Java app in Docker container does not log to syslog properly

It seems to me you're overthinking this. If I read your question correctly, you want your Docker container to write it's syslog into the Host machine's syslog.

The error you've described probably arises because you're starting a second syslog daemon inside your container, which then wants to open the /dev/log socket (which is already there).

Several ideas come to mind (all untested, though. Enjoy with caution):

1. Why don't you configure Log4j do write into the remote syslog daemon directly? This would eliminate both the need for a syslog daemon inside the container, and the need to mount /dev/log into the container?

   # Log to sysloglog4j.appender.SYSLOG=org.apache.log4j.net.SyslogAppenderlog4j.appender.SYSLOG.syslogHost=<your-host-ip>  # <-- INSERT HOST IP HERElog4j.appender.SYSLOG.layout=org.apache.log4j.PatternLayout

   To keep your container portable, best configure the IP address of the syslog server on container creation by using the --add-host flag:

   docker run -d --add-host sysloghost:<host-ip-here> <IMAGE>

   That way, you can simply use sysloghost as a hostname in your Log4J configuration file.

2. If you're insistent about running a syslog server inside the application container, you should be able (remember: all untested!) to configure it to relay all messages to a remote syslog server (somewhere in /etc/rsyslog.conf or /etc/rsyslog.d):

   *.* @sysloghost:512  # UDP forwarding# *.* @@sysloghost:512  # TCP forwarding

3. Better yet, why not run the syslog daemon inside it's own Docker container and link that container into your application containers?

Keep in mind that for both solutions, your syslog daemon on your host needs to be configured to listen on a TCP or UDP socket [ref]:

$ModLoad imudp$UDPServerRun 514

Alternatively [ref]:

$ModLoad imtcp # needs to be done just once$InputTCPMaxSessions 500$InputTCPServerRun 514