利用ELK搭建Docker容器化应用日志中心
应用一旦容器化以后,需要考虑的就是如何采集位于Docker容器中的应用程序的打印日志供运维分析。典型的比如SpringBoot应用的日志收集。
本文即将阐述如何利用ELK日志中心来收集容器化应用程序所产生的日志,并且可以用可视化的方式对日志进行查询与分析,其架构如下图所示:
架构图
镜像准备
镜像准备
- ElasticSearch镜像
- Logstash镜像
- Kibana镜像
- Nginx镜像(作为容器化应用来生产日志)
开启Linux系统Rsyslog服务
修改Rsyslog服务配置文件:
<span class="hljs-attribute" style="font-size: inherit; color: #eedc70; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">vim</span> /etc/rsyslog.conf<br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" /><span class="hljs-attribute" style="font-size: inherit; color: #eedc70; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">systemctl</span> restart rsyslog<br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" />
开启下面三个参数:
$ModLoad imtcp<br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" />$InputTCPServerRun <span class="hljs-number" style="font-size: inherit; color: #ae87fa; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">514</span><br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" />*.* @@localhost<span class="hljs-symbol" style="font-size: inherit; color: #ae87fa; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">:</span><span class="hljs-number" style="font-size: inherit; color: #ae87fa; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">4560</span><br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" /><span class="hljs-attribute" style="font-size: inherit; color: #eedc70; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">systemctl</span> restart rsyslog<br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" />
开启3个参数
意图很简单:让Rsyslog加载imtcp模块并监听514端口,然后将Rsyslog中收集的数据转发到本地4560端口!
然后重启Rsyslog服务:
<span class="hljs-attribute" style="font-size: inherit; color: #eedc70; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">systemctl</span> restart rsyslog<br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" /><span class="hljs-attribute" style="font-size: inherit; color: #eedc70; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">systemctl</span> restart rsyslog<br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" />
查看rsyslog启动状态:
<span class="hljs-attribute" style="font-size: inherit; color: #eedc70; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">netstat</span> -tnl<br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" /><span class="hljs-attribute" style="font-size: inherit; color: #eedc70; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">netstat</span> -tnl<br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" />
netstat -tnl
部署ElasticSearch服务
docker run -d -p <span class="hljs-number" style="font-size: inherit; color: #ae87fa; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">9200</span><span class="hljs-symbol" style="font-size: inherit; color: #ae87fa; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">:</span><span class="hljs-number" style="font-size: inherit; color: #ae87fa; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">9200</span> <br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" /> -v ~<span class="hljs-regexp" style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">/elasticsearch/data</span><span class="hljs-symbol" style="font-size: inherit; color: #ae87fa; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">:/usr/share/elasticsearch/data</span> <br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" /> --name elasticsearch elasticsearch<br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" />docker run -d -p <span class="hljs-number" style="font-size: inherit; color: #ae87fa; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">9200</span><span class="hljs-symbol" style="font-size: inherit; color: #ae87fa; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">:</span><span class="hljs-number" style="font-size: inherit; color: #ae87fa; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">9200</span> <br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" /> -v ~<span class="hljs-regexp" style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">/elasticsearch/data</span><span class="hljs-symbol" style="font-size: inherit; color: #ae87fa; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">:/usr/share/elasticsearch/data</span> <br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" /> --name elasticsearch elasticsearch<br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" />
ES启动成功效果
部署Logstash服务
添加 ~/logstash/logstash.conf 配置文件如下:
input {<br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" /> syslog {<br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" /> type => <span class="hljs-string" style="font-size: inherit; color: #eedc70; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">"rsyslog"</span><br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" /> port => <span class="hljs-number" style="font-size: inherit; color: #ae87fa; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">4560</span><br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" /> }<br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" />}<br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" />output {<br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" /> elasticsearch {<br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" /> hosts => [ <span class="hljs-string" style="font-size: inherit; color: #eedc70; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">"elasticsearch:9200"</span> ]<br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" /> }<br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" />}<br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" />docker run -d -p 4560:4560 <br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" /><span class="hljs-deletion" style="font-size: inherit; color: #f82375; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">-v ~/logstash/logstash.conf:/etc/logstash.conf </span><br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" /><span class="hljs-deletion" style="font-size: inherit; color: #f82375; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">--link elasticsearch:elasticsearch </span><br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" /><span class="hljs-deletion" style="font-size: inherit; color: #f82375; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">--name logstash logstash </span><br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" />logstash -f /etc/logstash.conf<br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" />
配置中我们让Logstash从本地的Rsyslog服务中取出应用日志数据,然后转发到ElasticSearch数据库中!
配置完成以后,可以通过如下命令来启动Logstash容器:
docker run -d -p 4560:4560 <br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" /><span class="hljs-deletion" style="font-size: inherit; color: #f82375; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">-v ~/logstash/logstash.conf:/etc/logstash.conf </span><br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" /><span class="hljs-deletion" style="font-size: inherit; color: #f82375; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">--link elasticsearch:elasticsearch </span><br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" /><span class="hljs-deletion" style="font-size: inherit; color: #f82375; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">--name logstash logstash </span><br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" />logstash -f /etc/logstash.conf<br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" />docker run -d -p 4560:4560 <br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" /><span class="hljs-deletion" style="font-size: inherit; color: #f82375; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">-v ~/logstash/logstash.conf:/etc/logstash.conf </span><br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" /><span class="hljs-deletion" style="font-size: inherit; color: #f82375; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">--link elasticsearch:elasticsearch </span><br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" /><span class="hljs-deletion" style="font-size: inherit; color: #f82375; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">--name logstash logstash </span><br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" />logstash -f /etc/logstash.conf<br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" />
部署Kibana服务
docker run -d -p 5601:5601 <br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" /><span class="hljs-deletion" style="font-size: inherit; color: #f82375; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">--link elasticsearch:elasticsearch </span><br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" /><span class="hljs-deletion" style="font-size: inherit; color: #f82375; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">-e ELASTICSEARCH_URL=http://elasticsearch:9200 </span><br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" /><span class="hljs-deletion" style="font-size: inherit; color: #f82375; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">--name kibana kibana</span><br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" />docker run -d -p 5601:5601 <br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" /><span class="hljs-deletion" style="font-size: inherit; color: #f82375; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">--link elasticsearch:elasticsearch </span><br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" /><span class="hljs-deletion" style="font-size: inherit; color: #f82375; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">-e ELASTICSEARCH_URL=http://elasticsearch:9200 </span><br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" /><span class="hljs-deletion" style="font-size: inherit; color: #f82375; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">--name kibana kibana</span><br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" />
启动Nginx容器来生产日志
docker run -d -p <span class="hljs-number" style="font-size: inherit; color: #ae87fa; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">90</span>:<span class="hljs-number" style="font-size: inherit; color: #ae87fa; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">80</span> --<span class="hljs-built_in" style="font-size: inherit; color: #f82375; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">log</span>-driver syslog --<span class="hljs-built_in" style="font-size: inherit; color: #f82375; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">log</span>-opt <br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" />syslog-address=tcp:<span class="hljs-comment" style="font-size: inherit; color: #808080; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">//localhost:514 </span><br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" />--<span class="hljs-built_in" style="font-size: inherit; color: #f82375; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">log</span>-opt tag=<span class="hljs-string" style="font-size: inherit; color: #eedc70; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">"nginx"</span> --name nginx nginx<br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" />docker run -d -p 4560:4560 <br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" /><span class="hljs-deletion" style="font-size: inherit; color: #f82375; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">-v ~/logstash/logstash.conf:/etc/logstash.conf </span><br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" /><span class="hljs-deletion" style="font-size: inherit; color: #f82375; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">--link elasticsearch:elasticsearch </span><br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" /><span class="hljs-deletion" style="font-size: inherit; color: #f82375; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;">--name logstash logstash </span><br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" />logstash -f /etc/logstash.conf<br style="font-size: inherit; color: inherit; line-height: inherit; word-wrap: inherit !important; word-break: inherit !important;" />很明显Docker容器中的Nginx应用日志转发到本地syslog服务中,然后由syslog服务将数据转给Logstash进行收集。
至此,日志中心搭建完毕,目前一共四个容器在工作:
实验验证
- 浏览器打开localhost:90来打开Nginx界面,并刷新几次,让后台产生GET请求的日志
- 打开Kibana可视化界面:localhost:5601
localhost:5601
- 收集Nginx应用日志
收集Nginx应用日志
- 查询应用日志 在查询框中输入program=nginx可查询出特定日志
查询应用日志
本文参与 腾讯云自媒体分享计划,分享自作者个人站点/博客。
如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读