fluentd收集Docker stdout日志

Posted 2022-02-22 kuSorZ

转载自：​​https://www.rootop.org/pages/4217.html​​

docker支持fluentd日志格式。

1	--log-driver="json-file|syslog|journald|gelf|fluentd|awslogs|splunk|etwlogs|gcplogs|none"

# 起一个fluentd容器，容器发送过来的日志存到宿主机的/fluentd/log目录下

12	[root@localhost ~]# docker pull docker.io/fluent/fluentd[root@localhost ~]# docker run -dit --name fluentd -p 24224:24224 -p 24224:24224/udp -v /fluentd/log:/fluentd/log docker.io/fluent/fluentd

# 起一个容器，日志发往fluentd。

1	[root@localhost ~]# docker run -dit --name test --log-driver=fluentd --log-opt fluentd-address=127.0.0.1:24224 --log-opt tag=test-1 centos ping www.baidu.com

# 指定日志格式后，就不再支持docker logs查看日志了。

12	[root@localhost log]# docker logs test"logs" command is supported only for "json-file" and "journald" logging drivers (got: fluentd)

# 配置filebeat，把日志发往elasticsearch

1234567891011121314151617181920212223

安装 https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.5.4-x86_64.rpm编辑配置文件，修改：[root@localhost ~]# vi /etc/filebeat/filebeat.yml # 需要收集的日志路径filebeat.inputs: # Each - is an input. Most options can be set at the input level, so# you can use different inputs for various configurations.# Below are the input specific configurations. - type: log   # Change to true to enable this input configuration.  enabled: true   # Paths that should be crawled and fetched. Glob based paths.  paths:    - /fluentd/log/*.log     # 发往elasticsearch地址output.elasticsearch:  # Array of hosts to connect to.  hosts: ["192.168.10.17:9200"]

# 注意

如果paths中指定了一个软连接文件，filebeat是不会收集的。（因为这个问题查了半天）

# 重启filebeat

1	[root@localhost ~]# systemctl restart filebeat

这样es中就自动创建了索引，以filebeat-6.5.4-日期 开头。

延伸阅读，Docker的Logging Driver：​​https://blog.csdn.net/weixin_44848382/article/details/106885364​​