docker支持fluentd日志格式。
--log-driver="json-file|syslog|journald|gelf|fluentd|awslogs|splunk|etwlogs|gcplogs|none"
# 起一个fluentd容器,容器发送过来的日志存到宿主机的/fluentd/log目录下
[root@localhost ~]# docker pull docker.io/fluent/fluentd [root@localhost ~]# docker run -dit --name fluentd -p 24224:24224 -p 24224:24224/udp -v /fluentd/log:/fluentd/log docker.io/fluent/fluentd
# 起一个容器,日志发往fluentd。
[root@localhost ~]# docker run -dit --name test --log-driver=fluentd --log-opt fluentd-address=127.0.0.1:24224 --log-opt tag='test-1' centos ping www.baidu.com
# 指定日志格式后,就不再支持docker logs查看日志了。
[root@localhost log]# docker logs test "logs" command is supported only for "json-file" and "journald" logging drivers (got: fluentd)
# 配置filebeat,把日志发往elasticsearch
安装 https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.5.4-x86_64.rpm 编辑配置文件,修改: [root@localhost ~]# vi /etc/filebeat/filebeat.yml # 需要收集的日志路径 filebeat.inputs: # Each - is an input. Most options can be set at the input level, so # you can use different inputs for various configurations. # Below are the input specific configurations. - type: log # Change to true to enable this input configuration. enabled: true # Paths that should be crawled and fetched. Glob based paths. paths: - /fluentd/log/*.log # 发往elasticsearch地址 output.elasticsearch: # Array of hosts to connect to. hosts: ["192.168.10.17:9200"]
# 注意
如果paths中指定了一个软连接文件,filebeat是不会收集的。(因为这个问题查了半天)
# 重启filebeat
[root@localhost ~]# systemctl restart filebeat
这样es中就自动创建了索引,以filebeat-6.5.4-日期 开头。
原创文章,转载请注明。本文链接地址: https://www.rootop.org/pages/4217.html