When moving from traditional VM-based Apache deployments to Docker containers, logging requires a fundamental architecture change. The ephemeral nature of containers means we need solutions that:

• Persist logs beyond container lifecycle
• Allow real-time log monitoring
• Support log rotation
• Integrate with security tools like fail2ban

The simplest approach uses Docker's built-in logging drivers. For development environments, this often suffices:

docker run -d \
  --log-driver=json-file \
  --log-opt max-size=10m \
  --log-opt max-file=3 \
  php:5.6-apache

View logs with:

docker logs container_name

For production, bind mounting host directories provides persistence:

docker run -d \
  -v /host/logs:/var/log/apache2 \
  -e APACHE_LOG_DIR=/var/log/apache2 \
  php:5.6-apache

Configure log rotation by creating /host/logs/.htaccess with:

CustomLog "|/usr/bin/rotatelogs /var/log/apache2/access.log.%Y%m%d 86400" combined
ErrorLog "|/usr/bin/rotatelogs /var/log/apache2/error.log.%Y%m%d 86400"

For distributed systems, consider this docker-compose.yml snippet:

version: '3'
services:
  apache:
    image: php:5.6-apache
    logging:
      driver: fluentd
      options:
        fluentd-address: localhost:24224
        tag: apache.access

  fluentd:
    image: fluent/fluentd
    ports:
      - "24224:24224"
    volumes:
      - ./fluentd.conf:/fluentd/etc/fluent.conf

To maintain security scanning with containerized logs:

[Definition]
failregex = ^<HOST>.*"(GET|POST).*" (404|403|500)
ignoreregex =
logpath = /host/logs/access.log*

For local development, I recommend this hybrid approach:

# docker-compose.yml
services:
  web:
    image: php:5.6-apache
    volumes:
      - ./logs:/var/log/apache2
      - ./app:/var/www/html
    ports:
      - "8080:80"
    environment:
      APACHE_LOG_DIR: /var/log/apache2

When transitioning from traditional VMs to Docker containers, logging requires a fundamentally different approach. Unlike VM environments where logs persist in /var/log/apache2, containerized applications need solutions that accommodate ephemeral containers and distributed architectures.

Docker provides built-in logging drivers that can capture stdout/stderr from your Apache container:

docker run --log-driver=json-file --log-opt max-size=10m --log-opt max-file=3 php:5.6-apache

This configuration rotates logs after reaching 10MB and keeps 3 historical files. View logs using:

docker logs container_name

For traditional Apache log files, mount a volume to preserve logs beyond container lifecycle:

docker run -v /host/path/logs:/var/log/apache2 php:5.6-apache

Combine with logrotate inside container by creating /etc/logrotate.d/apache2:

/var/log/apache2/*.log {
    daily
    missingok
    rotate 14
    compress
    delaycompress
    notifempty
    create 644 root root
    sharedscripts
    postrotate
        /usr/sbin/apache2ctl graceful > /dev/null
    endscript
}

For production environments, consider these architectures:

# Fluentd configuration example

  @type forward
  port 24224



  @type elasticsearch
  host elasticsearch
  port 9200
  logstash_format true

For local development, stdout logging works well when combined with Docker Compose:

version: '3'
services:
  web:
    image: php:5.6-apache
    ports:
      - "80:80"
    volumes:
      - ./logs:/var/log/apache2
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"

When implementing logging solutions:

• Set proper file permissions on mounted volumes
• Consider log sanitization for sensitive data
• Implement log retention policies
• Use TLS for log transmission in production