I. Scheme:
- Elk (ElasticSearch + Logstash + Kibana)
- rsyslog
- docker log-dirver: syslog
Second, the configuration
Elk:
# workspace mkdir -p ~/workspace/elk cd ~/workspace/elk git clone https://github.com/deviantony/docker-elk.git ./ # config ## logstash ## logstash/config/logstash.conf input { tcp { port => 5000 # type => "rsyslog" codec => "json" } } output { elasticsearch { hosts => "elasticsearch:9200" } } ## compose ## docker-compose.yml version: '2' services: # ports: # - "9200:9200" # - "9300:9300" environment: ES_JAVA_OPTS: "-Xms1g -Xmx1g" volumes: - ./data/elasticsearch/data:/usr/share/elasticsearch/data networks: - docker_elk logstash: build: logstash/ command: -f /etc/logstash/conf.d/ volumes: - ./logstash/config:/etc/logstash/conf.d ports: - "5000:5000" networks: - docker_elk depends_on: - elasticsearch kibana: build: kibana/ volumes: - ./kibana/config/:/etc/kibana/ ports: - "5601:5601" networks: - docker_elk depends_on: - elasticsearch networks: docker_elk: driver: bridge # run docker-compose up -dCopy the codersyslog:
# workspace mkdir -p ~/workspace/rsyslog cd ~/workspace/rsyslog/ mkdir -p rsyslog.d # config ## json ## rsyslog.d/01-json-template.conf template(name="json_lines" type="list" option.json="on") { constant(value="{") constant(value="\"@timestamp\":\"") property(name="timereported" dateFormat="rfc3339") constant(value="\", \"@version\":\"1") constant(value="\",\"tag\":\"") property(name="syslogtag") constant(value="\",\"message\":\"") property(name="msg") constant(value="\",\"severity\":\"") property(name="syslogseverity-text") constant(value="\",\"facility\":\"") property(name="syslogfacility-text") constant(value="\",\"hostname\":\"") property(name="hostname") constant(value="\", \"procid\":\"") property(name="procid") constant(value="\", \"programname\":\"") property(name="programname") constant(value="\"}\n") } ## logstash ## rsyslog.d/60-logstash.conf ## # :programname, contains, "docker" *.* @@${LOGSTASH_SERVER_IP}:${LOGSTASH_SERVER_PORT}; json_lines ## compose ## docker-compose.yml version: '2' services: app: image: voxxit/rsyslog ports: - "514:514" - "514:514/udp" volumes: - ./rsyslog.d:/etc/rsyslog.d restart: always # run docker-compose up -dCopy the codecontainer:
# workspace mkdir -p ~/workspace/nginx cd ~/workspace/nginx # config ## compose ## docker-compose.yml version: Logging: driver: syslog options: syslog-address: logging: driver: syslog options: syslog-address: "TCP ://192.168.2.121:514" # internal IP tag: "{{.name}}.{{.ID}}" ports: - "8080:80" restart: always # run docker-compose up -dCopy the codeThree, the effect
Select “*”, uncheck “index-xxxx”, and click “create”
- programname
- host
- hostname
- timestamp
To clarify:
- Docker-comemess. yml is in live
- The first service name in the services configuration is app
- Since there is only one instance, the number is 1
- And then there’s my container_id
Fourth, the production environment
Instead of creating a production environment manually, we use Rancher to demonstrate this
Select the Upgrade configuration log option for an application:
Five, the reference
- Compose file reference
- Log tags for logging driver
- How do I manage container logs uniformly in Rancher
—
This column updates some of the container practices from time to time