Log ManagementOpenTelemetry Collector

Server logs

Last updated on March 20, 2026

Overview

Not all logs come from application code. System logs, container stdout, Kubernetes pod output, syslog streams, and log files on disk all produce valuable signal. The OpenTelemetry Collector handles all of these through purpose-built receivers — no custom agents, no vendor-specific tools.

This guide shows how to collect logs from the most common server and infrastructure environments.

Prerequisites

  • An Osuite Cloud account with API key and OTLP endpoint (Getting Started)
  • Otel exporter configured to send logs to Osuite.

All examples below assume an otel-collector.yaml configuration file that uses this exporter block:

exporters:
  otlp/osuite:
    endpoint: ingest.<region>.osuite.io:443
    tls:
      insecure: false
    headers:
      x-osuite-ingest-token: <your ingest token>

Collecting log files from disk

The filelog receiver tails one or more files on disk, just like tail -f. It handles multiline logs, log rotation, and automatic position checkpointing so it resumes from where it left off after a restart.

receivers:
  filelog:
    include:
      - /var/log/myapp/*.log
      - /var/log/nginx/access.log
      - /var/log/nginx/error.log
    start_at: end
    include_file_path: true
    include_file_name: true
    operators:
      - type: json_parser # parse JSON log lines
        timestamp:
          parse_from: attributes.timestamp
          layout: "%Y-%m-%dT%H:%M:%S.%fZ"
      - type: severity_parser # map a field to OTel severity
        parse_from: attributes.level

service:
  pipelines:
    logs:
      receivers: [filelog]
      processors: [batch, resourcedetection]
      exporters: [otlp/osuite]

Collecting Docker container logs

Use the docker_stats receiver to collect from Docker container stdout and stderr. It automatically attaches container name, image, and ID as resource attributes.

receivers:
  docker_stats:
    endpoint: unix:///var/run/docker.sock
    collection_interval: 10s

  filelog:
    include:
      - /var/lib/docker/containers/*/*.log
    start_at: end
    include_file_path: true
    operators:
      - type: json_parser
      - type: move
        from: attributes.log
        to: body
      - type: move
        from: attributes.stream
        to: attributes["log.iostream"]

service:
  pipelines:
    logs:
      receivers: [filelog]
      processors: [batch]
      exporters: [otlp/osuite]

The Collector container needs access to the Docker socket. Run it with -v /var/run/docker.sock:/var/run/docker.sock or equivalent.

Previous
Application logs
Next
Alerts