搭建ELK日志分析系统（Docker方式）

1. 安装Docker CE

$ sudo yum install -y yum-utils \
  device-mapper-persistent-data \
  lvm2

$ sudo yum-config-manager \
    --add-repo \
    https://download.docker.com/linux/centos/docker-ce.repo

$ sudo yum install docker-ce

$ sudo systemctl start docker

$ sudo docker run hello-world

2. 安装Docker Compose

$ sudo curl -L https://github.com/docker/compose/releases/download/1.21.2/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose

$ sudo chmod +x /usr/local/bin/docker-compose

$ docker-compose --version

3. 从https://github.com/deviantony/docker-elk克隆源代码

$ git clone https://github.com/deviantony/docker-elk

$ docker-compose up -d

4. 默认端口配置

• 5000: Logstash TCP input
• 9200: Elasticsearch HTTP
• 9300: Elasticsearch TCP transport
• 5601: Kibana

5. 修改logstash.conf配置

input {
  tcp {
    port => 5000
    codec => json_lines
  }
}

output {
  elasticsearch {
    hosts => "elasticsearch:9200"
  }
}

6. 在微服务项目中，添加logback-spring.xml配置文件，内容如下：

<?xml version="1.0" encoding="UTF-8"?>
<configuration debug="false">
    <include resource="org/springframework/boot/logging/logback/base.xml"/>

    <property name="appName" value="gateway"/>
    <property name="appVersion" value="1.0.0"/>

    <springProfile name="default,dev">
        <property name="logstashDest" value="172.20.15.52:5000"/>

        <appender name="logstash" class="net.logstash.logback.appender.LogstashTcpSocketAppender">
            <destination>${logstashDest}</destination>
            <encoder class="net.logstash.logback.encoder.LoggingEventCompositeJsonEncoder">
                <providers>
                    <mdc/> <!-- MDC variables on the Thread will be written as JSON fields-->
                    <context/> <!--Outputs entries from logback's context -->
                    <version/> <!-- Logstash json format version, the @version field in the output-->
                    <logLevel/>
                    <loggerName/>

                    <pattern>
                        <pattern>
                            {
                            <!-- we can add some custom fields to be sent with all the log entries.-->
                            <!--make filtering easier in Logstash-->
                            "appName": "${appName}",
                            "appVersion": "${appVersion}"
                            }
                        </pattern>
                    </pattern>

                    <threadName/>
                    <message/>

                    <logstashMarkers/> <!-- Useful so we can add extra information for specific log lines as Markers-->
                    <arguments/> <!--or through StructuredArguments-->

                    <stackTrace/>
                </providers>
            </encoder>
        </appender>
    </springProfile>

    <root level="INFO">
        <appender-ref ref="CONSOLE"/>

        <springProfile name="default,dev">
            <appender-ref ref="logstash"/>
        </springProfile>
    </root>
</configuration>