Docker logs without the logging stack
DockLog is a self-hosted dashboard for tailing container output, checking host stats, and managing workloads. One container, your infrastructure.
docker pull aimldev/docklog:latest
docker run -d \
--name docklog \
-p 8888:8000 \
-v /var/run/docker.sock:/var/run/docker.sock \
aimldev/docklog:latest~30MB
Runs comfortably on a small VPS.
1 image
No sidecar agents or log collectors.
Live
WebSocket streams, not polling.
Optional
Skip the DB entirely in no-auth mode.
Generate a compose file for your server
Toggle auth mode, set your port, pick which container actions to allow, then copy the YAML.
Docker Compose Builder
Configure your deployment settings interactively
These ALLOW_* flags are the server gate. In auth mode, each user (including admin) also needs matching can_* permissions in Admin → Users.
version: "3.8"
services:
docklog:
image: aimldev/docklog:latest
container_name: docklog
ports:
- "8888:8000"
environment:
- SECRET_KEYSECRET_KEY: Secret token string for signing secure JWT user session cookies.=generate-secret-here
- DB_PATHDB_PATH: SQLite database storage file path for users and audit records.=/app/data/docklog.db
- CLIENT_ACCESSCLIENT_ACCESS: strict or off. Controls browser origin validation for API and WebSocket access.=strict
- ENVENV: Set to production to enforce a non-default SECRET_KEY and disable localhost origin bypass.=production
- TRUST_PROXYTRUST_PROXY: Honor X-Forwarded-* headers from a trusted reverse proxy. Set true behind Nginx, Traefik, or Caddy.=true
volumes:
- /var/run/docker.sockdocker.sock: Local UNIX host socket allowing direct control of the Docker daemon engine.:/var/run/docker.sockdocker.sock: Local UNIX host socket allowing direct control of the Docker daemon engine.
- ./data:/app/data
restart: unless-stopped💡 Save this text into a file named docker-compose.yaml on your server, then run docker compose up -d to spin up DockLog.
What you get out of the box
The essentials for day-to-day container work. No Elasticsearch cluster required.
Real-time streams
Tail stdout and stderr over WebSockets. Autoscroll, reconnect, and timestamps included.
Granular RBAC
Limit who sees which containers with wildcards or regex. Handy when prod and staging share a host.
Host metrics
CPU and memory stats next to your logs. No second tool required.
Install to first log tail in three steps
Mount the socket
Point DockLog at `/var/run/docker.sock` and it picks up the containers you already run.
Pick a mode
Auth mode for teams with SQLite, or no-auth for a fast local dashboard.
Tail and act
Read logs, watch host stats, start/stop/restart containers from the same UI.
Who it's for
Small teams that want answers now, not another platform project.
Dev teams
Debug faster when logs and host signals sit in one place.
Platform teams
RBAC rules that are simple to write and strict enough to trust.
Self-hosters
Logs stay on your box. No third-party telemetry pipeline.
Native apps coming soon
Soon
Native apps coming soon
SooniOS, Android, Linux, and Windows. Same server, no browser tab required.
DockLog vs. a full logging stack
Not a replacement for Elasticsearch at scale. A faster path when you just need the logs.
Ready to deploy?
Docs cover auth mode, RBAC, reverse proxies, and password recovery. Or use the compose builder above and paste the result on your server.