Managing logs across multiple Docker containers on a single server often leads to a frustrating cycle: SSH in, run docker logs, then repeatedly grant access to teammates or invest in an observability stack you don’t yet need. This was the exact pain point that inspired the creation of DockLog—a compact, self-hosted solution designed to simplify log viewing and container administration.
DockLog replaces the need for Elasticsearch or Loki when managing a handful of containers, while eliminating the risk of handing out SSH keys to every user who requires log access. Built as a single-container deployment, it integrates directly with Docker’s API to provide real-time insights without requiring agents or external telemetry.
Core features of DockLog
- Real-time log streaming via WebSockets (capturing both stdout and stderr without polling)
- System monitoring that tracks host and container CPU/memory usage, storing up to 30 days of historical data in SQLite
- Granular access control with multi-user authentication and per-user container filtering (supporting wildcards and regular expressions)
- Container actions including start, stop, restart, deletion, and shell access—governed by server-level flags and user-specific permissions
- Audit trail for tracking user activities when persistent authentication is enabled
- Cross-platform clients for Android, Windows, and Linux, enabling seamless connection to self-hosted DockLog instances with support for multiple server profiles
Under typical usage, DockLog consumes approximately 30–40 MB of RAM, making it an efficient addition to resource-constrained environments. The project is available as aimldev/docklog:latest on Docker Hub for both amd64 and arm64 architectures and is released under the MIT license.
Clear boundaries: What DockLog isn’t designed to be
Scalability and feature scope are intentionally limited to prevent misuse. DockLog does not aim to:
- Aggregate logs across multiple Docker engines in a single dashboard (though this is planned for future development)
- Replace enterprise-grade solutions like Loki, ELK, or Grafana for large-scale deployments
- Operate as a hosted service—you retain full control over your data by self-hosting
Additionally, DockLog inherits Docker’s socket permissions model. Since it mounts docker.sock, treat it with the same caution you would any privileged administrative tool.
Deploying DockLog in three steps
Getting started requires minimal configuration. Below is a concise Docker Compose snippet for a local setup:
services:
docklog:
image: aimldev/docklog:latest
container_name: docklog
ports:
- "8888:8000"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./data:/app/data
environment:
- SECRET_KEY=change-me-use-openssl-rand-base64-32
- DB_PATH=/app/data/docklog.db
- CLIENT_ACCESS=strict
- ENV=production
restart: unless-stoppedAfter launching the container, open in a browser. The initial setup creates an admin account with the credentials admin / admin123`, prompting an immediate password change upon first login.
Alternatively, deploy via the command line with:
docker pull aimldev/docklog:latest
docker run -d \
--name docklog \
-p 8888:8000 \
-v /var/run/docker.sock:/var/run/docker.sock \
-v $(pwd)/data:/app/data \
-e SECRET_KEY=your-secure-key-here \
-e DB_PATH=/app/data/docklog.db \
-e CLIENT_ACCESS=strict \
--restart unless-stopped \
aimldev/docklog:latestRole-based access control with real enforcement
Early feedback highlighted a common concern: is role-based access control (RBAC) merely a cosmetic feature in the UI, or does it provide actual enforcement? DockLog addresses this by validating container access patterns server-side before granting any resource access. This applies to log streams, container listings, system metrics, and executable actions.
Permissions operate on two levels. Server-side environment variables (ALLOW_* flags) define global capabilities, while user-specific permissions stored in the database add granular controls—even administrative accounts must comply with both layers. In environments where strict authentication isn't required (such as a local development laptop), server flags alone determine access.
Technical underpinnings: A lightweight yet powerful stack
DockLog’s architecture prioritizes simplicity without sacrificing functionality:
- The backend is written in Go and interfaces directly with Docker’s API
- The frontend leverages Vue 3 for a responsive, embedded user interface
- SQLite handles persistent storage for user accounts, RBAC rules, audit logs, and short-term metric history
- WebSockets facilitate real-time log streaming, event notifications, and optional shell sessions
A companion CLI tool, also named docklog, is included in the image. It supports subcommands for password resets (reset-password), configuration inspection (config), version checks (version), and future fleet management features.
Explore before you install
The DockLog team offers a public sandbox environment for hands-on evaluation:
- URL: demo.docklog.dev
- Credentials: demo / Demo@1106
Note that this environment is a shared demo space—avoid using it for any production or sensitive data.
Multi-platform clients for uninterrupted access
The native clients for Android, Windows, and Linux connect directly to the DockLog servers you control. Store multiple server endpoints in the app and switch between them effortlessly, allowing you to monitor logs without keeping a browser tab open indefinitely. Each host still requires its own DockLog instance; the app simplifies management rather than merging views across disparate servers.
Download links and additional details can be found at docklog.dev/app.
DockLog emerged from a need to provide team members with tailored container access without resorting to shared SSH keys or bulky observability stacks. It occupies a practical middle ground—offering more structure than ad-hoc log sharing while avoiding the complexity of full-scale logging infrastructures. For teams managing a handful of containers on a single host, this approach can significantly reduce operational friction.
Feedback and contributions are welcome via the project’s GitHub repository. Whether you’re currently using a different method for single-host Docker log management or see room for improvement in DockLog’s feature set, the maintainer is eager to hear from users.
AI summary
Docker konteyner loglarını SSH olmadan, sadece bir arayüz üzerinden kolayca takip edin. DockLog’un özellikleri, kurulumu ve avantajları hakkında detaylı bilgiye ulaşın.
