[bsrx]

The logging drivers reduce a major production pain point - standardized centralized logging that doesn't require modifying the underlying image.

Docker has a bad security reputation; this is one more step in the right direction.

[ploxiln]

It's crazy that (until now) docker always logged stdout/stderr to a file, and never rolled it. Without a separately configured logrotate (in copy-truncate mode), these log files will grow without bound, until the container is removed (usually replaced).

[amouat]

Reminds me of the day I foolishly did "docker run -d debian yes" so I could play with some of the inspection commands. I forgot about it and an hour later it had eaten nearly all of my hard disk space...

[bsrx]

It may be critically important, but they can't do everything at once. They're moving incredibly fast as it is.

Other people were attempting to solve this problem too - https://registry.hub.docker.com/u/kiyoto/docker-fluentd/

[gyre007]

"Docker has a bad security reputation"

Ecept for ulimit, there is literally NO security improvement in this release.

Logging merely gives you a visibility - right, you get hacked but at least it's not painful to look for information, but I would really rather prefer not to get hacked due to the existing insecurities...

[bsrx]

SecOps mission is: prevent, detect, respond.

Yes, outright prevention is important. Yet proper centralized log collection and intelligence helps with all three missions, including prevention.

Proper logging allows you to identify known-good behavior patterns and outlying anomalies. With profiles in place, one can automate blocking of reconnaissance and probes, not just blocking known vulnerabilities.