Freegeoip logs using stderr causing docker syslog driver to report all messages as errors

By default the in-built go logger sends all output to STDERR causing messages to appear at error severity level when the docker logging engine is set to syslog. This creates difficulties when attempting to utilise a platform such as the ELK stack and forces the user to create an custom filter.

docker-compose.yml

---
freegeoip:
  container_name: freegeoip
  image: fiorix/freegeoip
  restart: always
  log_driver: syslog
  log_opt:
    syslog-address: tcp://10.0.0.1:514

The following is an example of the record once processed by an ELK stack.

message:2015/10/28 12:59:55 freegeoip server starting on :8080 @version:1 @timestamp:October 28th 2015, 12:59:55.000 host:10.0.12.16 priority:27 timestamp8601:October 28th 2015, 12:59:55.000 logsource:ip-10-0-12-16 program:docker/683489f2841c pid:888 severity:3 facility:3 timestamp:October 28th 2015, 12:59:55.000 facility_label:system severity_label:Error _id:AVCuiIyrawdnUFzhiRxl _type:logs _index:logstash-2015.10.28 _score:

[fiorix]

The title is a bit misleading, because freegeoip does not set any error severity for its logs. It uses stderr like most Go programs just because stderr is unbuffered. There must be a way for you to configure docker-compose to work well with this behavior.

I changed the title to hopefully clarify the issue.

Unfortunately the syslog driver in docker is set to follow this behaviour without any options to change it.
https://github.com/docker/docker/blob/master/daemon/logger/syslog/syslog.go#L96

func (s *syslogger) Log(msg *logger.Message) error {
    if msg.Source == "stderr" {
        return s.writer.Err(string(msg.Line))
    }
    return s.writer.Info(string(msg.Line))
}

[fiorix]

Couldn't find much about it in the docs, I'd say your best bet for now would be to run freegeoip 2>&1 to get logs to stdout.

[fiorix]

You can pass -logtostdout to fix this now. Beware that logging to stdout might slow down the server when in contention conditions.