DCA – 01 – Docker Drivers and Logging

Jarret B

Well-Known Member
Staff member
May 22, 2017
Reaction score
The series of articles will cover the details you need to know for the Docker Certified Associate (DCA). There were a few previous articles that you may want to look at before continuing. The main article is ‘https://www.linux.org/threads/docker-basics-and-install.21840/’. This will help you in installing and testing Docker.

You can use a system or even use Linux on VirtualBox to run Docker. Whichever you choose is up to you.

Technically, this should be the second article, but since I have already written the installation instructions, I will not rewrite an article with the same content. I urge you to use either Ubuntu or CentOS. These are the two systems I am using on a dual-boot system to run all the commands and verify everything works.

I am using Ubuntu 22.04 and CentOS Stream 9. We can run Docker on MacOS, AWS, Fedora, CentOS, Windows, Azure, Ubuntu and Debian. Once you have Docker installed, the Docker commands will work on any Operating System (OS). The previous article, mentioned above, instructs only on installing Docker for Ubuntu and CentOS. Make sure you follow the directions exactly and then you can get ‘hello-world’ to execute properly.

NOTE: The exam is based on either Linux or Windows Server. You should have some experience with the Enterprise Edition of Docker.

Storage Drivers

The drivers we are covering here are the ones that manage the file access.

The following shows the recommended driver and alternative drivers. Be aware that some of the ‘Alternative Drivers’ are no longer supported on newer versions of the Operating Systems (OS).

Linux distribution​
Recommended storage drivers​
Alternative drivers​
overlay, devicemapper, aufs, zfs, vfs​
overlay, devicemapper, aufs, vfs​
overlay, devicemapper, zfs, vfs​
overlay, devicemapper, zfs, vfs​
SLES 15​
overlay, devicemapper, vfs​
overlay, devicemapper, vfs​

Each of these may require a specific filesystem format.

Storage driver​
Supported backing filesystems​
overlay2, overlay​
xfs with ftype=1, ext4​
any filesystem​
xfs, ext4​
any filesystem​

Once you have the OS installed, updated and Docker installed, you can determine the current driver with the command:

docker system info | grep “Storage”
docker info | grep “Storage”

Both commands give the same information, so whether you use “system info” or simply “info”, it doesn’t matter in this case.

On most Linux systems, you should get a response of “Overlay2”. Older versions will give different responses, but I’m hoping you are using a new version.

If you are using an older version, we can change the default to “Overlay2”. You need to be using Kernel version 4.0 or higher, and for Red Hat systems a kernel version of 3.18 or higher. The proper kernel versions will support Overlay2.

NOTE: Overlay2 is a file level driver that replaced the older block level drivers: devicemapper, overlay and aufs in the kernel. Remember that btrfs and zfs are also block level drivers.

To force Overlay2 to be used, or to set it to be sure it is Overlay2, you need to open Terminal. Change the current folder to ‘/etc/docker/’. It may be best to switch to root with the command ‘sudo -i’ or ‘sudo su’. You’ll need to use and editor such as ‘nano’ or ‘vim’ to edit the file ‘daemon.json’.

The file should be empty hopefully.

You’ll need to add the following lines (to an empty file):


If you already have information in the file, then add the second line with the others, but inside the brackets. Every line, but the last one, should end in a comma.

Now, if the existing driver is anything but ‘overlay2’, then you’ll need to back up and restore and images you want to keep (we cover this later in a future article).

NOTE: Images are stored in ‘/var/lib/docker/[storage-type]’.

To see what Docker images you currently have downloaded, you can run the command:

docker images

If you changed the driver in the ‘daemon.json’ file, then you need to restart the Docker service:

sudo systemctl restart docker

Once you restart the service, if it changed the driver, then the images should be gone. Check the downloaded images again and the list should be empty.

You can perform another ‘docker info | grep “Storage”’ to verify that it changed the driver.

Now that we have a driver set, we can set up a logging method.

Logging Driver

We can enable nearly every system to allow logging of information. When a Docker Image is running, it can generate many messages. It can log these messages for viewing later by an administrator.

Docker can support the following formats, but the default is ‘json-file’.

No logs are available for the container and docker logs do not return any output.​
Logs are stored in a custom format designed for minimal overhead.​
The logs are formatted as JSON. The default logging driver for Docker.​
Writes logging messages to the syslog facility. The syslog daemon must be running on the host machine.​
Writes log messages to journald. The journald daemon must be running on the host machine.​
Writes log messages to a Graylog Extended Log Format (GELF) endpoint such as Graylog or Logstash.​
Writes log messages to fluentd (forward input). The fluentd daemon must be running on the host machine.​
Writes log messages to Amazon CloudWatch Logs.​
Writes log messages to splunk using the HTTP Event Collector.​
Writes log messages as Event Tracing for Windows (ETW) events. Only available on Windows platforms.​
Writes log messages to Google Cloud Platform (GCP) Logging.​
Writes log messages to Rapid7 Logentries.​

To determine your current logging driver, use the command:

docker info | grep “Logging Driver”

NOTE: Like before, you can use ‘docker info’ or ‘docker system info’.

To change the default, you place another line in the ‘/etc/docker/daemon.json’. Add the line:


The ‘daemon.json’ file should look like:


Restart the Docker service like before and recheck the logging driver setting with the command:

docker system info | grep “Logging Driver”

Now, let’s create a log for an image. We will download an image and start it in a container. Each container will have its own log file.

To download an image, let’s try ‘docker pull karthequian/helloworld:latest’. Once it has downloaded, use the command ‘docker images’ to see the lists of images that were downloaded. The new image should be in the list.

We can start the image in a container with the command ‘docker run -p 80:80/tcp -d “karthequian/helloworld:latest”’.

To see the running containers, use the command ‘docker ps’. You should see something similar to Figure 1.

Figure 1.jpg


The main thing to notice right now is the container has the name ‘cool_sanderson’. Every time you stop the container and restart it, it will have a different name.

We need to access the container, so you need to check your system’s IP Address with the command ‘ip a’. Open a Web Browser and type the IP Address in the location bar. You should see a screen similar to Figure 2.

Figure 2.jpg


Back in a terminal, you can type the command:

docker container logs cool_sanderson

NOTE: When you need to type in the container's name, you can type a letter or two and hit TAB to complete it. You may need more letters if there are multiple containers running that each start with similar letters.

To stop the container, use the command:

docker stop cool_sanderson

NOTE: Remember to use the name that is generated by Docker on your system.

It specified the default Logging Driver in the ‘daemon.json’ file, but you can specify a different driver by container.

To specify a different driver, use the parameter ‘--log-driver <type>’ in the command line when starting the container. Check the table above for the ‘<name>’.


This is a good start to getting Docker set up and configured. It also gives you an understanding of some docker parameters.

If you are going to try changing these different drivers, give it a try and be comfortable with the changes.