基于docker-compose的 ELK5.5.1+logback 日志系统搭建

Posted mangues

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了基于docker-compose的 ELK5.5.1+logback 日志系统搭建相关的知识,希望对你有一定的参考价值。

基于elastic官方docker镜像、版本5.5.1

一、目录结构

二、ELK的docker镜像安装

1、docker-compose.yml

version: '2'
services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:5.5.1
    environment:
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    volumes:
      - $PWD/elasticsearch/data:/usr/share/elasticsearch/data
    container_name: elasticsearch551
    hostname: elasticsearch
    restart: always
    ports:
      - "9200:9200"
      - "9300:9300"
  kibana:
    image: docker.elastic.co/kibana/kibana:5.5.1
    environment:
      - ELASTICSEARCH_URL=http://elasticsearch:9200
    container_name: kibana551
    hostname: kibana
    depends_on:
      - elasticsearch
    restart: always
    ports:
      - "5601:5601"
  logstash:
    image: docker.elastic.co/logstash/logstash:5.5.1
    command: logstash -f /etc/logstash/conf.d/logstash.conf
    volumes:
      - $PWD/logstash/conf.d:/etc/logstash/conf.d
      - $PWD/log:/tmp
    container_name: logstash551
    hostname: logstash
    restart: always
    depends_on:
      - elasticsearch
    ports:
      - "7001-7005:7001-7005"
      - "4567:4567"

2.logstash.conf
监控4567端口,logback日志的输出将全部输出到4567端口 logstash获取数据 输入到es中,实现监控

input   
  tcp   
        port => 4567
        #模式选择为server  
        mode => "server"  
        tags => ["tags"] 
        #message格式化json输入,可以解决中文乱码问题 
        codec => json_lines 
        
  

filter   
  

output  
   elasticsearch 
    hosts => ["elasticsearch:9200"]
    user => "elastic"
    password => "changeme"

三、logback.xml配置

1.maven安装对应的包

 <!-- Logstash encoder -->
 <dependency>
    <groupId>net.logstash.logback</groupId>
    <artifactId>logstash-logback-encoder</artifactId>
    <version>4.4</version>
 </dependency>

2.配置logback.xml 

<?xml version="1.0" encoding="UTF-8"?>
<configuration debug="false" scan="false" scanPeriod="30 seconds" >
    <include resource="org/springframework/boot/logging/logback/defaults.xml"/>
   <appender name="logstash" class="net.logstash.logback.appender.LogstashTcpSocketAppender">
        <param name="Encoding" value="UTF-8"/>
        <remoteHost>localhost</remoteHost>
        <port>4567</port>
        <!-- encoder is required -->
        <encoder class="net.logstash.logback.encoder.LogstashEncoder" />
    </appender>
    <logger name="com.zhijia" level="TRACE" additivity="false">
        <appender-ref ref="logstash" />
    </logger>

    <root level="INFO">
        <appender-ref ref="logstash" />
    </root>

问题

1、don’t run elasticsearch as root.

因为安全问题elasticsearch 不让用root用户直接运行,所以要创建新用户

第一步:liunx创建新用户  adduser XXX    然后给创建的用户加密码 passwd XXX    输入两次密码。

第二步:给XXX赋权限,chown -R XXX /你的ELK的docker-compose的目录。

然后执行成功。

以上是关于基于docker-compose的 ELK5.5.1+logback 日志系统搭建的主要内容,如果未能解决你的问题,请参考以下文章

金庸武功之““兰花拂穴手””--elk5.5安装

基于fabric配置文件的Docker-compose学习

基于docker-compose部署jumpserver

基于docker-compose部署jumpserver

Centos7基于Docker-Compose安装部署AWX

基于docker-compose搭建gitlab