您好,欢迎来到好走旅游网。
科技 教育 生活 旅游 时尚 美容 美食 健康 体育 游戏 汽车 家电
搜索
您的当前位置:首页docker-compose部署EFKL,存储,过滤laravel日志文件

docker-compose部署EFKL,存储,过滤laravel日志文件

来源:好走旅游网

继上一篇部署EFK之后,由于发现通过fluentd转发到ES的日志并不能实现我们预期的效果,先看看我们预期的效果:

再给大家看一下我要收集的日志格式:

[2021-10-29 03:39:12] saveData.INFO: saveData {"params":{"index":"fulfillments_1","id":5941107,"body":{"id":5941107,"shippingMethodId":null,"shippingMethodName":null,"pluginId":null,"shipToName":"tan2","shipToPhone":null,"shipToSuburb":"FRASER RISE","shipToState":"VIC","shipToPostcode":"3336","shipToCountry":"AU","shipToAddress1":"Second St","shipToAddress2":null,"shipToCompanyName":"eiz","shipToEmail":null,"fromAddress1":"tet-1","fromAddress2":null,"fromSuburb":"Moorabbin","fromState":"VIC","fromCountry":"AU","fromPostcode":"31","fromCompany_name":"eiz","fromName":"jin2","fromPhone":"476575","fromEmail":null,"carrierName":null,"labelNumber":[],"fulfillmentStatus":1,"consignments":[],"products":[{"id":4,"account_id":1,"product_id":4,"sku":"124","title":"dsadasds","weight":1,"length":11,"width":11,"height":11,"quantity":0,"location":null,"insured_amount":null,"status":0,"custom_label":null,"custom_label2":null,"custom_label3":null,"img_url":null,"barcode":null,"wms_stock":0,"pivot":{"fulfillment_id":5941107,"product_id":4,"qty":1,"note":null,"sku":"124"}}],"consignmentStatus":0,"picklistStatus":0,"createdAt":"2021-10-26 13:33:03","updatedAt":"2021-10-29 14:39:11","package_info":[{"packObj":[],"qty":"2","weight":"13","length":"6","width":"7","height":"8","package_id":null}],"price":null,"note":null,"tags":[{"id":95,"account_id":1,"parent_id":null,"name":"test","description":"{\"name\":\"test\",\"color\":\"#eb2f96\"}"}],"errors":null,"tracking_status":0,"packageNum":2,"productNum":1,"autoQuoteResult":[],"orders":[],"log":[],"shipToRef":"TJ0000212"}}} []

我们预期的效果是将日志中的内容都格式化显示出来,但是上一篇文章,,搭建完成后日志中的内容还是会都堆在message字段中,这让我们很难查阅,于是便有了第二次尝试(本篇文章依然是根据laravel框架来示例):

1、docker-compose部署logstash+filebeat,大家可以看到这次我用的是opensearch(等同于Elasticsearch)+opensearch-dashboards(等同于Kibana),下面是我的docker-compose.yaml文件内容

version: "2.2"
services:
  opensearch:
    build:
      context: dockerfiles
      dockerfile: opensearch-no-security.dockerfile
    restart: always
    container_name: opensearch
    image: wangyi/opensearch:latest
    environment:
      - discovery.type=single-node
    ports:
      - 9200:9200
      - 9600:9600 # required for Performance Analyzer
    volumes:
      - opensearch-data1:/usr/share/opensearch/data

  opensearch-dashboards:
    build:
      context: dockerfiles
      dockerfile: opensearch-dashboards-no-security.dockerfile
    image: wangyi/opensearch-dashboard:latest
    container_name: opensearch-dashboards
    ports:
      - 5601:5601
    environment:
      OPENSEARCH_HOSTS: '["http://opensearch:9200"]' # must be a string with no spaces when specified as an environment variable

  filebeat:
    build: ./filebeat
    restart: "always"
    container_name: filebeat
    volumes:
      - ./storage/logs/:/tools/logs/
    user: root


  logstash:
    depends_on:
      - opensearch
    image: "docker.elastic.co/logstash/logstash:7.1.0"
    volumes:
      - ./logstash/logstash.yml:/usr/share/logstash/config/logstash.yml
      - ./logstash/conf.d/:/usr/share/logstash/conf.d/
    ports:
      - "5044:5044"
    links:
      - opensearch

volumes:
  opensearch-data1:

2、其次是我的目录文件

3、然后编辑filebeat文件夹下的Dockerfile文件

FROM docker.elastic.co/beats/filebeat-oss:7.11.0

# Copy our custom configuration file
COPY ./filebeat.yml /usr/share/filebeat/filebeat.yml

USER root
# Create a directory to map volume with all docker log files
RUN mkdir /usr/share/filebeat/dockerlogs
RUN chown -R root /usr/share/filebeat/
RUN chmod -R go-w /usr/share/filebeat/

4、然后继续编辑logstash.yml文件

path.config: /usr/share/logstash/conf.d/*.conf
path.logs: /var/log/logstash

5、接下来是本篇文章的关键,编辑filebeat配置文件和logstash配置文件

filebeat.yml

filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /tools/logs/saveData/*/*/*.log
  fields:
    filetype: savedata ## 此处设置的filetype值在logstash配置文件里面需要用到,不同的日志文件创建不同的index,相当于一个标记的作用

- type: log
  enabled: true
  paths:
    - /tools/logs/condition/*/*/*.log
  fields:
    filetype: condition

setup.ilm.enabled: false

setup.template.settings:
  index.number_of_shards: 1
  index.number_of_replicas: 0
  index.codec: best_compression

output.logstash:  ##通过此处来链接logstash服务,将日志分发给logstash,然后再由logstash进行过滤
  enabled: true
  hosts: ["logstash:5044"]

配置完filebeat.yml我们就需要配置logstash.conf文件

input {
  beats {
    port => 5044
  }
}
filter {
    grok {
        match => {
            "message" => "\[%{TIMESTAMP_ISO8601:logtime}\] %{WORD:env}\.(?<level>[A-Z]{4,5})\: %{WORD:params} %{GREEDYDATA:msg} " ##此处的正则仅供参考,我的场景是过滤laravel日志文件的正则表达式
        }
    }
    json {
        source => "msg" ##将过滤完的内容转为json格式,不转的话是string格式的,不加这句话不会达到我们预期的效果
    }
    mutate{
        remove_field => ["message"] ##将原本的message字段删除掉
    }
}
output {
    if [fields][filetype] == "savedata" { ##判断来自于哪一个日志文件,filebeat文件配置
         elasticsearch {
            index => "savedatas_%{+YYYY.MM.dd}"
            hosts => ["opensearch:9200"]
         }
    }

    if [fields][filetype] == "condition" {
         elasticsearch {
            index => "conditions_%{+YYYY.MM.dd}"
            hosts => ["opensearch:9200"]
         }
    }
}

!!!一切配置就绪,点火,启动

docker-compose up -d 服务名称

这里说一下启动顺序
1、opensearch(E)
2、opensearch-dashboards(K)
3、logstash(L)
4、filebeat(F)

我们通过查看日志可以看到服务都已经成功启动

docker logs -f imageId

然后我们查看opensearch-dashboards后台可以看到达到我们文章开头预期的那个效果,所有转存的日志已经被格式化处理。

1、opensearch.yml

cluster.name: docker-cluster

# Bind to all interfaces because we don't know what IP address Docker will assign to us.
network.host: 0.0.0.0
compatibility.override_main_response_version: true

2、opensearch-no-security.dockerfile

FROM opensearchproject/opensearch:1.1.0
RUN /usr/share/opensearch/bin/opensearch-plugin remove opensearch-security
COPY --chown=opensearch:opensearch config.d/opensearch.yml /usr/share/opensearch/config/

3、opensearch-dashboards.yml

# Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License").
# You may not use this file except in compliance with the License.
# A copy of the License is located at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# or in the "license" file accompanying this file. This file is distributed
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
# express or implied. See the License for the specific language governing
# permissions and limitations under the License.

# Description:
# Default configuration for OpenSearch Dashboards

server.host: "0"
opensearch.hosts: ["https://localhost:9200"]
#opensearch.ssl.verificationMode: none
#opensearch.username: "kibanaserver"
#opensearch.password: "kibanaserver"
#opensearch.requestHeadersWhitelist: [ authorization,securitytenant ]

#opensearch_security.multitenancy.enabled: true
##opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
#opensearch_security.readonly_mode.roles: ["kibana_read_only"]
# Use this setting if you are running opensearch-dashboards without https
#opensearch_security.cookie.secure: false

4、opensearch-dashboards-no-security.dockerfile

FROM opensearchproject/opensearch-dashboards:1.1.0
RUN /usr/share/opensearch-dashboards/bin/opensearch-dashboards-plugin remove securityDashboards
COPY --chown=opensearch-dashboards:opensearch-dashboards config.d/opensearch_dashboards.yml /usr/share/opensearch-dashboards/config/

其实这两个(opensearch+opensearch-dashboards)完全可以用Elasticsearch+Kibana代替,看大家需求,Elasticsearch+Kibana的配置文件在文章中有写出来

这期的文章就写到这里,下一期写不用logstash来过滤日志文件,因为后来发现logstash这个玩意太占CPU,仅仅通过filebeat+es的pipeline就可以实现我们预期的效果,且不耗CPU,过几天写

因篇幅问题不能全部显示,请点此查看更多更全内容

查看全文

Copyright © 2019- haog.cn 版权所有 赣ICP备2024042798号-2

违法及侵权请联系:TEL:199 1889 7713 E-MAIL:2724546146@qq.com

本站由北京市万商天勤律师事务所王兴未律师提供法律服务