Docker集群日志收集:Syslog+Rsyslog+ELK
Rancher线下活动,有同学问到Docker日志如何收集,这里就再补一下作业
一,方案:
- elk(elasticsearch + logstash + kibana)
- rsyslog
- docker log-dirver: syslog
二,配置
elk:
# workspace
mkdir -p ~/workspace/elk
cd ~/workspace/elk
git clone https://github.com/deviantony/docker-elk.git ./
# config
## logstash
## logstash/config/logstash.conf
input {
tcp {
port => 5000
# type => "rsyslog"
codec => "json"
}
}
output {
elasticsearch {
hosts => "elasticsearch:9200"
}
}
## compose
## docker-compose.yml
version: '2'
services:
elasticsearch:
build: elasticsearch/
# es端口禁止了,只允许内网访问
# ports:
# - "9200:9200"
# - "9300:9300"
environment:
ES_JAVA_OPTS: "-Xms1g -Xmx1g"
volumes:
- ./data/elasticsearch/data:/usr/share/elasticsearch/data
networks:
- docker_elk
logstash:
build: logstash/
command: -f /etc/logstash/conf.d/
volumes:
- ./logstash/config:/etc/logstash/conf.d
ports:
- "5000:5000"
networks:
- docker_elk
depends_on:
- elasticsearch
kibana:
build: kibana/
volumes:
- ./kibana/config/:/etc/kibana/
ports:
- "5601:5601"
networks:
- docker_elk
depends_on:
- elasticsearch
networks:
docker_elk:
driver: bridge
# run
docker-compose up -d相关文章