing logs is one that supports centralized and remote management.

Centralized and remote logging ensures that all important log records are safe even in the event of a major data availability issue . Docker supports various logging methods and you should use the one that best corresponds to your IT security policy.

Remediation

Step 1: Set up the desired log driver following its documentation. Step 2: Start the docker daemon using that logging driver. For example:

dockerd --log-driver=syslog --log-opt syslog-address=tcp://192.xxx.xxx.xxx

Default Value

By default, container logs are maintained as json files.

Usage

Run the control in your terminal:

steampipe check docker_compliance.control.cis_v160_2_13

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share docker_compliance.control.cis_v160_2_13

SQL

This control uses a named query:

docker_info_centralized_and_remote_logging_configured

Tags