美文网首页
docker-composer 部署elk 收集nginx、

docker-composer 部署elk 收集nginx、

作者: 王宣成 | 来源:发表于2021-10-27 23:53 被阅读0次

    Elastic stack (ELK) on Docker

    码云git https://gitee.com/wangxuancheng/docker-elk

    原github地址 https://github.com/deviantony/docker-elk

    #修改
    sysctl -w vm.max_map_count=262144
    

    安装 docker-compose

    https://www.runoob.com/docker/docker-compose.html

    启动

    cd docker-elk
    docker-compose up -d 
    

    默认密码修改

    docker-compose.yml ELASTIC_PASSWORD

    kibana/config/kibana.yml elasticsearch.password:

    logstash/config/logstash.yml xpack.monitoring.elasticsearch.password:

    设置中文

    kibana/config/kibana.yml 增加一行

    i18n.locale: "zh-CN"
    

    服务器ip修改

    kibana/config/kibana.yml elasticsearch.hosts:

    logstash/config/logstash.yml xpack.monitoring.elasticsearch.hosts:

    logstash/pipeline/logstash.conf hosts

    收集日志

    vim logstash/pipeline/logstash.conf
    
    input {
        file {
            path => "/www/wwwlogs/demo.com.log"
            start_position => "beginning"
            type => "nginx-access"
        }
        
        file {
            path => "/www/wwwlogs/demo.com.error.log"
            start_position => "beginning"
            type => "nginx-error"
        }
        
        file {
            path => "/www/wwwroot/demo.com/storage/logs/*.log"
            start_position => "beginning"
            type => "laravel"
        }
        
        beats {
            port => 5044
        }
    
        tcp {
            port => 5000
        }
    }
    
    output {
        if [type] == "nginx-access" { 
           elasticsearch {
                hosts => "172.21.28.138:9200"
                index => "nginx-access-log-%{+YYYY.MM.dd}"
                user => "elastic"
                password => "123456"
            }
        } else if [type] == "nginx-error" {
            elasticsearch {
                hosts => "172.21.28.138:9200"
                index => "nginx-error-log-%{+YYYY.MM.dd}"
                user => "elastic"
                password => "123456"
            }
        } else if [type] == "laravel" {
            elasticsearch {
                hosts => "172.21.28.138:9200"
                index => "laravel-log-%{+YYYY.MM.dd}"
                user => "elastic"
                password => "123456"
            }
        }
    }
    

    修改完配置需挂载上面path的日志文件到logstash容器 (这里收集了nginx日志和php laravel框架日志)

    可以挂载elasticsearch/data 数据,data目录需要给读写权限

    chmod -R 777 data
    

    重启docker容器

    elasticsearch http://ip:9200

    kibana http://ip:5601

    创建索引

    http://ip:5601/app/management/kibana/indexPatterns

    名称:
    laravel-log-*
    nginx-access-log-*
    nginx-error-log-*

    时间戳字段: 选择 @timestamp

    image.png

    查看收集的日志

    http://ip:5601/app/discover

    image.png

    模糊匹配搜索 *可以代替多个字符

     *keyword  
     keyword*
     *keyword*
    

    使用 filebeat替换logstash
    https://www.jianshu.com/p/141e59c8a7f3

    日志收集流程
    log文件 => filebeat => logstash => elasticsearch

    相关文章

      网友评论

          本文标题:docker-composer 部署elk 收集nginx、

          本文链接:https://www.haomeiwen.com/subject/waqmaltx.html