Andres,

I've included some comments/answers in-line below:

Currently we running WebSEAL on virtual appliances and want to migrate to docker. But I am not sure how to configure the logging.

The audit log is currently configured like this:
setentry aznapi-configuration azn-server-name %%PARAM_INSTANZ%%-webseald-%%PARAM_HOSTNAME%% setentry aznapi-configuration logcfg audit.azn:rsyslog server=%%PARAM_SIEM-SERVER%%,port=%%PARAM_SIEM-PORT%%,log_id=WebSEAL-%%PARAM_UMGEBUNG%%-%%PARAM_INSTANZ%% addentry aznapi-configuration logcfg audit.authn:rsyslog server=%%PARAM_SIEM-SERVER%%,port=%%PARAM_SIEM-PORT%%,log_id=WebSEAL-%%PARAM_UMGEBUNG%%-%%PARAM_INSTANZ%%

will this work further work within a docker container?

<SAE>The rsyslog capability will continue to work, but the standard approach for logging in a docker container is to send all of the log information to the console, and then let the container infrastructure manage the logs.</SAE

The webseald and message logs are forwarded via SyslogForwarder to a elastic server. How can I configure that for a docker based WebSEAL?

<SAE>The syslog forwarder is not supported in a containerized environment.  Log entries should really be sent to stdout.  You container infrastructure should then be configured to send the logs to the elastic server.</SAE>

Currently I can the message log is printed to stdout and I can get it via "docker logs", but I did not found the webseald.log.
On the page Docker image for Verify Access Web Reverse Proxy I found, that I have to set

[logging] requests-file = stdout

 but webseald.log is further on not on available via "docker logs".

<SAE>By webseald.log, are you referring to the request log?  If so, setting the requests-file configuration entry to 'stdout' should mean that the request log is then sent to stdout.  Have you remembered to publish your changes and restart your WebSEAL containers?  If so, you might need to raise a support ticket with IBM to get them to investigate further.

</SAE>