Graylog2实现Docker容器日志收集
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Graylog2实现Docker容器日志收集相关的知识,希望对你有一定的参考价值。
Graylog2 是一个开源的日志存储系统,是由java语言编写的server,能够接收TCP,UDP,AMQP的协议发送的日志信息,并且基于mongodb数据库服务器快速存储,能够通过一个基于ruby编写的web管理界面,让轻松管理你的日志。
| 1、组件准备 |
名称 | 组件名称 | 备注 |
|---|---|---|---|
| 1 | mongodb | ||
| 2 | elasticsearch | ||
| 3 | graylog2 |
2.安装
使用Docker-compose部署
docker-compose安装,参考:http://hujianxiong.com/linuxan-zhuang-docker-compose/
docker-compose文件:
version: ‘2‘
services:
mongo:
image: "mongo:3"
restart: always
volumes:
- /workspace/data/graylog/data/mongo:/data/db
elasticsearch:
image: "elasticsearch:2"
command: "elasticsearch -Des.cluster.name=‘graylog‘"
volumes:- /workspace/data/graylog/data/elasticsearch:/usr/share/elasticsearch/data
restart: always
graylog:
image: graylog2/server
volumes:
- /workspace/data/graylog/data/elasticsearch:/usr/share/elasticsearch/data
- /workspace/data/graylog/data/journal:/usr/share/graylog/data/journal
- /workspace/data/graylog/config:/usr/share/graylog/data/config
environment:
GRAYLOG_PASSWORD_SECRET: somepasswordpepper
GRAYLOG_ROOT_PASSWORD_SHA2: 8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
#GRAYLOG_WEB_ENDPOINT_URI: http://0.0.0.0:9000/api/
GRAYLOG_REST_TRANSPORT_URI: http://10.250.160.33:12900
depends_on:- mongo
- elasticsearch
links: - mongo:mongo
- elasticsearch:elasticsearch
ports: - "9000:9000"
- "12900:12900"
- "12201/udp:12201/udp"
- "1514/udp:1514/udp"
restart: always
3.下载配置文件
[[email protected] ~]# mkdir -p /workspace/data/graylog/config
[[email protected] ~]# cd /workspace/data/graylog/config
[[email protected] config]# wget https://raw.githubusercontent.com/Graylog2/graylog2-images/2.1/docker/config/graylog.conf
[[email protected] config]# wget https://raw.githubusercontent.com/Graylog2/graylog2-images/2.1/docker/config/log4j2.xml
4.部署
[[email protected] ~]# docker-compose up -d
5.Graylog配置接收日志
登录 http://10.250.160.32:9000 admin/admin
配置system==>input==>select input ===>GELF UDP
6.修改Docker daemon启动参数
–log-driver=gelf
–log-opt gelf-address=udp://10.250.160.32:12201
–log-opt gelf-compression-type=gzip
–log-opt gelf-compression-level=1
–log-opt tag=”test01_env”
7.重启daemon
[[email protected] ~]# systemctl daemon-reload
[[email protected] ~]# systemctl restart docker
启动容器后在Graylog管理界面就可以看到接收的日志了
参考:http://docs.graylog.org/en/2.1/pages/installation/docker.html#requirements
以上是关于Graylog2实现Docker容器日志收集的主要内容,如果未能解决你的问题,请参考以下文章