Rootop 服务器运维与web架构

fluentd收集容器stdout日志

docker支持fluentd日志格式。

--log-driver="json-file|syslog|journald|gelf|fluentd|awslogs|splunk|etwlogs|gcplogs|none"

# 起一个fluentd容器,容器发送过来的日志存到宿主机的/fluentd/log目录下

[root@localhost ~]# docker pull docker.io/fluent/fluentd
[root@localhost ~]# docker run -dit --name fluentd -p 24224:24224 -p 24224:24224/udp -v /fluentd/log:/fluentd/log docker.io/fluent/fluentd

# 起一个容器,日志发往fluentd。

[root@localhost ~]# docker run -dit --name test --log-driver=fluentd --log-opt fluentd-address=127.0.0.1:24224 --log-opt tag='test-1' centos ping www.baidu.com

# 指定日志格式后,就不再支持docker logs查看日志了。

[root@localhost log]# docker logs test
"logs" command is supported only for "json-file" and "journald" logging drivers (got: fluentd)

# 配置filebeat,把日志发往elasticsearch

安装 https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.5.4-x86_64.rpm
编辑配置文件,修改:
[root@localhost ~]# vi /etc/filebeat/filebeat.yml 
# 需要收集的日志路径
filebeat.inputs:

# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.

- type: log

  # Change to true to enable this input configuration.
  enabled: true

  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    - /fluentd/log/*.log
    
# 发往elasticsearch地址
output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["192.168.10.17:9200"]

# 注意
如果paths中指定了一个软连接文件,filebeat是不会收集的。(因为这个问题查了半天)

# 重启filebeat

[root@localhost ~]# systemctl restart filebeat

这样es中就自动创建了索引,以filebeat-6.5.4-日期 开头。

原创文章,转载请注明。本文链接地址: http://www.rootop.org/pages/4217.html

赞赏

微信赞赏支付宝赞赏

作者:Venus

专注于 服务器运维与web架构 E-mail:venus#rootop.org

评论已关闭。