How to Access and Analyze Logs in Podman

Understanding container logs is essential for troubleshooting issues, monitoring application behavior, and ensuring the health of your containerized applications. Podman, like other container engines, provides robust logging capabilities that help you gain visibility into your containers' activities.

In this article, we'll explore various techniques for accessing, analyzing, and managing logs in Podman. Whether you're a beginner or an experienced DevOps professional, this guide will help you master Podman's logging features and improve your container monitoring workflow.

Understanding Podman Logs

Container logs capture the standard output (stdout) and standard error (stderr) streams from processes running inside containers. These logs provide invaluable insights into application behavior, errors, and performance metrics.

Before diving into specific commands, it's important to understand how Podman handles logs:

1. Log Drivers: Podman uses various log drivers to determine how container logs are stored and accessed.
2. Log Persistence: By default, Podman stores logs as long as the container exists, even when it's stopped.
3. Log Rotation: Podman can automatically rotate logs to prevent them from consuming excessive disk space.

Basic Log Access with podman logs

The primary command for accessing container logs in Podman is podman logs. Let's start with its basic syntax:

podman logs [OPTIONS] CONTAINER

Where:

• [OPTIONS] are various flags that modify the behavior of the command
• CONTAINER is the name or ID of the container whose logs you want to view

Let's try a basic example. First, start a container:

podman run -d --name web-server nginx

Now, to view its logs:

podman logs web-server

/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2023/03/31 12:34:56 [notice] 1#1: using the "epoll" event method
2023/03/31 12:34:56 [notice] 1#1: nginx/1.21.4
2023/03/31 12:34:56 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6)
2023/03/31 12:34:56 [notice] 1#1: OS: Linux 5.15.0-25-generic
2023/03/31 12:34:56 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2023/03/31 12:34:56 [notice] 1#1: start worker processes

Essential podman logs Options

Following Log Output in Real-Time

To continuously stream new log entries as they're generated, use the -f or --follow flag:

podman logs -f web-server

This command keeps running, displaying new log entries as they occur. Press Ctrl+C to exit the follow mode.

Viewing Only Recent Log Entries

To limit the output to a specific number of recent lines, use the --tail option:

podman logs --tail 10 web-server

/docker-entrypoint.sh: Configuration complete; ready for start up
2023/03/31 12:34:56 [notice] 1#1: using the "epoll" event method
2023/03/31 12:34:56 [notice] 1#1: nginx/1.21.4
2023/03/31 12:34:56 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6)
2023/03/31 12:34:56 [notice] 1#1: OS: Linux 5.15.0-25-generic
2023/03/31 12:34:56 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2023/03/31 12:34:56 [notice] 1#1: start worker processes
2023/03/31 12:34:56 [notice] 1#1: start worker process 29
2023/03/31 12:34:56 [notice] 1#1: start worker process 30
2023/03/31 12:34:56 [notice] 1#1: start worker process 31

Filtering Logs by Time

To view logs from a specific time range, use the --since and --until options:

podman logs --since "2023-03-31T12:00:00" --until "2023-03-31T13:00:00" web-server

These options accept timestamps in various formats, including:

• RFC3339 timestamps (e.g., "2023-03-31T12:34:56Z")
• Relative times (e.g., "10m" for 10 minutes ago, "2h" for 2 hours ago)
• Specific dates (e.g., "2023-03-31")

Adding Timestamps to Log Output

To include timestamps in the log output, use the -t or --timestamps flag:

podman logs -t web-server

2023-03-31T12:34:54.123456789Z /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
2023-03-31T12:34:54.234567890Z /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
...

Showing Log Details

To include additional information such as the log driver in the output, use the --details flag:

podman logs --details web-server

Advanced Log Analysis

Combining Multiple Options

You can combine multiple options to refine your log analysis. For example, to follow the last 5 lines of logs with timestamps:

podman logs -f -t --tail 5 web-server

Filtering Logs by Regular Expressions

While Podman doesn't directly support filtering by regular expressions, you can pipe the output to grep:

podman logs web-server | grep "error"

This command shows only log entries containing the word "error".

For more complex patterns, use extended regular expressions:

podman logs web-server | grep -E "(warning|error|critical)"

Analyzing Logs with Common CLI Tools

Combine Podman logs with standard Unix tools for powerful analysis:

# Count occurrences of specific terms
podman logs web-server | grep -i error | wc -l

# Extract unique error messages
podman logs web-server | grep -i error | sort | uniq -c | sort -nr

# Extract request patterns from an HTTP server
podman logs web-server | grep "GET" | awk '{print $7}' | sort | uniq -c | sort -nr

Working with Multi-Container Environments

Accessing Logs in Pods

Podman supports pods, which are groups of containers that share resources. To access logs from a specific container in a pod:

podman logs -f pod-name:container-name

For example:

podman logs -f web-pod:nginx

Viewing Logs from Multiple Containers

To monitor logs from multiple containers simultaneously, you can use multiple terminal windows or tools like tmux. Alternatively, you can extract logs from all containers:

for container in $(podman ps -q); do
 podman logs $container > logs_$(podman inspect -f '{{.Name}}' $container | sed 's/^\///').txt
done

This script creates separate log files for each running container.

Log Rotation and Management

Configuring Log Rotation

To prevent logs from consuming excessive disk space, configure log rotation:

podman run -d --name web-server --log-opt max-size=10m --log-opt max-file=3 nginx

This configuration:

• Limits each log file to 10MB (max-size=10m)
• Keeps a maximum of 3 log files (max-file=3)

Changing Log Drivers

Podman supports different log drivers. The default is usually k8s-file (or json-file for compatibility with Docker), but you can specify a different driver:

podman run -d --name web-server --log-driver=journald nginx

Common log drivers include:

• k8s-file: Stores logs as files in JSON format (Podman default)
• json-file: Docker-compatible JSON log files
• journald: Sends logs to the systemd journal
• none: Disables logging

Accessing Journald Logs

If you're using the journald log driver, you can access logs with the journalctl command:

journalctl CONTAINER_NAME=web-server

Exporting and Persisting Logs

Saving Logs to a File

To save container logs to a file for further analysis or archiving:

podman logs web-server > web-server-logs.txt

For large log files, consider compressing them:

podman logs web-server | gzip > web-server-logs.gz

Setting Up Centralized Logging

For production environments, consider integrating Podman with centralized logging solutions:

1. Fluentd/Fluentbit: Configure Podman to use the fluentd log driver
2. ELK Stack: Send logs to Elasticsearch for analysis with Kibana
3. Prometheus/Grafana: For metrics and visualizations

Example using the fluentd log driver:

podman run -d --name web-server --log-driver=fluentd --log-opt fluentd-address=localhost:24224 nginx

Troubleshooting Common Log Issues

Missing or Empty Logs

If logs are missing or empty, check:

1. The container's status (podman ps -a)
2. Log driver configuration
3. Application configuration (ensure it's writing to stdout/stderr)

Dealing with Log Format Issues

Some applications use custom log formats or write to files instead of stdout/stderr. For these cases:

1. Configure the application to log to stdout/stderr
2. Use volume mounts to access internal log files
3. Consider using a log forwarding sidecar container

Example mounting a log directory:

podman run -d --name app -v app-logs:/var/log/app my-application

Then access those logs directly:

podman exec -it app cat /var/log/app/application.log

Best Practices for Container Logging

1. Log to stdout/stderr: Configure applications to write logs to standard output and standard error.

2. Structured logging: Use structured formats like JSON for easier parsing and analysis.

3. Include contextual information: Ensure logs include timestamps, severity levels, and request IDs.

4. Configure appropriate log levels: Use debug logging in development, but more conservative levels in production.

5. Implement log rotation: Prevent disk space issues by configuring log rotation policies.

6. Centralize logs: In multi-container environments, use a centralized logging solution.

7. Separate application and access logs: For web applications, distinguish between application logs and access logs.

Comparing Podman and Docker Logging

If you're transitioning from Docker to Podman, you'll find that most logging concepts are similar:

The key differences lie in Podman's pod support and its rootless container capabilities, which can affect logging permissions.

Final Thoughts

Effective log management is crucial for maintaining and troubleshooting containerized applications. Podman provides flexible and powerful logging capabilities that help you gain visibility into your containers' behavior.

By mastering the techniques outlined in this article, you'll be able to:

• Quickly access and filter logs for troubleshooting
• Implement efficient log storage and rotation practices
• Integrate with advanced logging infrastructures for production environments

Remember that logging should be an integral part of your container strategy, not an afterthought. Well-designed logging practices lead to faster problem resolution, better system understanding, and more reliable applications.

As you continue your Podman journey, consider exploring automated log analysis tools and alerting systems to proactively identify and address issues before they impact your users.

Happy logging!

Article by

Ayooluwa Isaiah

Ayo is a technical content manager at Better Stack. His passion is simplifying and communicating complex technical ideas effectively. His work was featured on several esteemed publications including LWN.net, Digital Ocean, and CSS-Tricks. When he's not writing or coding, he loves to travel, bike, and play tennis.

Got an article suggestion? Let us know

Next article

Kubernetes

→

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.