2.14 Ensure centralized and remote logging is configured

Information

Docker supports various logging mechanisms. A preferable method for storing logs is one that supports centralized and remote management.

Centralized and remote logging ensures that all important log records are safe even in the event of a major data availability issue . Docker supports various logging methods and you should use the one that best corresponds to your IT security policy.

Solution

Step 1 : Set up the desired log driver following its documentation.

Step 2 : Start the docker daemon using that logging driver.

For example:

dockerd --log-driver=syslog --log-opt syslog-address=tcp://192.xxx.xxx.xxx

Impact:

None.

See Also

https://workbench.cisecurity.org/benchmarks/18749

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-1, 800-53|AU-2, 800-53|AU-6(3), CSCv7|6.6, CSCv7|6.8

Plugin: Unix

Control ID: 233be4e5cfee2e6accb28d6f2279170ee4fe8d77ba8d2a3366d6533818c46a7f