v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/docker_compliance
Overview
1Dashboards
88Controls
88Queries
2Variables
GitHub

Control: 2.13 Ensure centralized and remote logging is configured

Description

Docker supports various logging mechanisms. A preferable method for storing logs is one that supports centralized and remote management.

Centralized and remote logging ensures that all important log records are safe even in the event of a major data availability issue . Docker supports various logging methods and you should use the one that best corresponds to your IT security policy.

Remediation

Step 1: Set up the desired log driver following its documentation. Step 2: Start the docker daemon using that logging driver. For example:

dockerd --log-driver=syslog --log-opt syslog-address=tcp://192.xxx.xxx.xxx

Default Value

By default, container logs are maintained as json files.

Usage

Run the control in your terminal:

powerpipe control run docker_compliance.control.cis_v160_2_13

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run docker_compliance.control.cis_v160_2_13 --share

SQL

This control uses a named query:

docker_info_centralized_and_remote_logging_configured

Tags

category = Compliance
cis = true
cis_item_id = 2.13
cis_level = 2
cis_section_id = 2
cis_type = manual
cis_version = v1.6.0
plugin = docker
service = Docker