How do I access Windows eventlog of a Docker container
Solution 1
Create a powershell session for the container
docker exec -it <container_id> powershell
Then from the container, get the latest event logs
Get-Eventlog -newest 20 application
Above command will help you to find the index,
(Get-Eventlog -index xxx application).message
Solution 2
On PWSH (Powershell Core):
Get-WinEvent -LogName Application
Solution 3
The Docker Engine logs to the Windows 'Application' event log, rather than to a file. These logs can easily be read, sorted, and filtered using Windows PowerShell
For example, this will show the Docker Engine logs from the last 5 minutes starting with the oldest.
Get-EventLog -LogName Application -Source Docker -After (Get-Date).AddMinutes(-5) | Sort-Object Time
Related videos on Youtube
Greg Pagendam-Turner
Software developer with over 27 years experience and ability to code in over 116 different programming languages.
Updated on June 14, 2022Comments
-
Greg Pagendam-Turner almost 2 years
How do I access the Windows Event Log of a Microsoft Docker container from the host?
I have a docker container under Windows Server 2016.
The container is based on image: microsoft/iis
I can get the ip address of the container with:
docker inspect -f "{{ .NetworkSettings.Networks.nat.IPAddress }}" my-running-site
How can I connect to it via the Event Viewer on the windows host?
-
Falco Alexander over 7 yearsgood question! of course you can powershell into your container and use
get-eventlog
as expected, but connecting from the host to the container would mean that the container is listening to external request for the eventlog. If you check your container for listening ports there is only port 135 (RPC) listening, which MAY be the right. Next step is exposing that port to the outside withdocker run -p 135:135...
but during my try it did not work... how about posting that question in the docker or container forums or GitHub? -
Alex H over 7 yearsI'm not sure that the eventlog is the way to go with logging inside of containers. Whilst it's a traditional tool in windows, the lightweight nature of containers makes redirecting to stdout and stderr better candidates for logging for containers. This has further benefits such as delegating log analysis to tools such logstash and elasticsearch. It's then easier to query multiple containers and store the logs centrally. Also redirecting to stdout and stderr allows you to easily run docker logs ... from the command line of your host to easily obtain logs.
-
Greg Pagendam-Turner over 7 yearsI can't always control what gets logged to where. If I open port 135 I get 'Access Denied (5)'.
-
robbie fan about 5 yearsMy current understanding of your question is: whether it is possible to let an application (such as IIS) running inside a container log events into Windows Event Log, and use Windows Event Viewer from the host to view those events. Am I understanding correctly? I'm also interested to know the answer.
-
james about 5 yearsMe too. I'm also curious how can we make it? What about run a process keep writing logs to the the data folder, and the host can access that?
-
Admin about 3 years@GregPagendam-Turner Have you received any solution or fixed the problem? I have tried many different approaches but cannot copy the log files to my local drive
-
-
james about 5 yearsI don't think this is a solution, as you only get the source of Docker, not the process running inside the container.
-
Triynko about 5 yearsYeah, those aren't IIS logs. This is way simpler in Azure.
-
Admin over 3 yearsNot worked amigo. Gives "OCI runtime exec failed: exec failed: container_linux.go:370: starting container process caused: exec: "powershell": executable file not found in $PATH: unknown"
-
Praveen Kumar over 3 yearsDo you have PowerShell installed in the container. If not, try with bash or cmd
-
Admin about 3 yearsI followed the steps above and I also fix the problem by installing powershell. However, I cannot copy log.json file from Docker contained to my local drive on Windows. I followed this approach. kb.sitecore.net/articles/383441
-
Admin about 3 yearsSo, if it is possible to copy it, why cannot I copy and run these commands? I have a similar problem like on the following page. You may post your answer to it as I follow it. stackoverflow.com/questions/66055244/…
-
Admin about 3 yearsHave you received any solution or fixed the problem? I have tried many different approaches but cannot copy the log files to my local drive