Set Docker daemon log level to
Setting up an appropriate log level configures the Docker daemon to log events that you would want to review later. A base log level of
info and above captures all logs except
debug logs. Unless required, you should not run Docker daemon at
debug log level.
To confirm that the log level setting is
info, review both the
dockerd startup options, and also the log level settings in
/etc/docker/daemon.json. To review the
dockerd startup options, run:
ps -ef | grep dockerd
Ensure that either the
--log-level parameter is not present or if present, that it is set to
Similarly, review the
/etc/docker/daemon.json for the
Ensure that the Docker daemon configuration file has the following configuration included:
Alternatively, run the Docker daemon with the
By default, Docker daemon is set to log level of
Version 6.6.2 Ensure Audit Log Settings Support Appropriate Log Entry Formatting - Validate audit log settings for each hardware device and the software installed on it, ensuring that logs include a date, timestamp, source addresses, destination addresses, and various other useful elements of each packet and/or transaction. Systems should record logs in a standardized format such as syslog entries or those outlined by the Common Event Expression initiative. If systems cannot generate logs in a standardized format, log normalization tools can be deployed to convert logs into such a format.
Version 7.6.2 Activate audit logging - Ensure that local logging has been enabled on all systems and networking devices.
Version 6.3 Enable Detailed Logging - Enable system logging to include detailed information such as an event source, date, user, timestamp, source addresses, destination addresses, and other useful elements.