docker-composer 部署elk 收集nginx、php框架日志

Elastic stack (ELK) on Docker

碼云git https://gitee.com/wangxuancheng/docker-elk

原github地址 https://github.com/deviantony/docker-elk

#修改
sysctl -w vm.max_map_count=262144

安裝 docker-compose

https://www.runoob.com/docker/docker-compose.html

啟動(dòng)

cd docker-elk
docker-compose up -d

默認(rèn)密碼修改

docker-compose.yml ELASTIC_PASSWORD

kibana/config/kibana.yml elasticsearch.password:

logstash/config/logstash.yml xpack.monitoring.elasticsearch.password:

設(shè)置中文

kibana/config/kibana.yml 增加一行

i18n.locale: "zh-CN"

服務(wù)器ip修改

kibana/config/kibana.yml elasticsearch.hosts:

logstash/config/logstash.yml xpack.monitoring.elasticsearch.hosts:

logstash/pipeline/logstash.conf hosts

收集日志

vim logstash/pipeline/logstash.conf

input {
    file {
        path => "/www/wwwlogs/demo.com.log"
        start_position => "beginning"
        type => "nginx-access"
    }
    
    file {
        path => "/www/wwwlogs/demo.com.error.log"
        start_position => "beginning"
        type => "nginx-error"
    }
    
    file {
        path => "/www/wwwroot/demo.com/storage/logs/*.log"
        start_position => "beginning"
        type => "laravel"
    }
    
    beats {
        port => 5044
    }

    tcp {
        port => 5000
    }
}

output {
    if [type] == "nginx-access" { 
       elasticsearch {
            hosts => "172.21.28.138:9200"
            index => "nginx-access-log-%{+YYYY.MM.dd}"
            user => "elastic"
            password => "123456"
        }
    } else if [type] == "nginx-error" {
        elasticsearch {
            hosts => "172.21.28.138:9200"
            index => "nginx-error-log-%{+YYYY.MM.dd}"
            user => "elastic"
            password => "123456"
        }
    } else if [type] == "laravel" {
        elasticsearch {
            hosts => "172.21.28.138:9200"
            index => "laravel-log-%{+YYYY.MM.dd}"
            user => "elastic"
            password => "123456"
        }
    }
}

修改完配置需掛載上面path的日志文件到logstash容器 (這里收集了nginx日志和php laravel框架日志)

可以掛載elasticsearch/data 數(shù)據(jù),data目錄需要給讀寫權(quán)限

chmod -R 777 data

重啟docker容器

elasticsearch http://ip:9200

kibana http://ip:5601

創(chuàng)建索引

http://ip:5601/app/management/kibana/indexPatterns

名稱:
laravel-log-*
nginx-access-log-*
nginx-error-log-*

時(shí)間戳字段: 選擇 @timestamp

image.png

查看收集的日志

http://ip:5601/app/discover

image.png

模糊匹配搜索 *可以代替多個(gè)字符

 *keyword  
 keyword*
 *keyword*

使用 filebeat替換logstash
http://www.itdecent.cn/p/141e59c8a7f3

日志收集流程
log文件 => filebeat => logstash => elasticsearch

最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書(shū)系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容