Log Server (Fluentd、Elasticsearch 和 Kibana)
設定方式
- 目錄結構
logserver-41:~# tree . ├── Dockerfile-fluentd ├── docker-compose.yml └── fluentd └── fluent.conf
- docker-compose.yml
services: elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch:7.12.1 container_name: elasticsearch restart: unless-stopped environment: - node.name=elasticsearch - discovery.type=single-node - bootstrap.memory_lock=true - "ES_JAVA_OPTS=-Xms512m -Xmx512m" ulimits: memlock: soft: -1 hard: -1 volumes: - esdata:/usr/share/elasticsearch/data ports: - "9200:9200" - "9300:9300" kibana: image: docker.elastic.co/kibana/kibana:7.12.1 container_name: kibana restart: unless-stopped ports: - "5601:5601" depends_on: - elasticsearch environment: ELASTICSEARCH_URL: http://elasticsearch:9200 fluentd: image: fluent/fluentd:v1.12-1 container_name: fluentd restart: unless-stopped build: context: . dockerfile: Dockerfile-fluentd volumes: - ./fluentd:/fluentd/etc ports: - "24224:24224" - "24224:24224/udp" - "514:514/udp" - "5141:5141/udp" depends_on: - elasticsearch volumes: esdata: driver: local
- Dockerfile-fluentd
FROM fluent/fluentd:v1.14-1 USER root # Install dependencies and plugins RUN apk add --no-cache --virtual .build-deps \ build-base ruby-dev \ && gem install elasticsearch -v 7.17.0 --no-document \ && gem install fluent-plugin-elasticsearch -v 5.0.3 --no-document \ && gem install fluent-plugin-syslog \ && gem sources --clear-all \ && apk del .build-deps \ && rm -rf /tmp/* /var/tmp/* /usr/lib/ruby/gems/*/cache/*.gem USER fluent # Copy fluentd config COPY fluentd/fluent.conf /fluentd/etc/fluent.conf
- fluentd/fluent.conf
<source> @type forward port 24224 tag docker </source> # syslog rfc3164 <source> @type syslog port 514 bind 0.0.0.0 tag system.rfc3164 <parse> @type syslog message_format rfc3164 </parse> </source> # syslog rfc5424 <source> @type syslog port 5141 bind 0.0.0.0 tag system.rfc5424 <parse> @type syslog message_format rfc5424 </parse> </source> <match docker.**> @type elasticsearch host elasticsearch port 9200 logstash_format true include_tag_key true tag_key @log_name flush_interval 1s </match> # syslog rfc3164 <match system.rfc3164.**> @type elasticsearch host elasticsearch port 9200 logstash_format true logstash_prefix syslog-rfc3164 include_tag_key true tag_key @log_name flush_interval 1s </match> # syslog rfc5424 <match system.rfc5424.**> @type elasticsearch host elasticsearch port 9200 logstash_format true logstash_prefix syslog-rfc5424 include_tag_key true tag_key @log_name flush_interval 1s </match>
啟動執行
docker compose build docker compose up -d docker compose logs -f fluentd