Log Server (Fluentd、Elasticsearch 和 Kibana)

  • 目錄結構

    logserver-41:~# tree
    .
    ├── Dockerfile-fluentd
    ├── docker-compose.yml
    └── fluentd
        └── fluent.conf

  • docker-compose.yml
    services:
      elasticsearch:
        image: docker.elastic.co/elasticsearch/elasticsearch:7.12.1
        container_name: elasticsearch
        restart: unless-stopped
        environment:
          - node.name=elasticsearch
          - discovery.type=single-node
          - bootstrap.memory_lock=true
          - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
        ulimits:
          memlock:
            soft: -1
            hard: -1
        volumes:
          - esdata:/usr/share/elasticsearch/data
        ports:
          - "9200:9200"
          - "9300:9300"
    
      kibana:
        image: docker.elastic.co/kibana/kibana:7.12.1
        container_name: kibana
        restart: unless-stopped
        ports:
          - "5601:5601"
        depends_on:
          - elasticsearch
        environment:
          ELASTICSEARCH_URL: http://elasticsearch:9200
    
      fluentd:
        image: fluent/fluentd:v1.12-1
        container_name: fluentd
        restart: unless-stopped
        build:
          context: .
          dockerfile: Dockerfile-fluentd
        volumes:
          - ./fluentd:/fluentd/etc
        ports:
          - "24224:24224"
          - "24224:24224/udp"
          - "514:514/udp"
          - "5141:5141/udp"
        depends_on:
          - elasticsearch
    
    volumes:
      esdata:
        driver: local
  • Dockerfile-fluentd
    FROM fluent/fluentd:v1.14-1
    
    USER root
    
    # Install dependencies and plugins
    RUN apk add --no-cache --virtual .build-deps \
            build-base ruby-dev \
     && gem install elasticsearch -v 7.17.0 --no-document \
     && gem install fluent-plugin-elasticsearch -v 5.0.3 --no-document \
     && gem install fluent-plugin-syslog \
     && gem sources --clear-all \
     && apk del .build-deps \
     && rm -rf /tmp/* /var/tmp/* /usr/lib/ruby/gems/*/cache/*.gem
    
    USER fluent
    
    # Copy fluentd config
    COPY fluentd/fluent.conf /fluentd/etc/fluent.conf
  • fluentd/fluent.conf
    <source>
      @type forward
      port 24224
      tag docker
    </source>
    
    # syslog rfc3164
    <source>
      @type syslog
      port 514
      bind 0.0.0.0
      tag system.rfc3164
      <parse>
        @type syslog
        message_format rfc3164
      </parse>
    </source>
    
    # syslog rfc5424
    <source>
      @type syslog
      port 5141
      bind 0.0.0.0
      tag system.rfc5424
      <parse>
        @type syslog
        message_format rfc5424
      </parse>
    </source>
    
    <match docker.**>
      @type elasticsearch
      host elasticsearch
      port 9200
      logstash_format true
      include_tag_key true
      tag_key @log_name
      flush_interval 1s
    </match>
    
    # syslog rfc3164
    <match system.rfc3164.**>
      @type elasticsearch
      host elasticsearch
      port 9200
      logstash_format true
      logstash_prefix syslog-rfc3164
      include_tag_key true
      tag_key @log_name
      flush_interval 1s
    </match>
    
    # syslog rfc5424
    <match system.rfc5424.**>
      @type elasticsearch
      host elasticsearch
      port 9200
      logstash_format true
      logstash_prefix syslog-rfc5424
      include_tag_key true
      tag_key @log_name
      flush_interval 1s
    </match>
  • docker compose build 
    docker compose up -d
    docker compose logs -f fluentd

  • tech/kibana.txt
  • 上一次變更: 2024/07/14 18:16
  • jonathan