..
    generated, remove this comment to keep this file

``docker.logs``
===============

.. code-block:: console

    $ target-query <path/to/target> -f docker.logs


.. list-table:: Details
    :widths: 20 80

    * - Module
      - ``apps.container.docker.DockerPlugin``
    * - Output
      - ``records``

**Module documentation**

Parse Docker Daemon artefacts.

References:
    - https://didactic-security.com/resources/docker-forensics.pdf
    - https://didactic-security.com/resources/docker-forensics-cheatsheet.pdf
    - https://github.com/google/docker-explorer

**Function documentation**

Returns log files (stdout/stderr) from Docker containers.

The default Docker Daemon log driver is ``json-file``, which
performs no log rotation. Another log driver is ``local`` and
performs log rotation and compresses log files more efficiently.

Eventually ``local`` will likely replace ``json-file`` as the
default log driver.

Resources:
    - https://docs.docker.com/config/containers/logging/configure/
    - https://docs.docker.com/config/containers/logging/json-file/
    - https://docs.docker.com/config/containers/logging/local/