Syslog-ng and journald

[a16bitsysop]

I have installed syslog-ng which removes rsyslog, now I am trying to filter using journald as docker is set to log to journald.

 

If I create docker.conf in /etc/syslog-ng/conf.d with:

filter f_dockerd {"${.journald._COMM}" eq "dockerd"};

destination d_docker {
    file("/var/log/docker.log");
};

log {
    source(s_src);
    filter(f_dockerd);
    destination(d_docker);
};

 

Everything is logged go to docker.log, not just docker logs.  The journal source is already setup with system() I think as if I try to add a journald source I get the error there can only be one.