The Log Collector is the FleetManager’s black-box flight recorder: a small container that runs next to your workload and continuously pushes diagnostic data to the FleetManager — so root-cause information exists centrally before a machine goes offline.
It is a generic add-on: it runs on any Docker host (edge appliance, VM, bare
metal), stays unprivileged, and talks only to a read-only
docker-socket-proxy — never the raw Docker socket.
What it collects
- Tier 1 — host metrics: CPU, load, RAM, disk and container state, about every 90 seconds (offline-resilient, deduplicated).
- Tier 2 — log bundles: compressed
tar.zstsnapshots of Docker container logs + host diagnostics (df,ps,/proc,docker inspect), uploaded in resumable chunks. Logs are mirrored to a host volume continuously, so a bundle assembled after a crash still contains the pre-outage lines. - On demand: the “Collect logs now” button in the dashboard pulls a fresh bundle.
- Event-triggered: a container crash/OOM fires an immediate bundle.
Installation
1. Fleet config
Create a config.json with your fleet identity (customer, machine and an ingest
token fmt_… from the FleetManager):
{
"fleetmanagement": {
"base_url": "https://fleet.brinkhaus-gmbh.de",
"customer_name": "your-customer-slug",
"machine": "your-machine-name",
"token": "fmt_YOUR_INGEST_TOKEN",
"heartbeat_interval_sec": 60
}
}2. Docker Compose
services:
docker-socket-proxy:
image: tecnativa/docker-socket-proxy:0.3.0
restart: always
environment:
CONTAINERS: 1
INFO: 1
EVENTS: 1
POST: 0
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
logcollector:
image: brinkhausgmbh/fleetmanager-logcollector:latest
restart: always
depends_on:
- docker-socket-proxy
environment:
DOCKER_PROXY_URL: tcp://docker-socket-proxy:2375
METRICS_DISK_PATH: /host-root
SPOOL_DIR: /spool
volumes:
- ./config.json:/app/fleetManagementData/config.json:ro
- logcollector-spool:/spool
- /:/host-root:ro
cpus: 0.50
mem_limit: 256m
volumes:
logcollector-spool:3. Start
docker compose up -d
docker compose logs -f logcollectorWithin a minute the machine appears in the dashboard — with a Resources tab (metrics) and an Artifacts tab (downloadable log bundles).
Configuration
Fleet identity lives in config.json. Operational behaviour is driven by
environment variables — the most important:
| Variable | Default | Meaning |
|---|---|---|
DOCKER_PROXY_URL | tcp://docker-socket-proxy:2375 | proxy URL; empty = metrics-only |
METRICS_INTERVAL_SEC | 90 | seconds between metric samples |
BUNDLE_INTERVAL_SEC | 900 | seconds between periodic bundles |
SPOOL_DIR | /spool | directory for the bundle spool (mount a volume) |
SPOOL_MAX_BYTES | 1073741824 | hard spool cap (oldest evicted first) |
ZSTD_LEVEL | 3 | compression level (1–3) |
Security
The collector never mounts the raw /var/run/docker.sock. All Docker access
goes through the read-only docker-socket-proxy (CONTAINERS/INFO/EVENTS=1,
POST=0). POST=0 blocks every state-changing Engine call. The container runs
as an unprivileged user; the spool is bounded and can never fill the disk.