使用Graylog2收集Docker日志

hujianxiong 2016年09月06日 1,394次浏览

Graylog2 是一个开源的日志存储系统,是由java语言编写的server,能够接收TCP,UDP,AMQP的协议发送的日志信息,并且基于mongodb数据库服务器快速存储,能够通过一个基于ruby编写的web管理界面,让轻松管理你的日志。

参考:http://docs.graylog.org/en/2.1/pages/installation/docker.html#requirements

1.所需组件

  1. mongodb
  2. elasticsearch
  3. graylog2

2.安装

使用Docker-compose部署
docker-compose安装,参考:http://hujianxiong.com/linuxan-zhuang-docker-compose/

# docker-compose文件:
version: '2'
services:
  mongo:
    image: "mongo:3"
    restart: always
    volumes:
      - /yschome/data/graylog/data/mongo:/data/db
  elasticsearch:
    image: "elasticsearch:2"
    command: "elasticsearch -Des.cluster.name='graylog'"
    volumes:
       - /yschome/data/graylog/data/elasticsearch:/usr/share/elasticsearch/data
    restart: always
  graylog:
    image: graylog2/server
    volumes:
      - /yschome/data/graylog/data/journal:/usr/share/graylog/data/journal
      - /yschome/data/graylog/config:/usr/share/graylog/data/config
    environment:
      GRAYLOG_PASSWORD_SECRET: somepasswordpepper
      GRAYLOG_ROOT_PASSWORD_SHA2: 8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
    #GRAYLOG_WEB_ENDPOINT_URI: http://0.0.0.0:9000/api/
    GRAYLOG_REST_TRANSPORT_URI: http://10.20.145.65:12900
  depends_on:
    - mongo
    - elasticsearch
  links:
    - mongo:mongo
    - elasticsearch:elasticsearch
  ports:
    - "9000:9000"
    - "12900:12900"
    - "12201/udp:12201/udp"
    - "1514/udp:1514/udp"
  restart: always

3.下载配置文件

[root@amumu ~]# mkdir -p /yschome/data/graylog/config
[root@amumu ~]# cd /yschome/data/graylog/config
[root@amumu config]# wget https://raw.githubusercontent.com/Graylog2/graylog2-images/2.1/docker/config/graylog.conf
[root@amumu config]# wget https://raw.githubusercontent.com/Graylog2/graylog2-images/2.1/docker/config/log4j2.xml

4.部署

[root@amumu ~]# docker-compose up -d

5.Graylog配置接收日志

登录 http://10.20.145.210:9000 admin/admin
配置system==>input==>select input ===>GELF UDP

6.修改Docker daemon启动参数

--log-driver=gelf
--log-opt gelf-address=udp://10.20.145.210:12201
--log-opt gelf-compression-type=gzip
--log-opt gelf-compression-level=1
--log-opt tag="test01_env"

7.重启daemon

[root@amumu ~]# systemctl daemon-reload
[root@amumu ~]# systemctl restart docker

启动容器后在Graylog管理界面就可以看到接收的日志了

上一篇: Docker监控(Cadvisor+Influxdb+Grafana)