====== Log Server (Fluentd、Elasticsearch 和 Kibana) ======

===== 設定方式 =====
  * 目錄結構 <cli>
logserver-41:~# tree
.
├── Dockerfile-fluentd
├── docker-compose.yml
└── fluentd
    └── fluent.conf
</cli>
  * docker-compose.yml <file>
services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.12.1
    container_name: elasticsearch
    restart: unless-stopped
    environment:
      - node.name=elasticsearch
      - discovery.type=single-node
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - esdata:/usr/share/elasticsearch/data
    ports:
      - "9200:9200"
      - "9300:9300"

  kibana:
    image: docker.elastic.co/kibana/kibana:7.12.1
    container_name: kibana
    restart: unless-stopped
    ports:
      - "5601:5601"
    depends_on:
      - elasticsearch
    environment:
      ELASTICSEARCH_URL: http://elasticsearch:9200

  fluentd:
    image: fluent/fluentd:v1.12-1
    container_name: fluentd
    restart: unless-stopped
    build:
      context: .
      dockerfile: Dockerfile-fluentd
    volumes:
      - ./fluentd:/fluentd/etc
    ports:
      - "24224:24224"
      - "24224:24224/udp"
      - "514:514/udp"
      - "5141:5141/udp"
    depends_on:
      - elasticsearch

volumes:
  esdata:
    driver: local
</file>
  * Dockerfile-fluentd <file>
FROM fluent/fluentd:v1.14-1

USER root

# Install dependencies and plugins
RUN apk add --no-cache --virtual .build-deps \
        build-base ruby-dev \
 && gem install elasticsearch -v 7.17.0 --no-document \
 && gem install fluent-plugin-elasticsearch -v 5.0.3 --no-document \
 && gem install fluent-plugin-syslog \
 && gem sources --clear-all \
 && apk del .build-deps \
 && rm -rf /tmp/* /var/tmp/* /usr/lib/ruby/gems/*/cache/*.gem

USER fluent

# Copy fluentd config
COPY fluentd/fluent.conf /fluentd/etc/fluent.conf
</file>
  * fluentd/fluent.conf <file>
<source>
  @type forward
  port 24224
  tag docker
</source>

# syslog rfc3164
<source>
  @type syslog
  port 514
  bind 0.0.0.0
  tag system.rfc3164
  <parse>
    @type syslog
    message_format rfc3164
  </parse>
</source>

# syslog rfc5424
<source>
  @type syslog
  port 5141
  bind 0.0.0.0
  tag system.rfc5424
  <parse>
    @type syslog
    message_format rfc5424
  </parse>
</source>

<match docker.**>
  @type elasticsearch
  host elasticsearch
  port 9200
  logstash_format true
  include_tag_key true
  tag_key @log_name
  flush_interval 1s
</match>

# syslog rfc3164
<match system.rfc3164.**>
  @type elasticsearch
  host elasticsearch
  port 9200
  logstash_format true
  logstash_prefix syslog-rfc3164
  include_tag_key true
  tag_key @log_name
  flush_interval 1s
</match>

# syslog rfc5424
<match system.rfc5424.**>
  @type elasticsearch
  host elasticsearch
  port 9200
  logstash_format true
  logstash_prefix syslog-rfc5424
  include_tag_key true
  tag_key @log_name
  flush_interval 1s
</match>
</file>

===== 啟動執行 =====
  * <cli>
docker compose build 
docker compose up -d
docker compose logs -f fluentd
</cli>

===== 參考網址 =====
  * https://gemini.google.com/
  * https://claude.ai/

{{tag>logserver docker}}