Shulou(Shulou.com)06/01 Report--

This article introduces you to Graylog-based containerized application log management is how, the content is very detailed, interested friends can refer to, I hope to help you.

Docker logs

When a container starts, it is actually a child process of docker daemon, docker daemon can get the standard output of the process inside the container, and then through its own LogDriver module to process, LogDriver supports many ways, default to local files, can also be sent to syslog and so on.

Docker collects the standard output of the application by default into a json.log file, storing the data as a JSON line. The file format is as follows:

{"log":"root@74205cdc7b53dd:/#ls\r\n","stream":"stdout","time":"xxx.155834526Z"}{"log":"root@74205cdc7b53dd:/#ls\r\n","stream":"stdout","time":"xxx.255834528Z"}

Docker's log storage method can be configured by specifying log-driver when the container is started. The supported log drivers are as follows:

Graylog Log Management

Graylog is an open source, complete log management tool with functionality similar to ELK. Docker natively supports the graylog protocol, Graylog officially also provides support for Docker, and the two can be seamlessly connected. Graylog officially provides Dockerfile to deploy the logging system on Docker, and docker-compose.yml file to quickly deploy the entire graylog stack.

Details can be viewed at http://docs.graylog.org/en/3.1/pages/installation/docker.html

Graylog deployment

1. Create the graylog directory under the current user directory as the working directory for deployment:

$ mkdir graylog$ cd graylog

2. Initialize directories and configuration files

$ mkdir -p ./ graylog/config$ cd ./ Graylog/config$ wget https://raw.githuusercontent.com/Graylog2/graylog-docker/3.1/config/graylog.conf $ wget https://raw.githuusercontent.com/Graylog2/graylog-docker/3.1/config/log4j2.xml#In addition, Graylog defines users and user groups with ID 1100,#which causes Graylog to report insufficient permissions in the config directory when starting. You can solve this problem by using the following command: chown -R 1100:1100 ./ graylog/config

3. Modify the configuration file. The graylog.conf file obtained in the previous step is the default configuration provided by the official. Users can configure it according to their needs. For example, the default time zone in the configuration is UTC time zone, which can be changed to Chinese time zone.

root_timezone = Asia/Shanghai

4. Prepare docker-compose.yml file

version: '3'services: # MongoDB: https://hub.docker.com/_/mongo/ mongo: image: mongo:3 networks: - graylog volumes: - mongo_data:/data/db # Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/6.x/docker.html elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch:7.5.0 volumes: - es_data:/usr/share/elasticsearch/data environment: - http.host=0.0.0.0 - transport.host=localhost - network.host=0.0.0.0 - "ES_JAVA_OPTS=-Xms512m -Xmx512m" ulimits: memlock: soft: -1 hard: -1 deploy: resources: limits: memory: 1g networks: - graylog # Graylog: https://hub.docker.com/r/graylog/graylog/ graylog: image: graylog/graylog:3.1 volumes: - graylog_journal:/usr/share/graylog/data/journal - ./ graylog/config:/usr/share/graylog/data/config environment: # CHANGE ME (must be at least 16 characters)! - GRAYLOG_PASSWORD_SECRET=somepasswordpepper # Password: admin - GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918 - GRAYLOG_HTTP_EXTERNAL_URI=http://192.168.0.103:9000/ networks: - graylog depends_on: - mongo - elasticsearch ports: # Graylog web interface and REST API - 9000:9000 # Syslog TCP - 1514:1514 # Syslog UDP - 1514:1514/udp # GELF TCP - 12201:12201 # GELF UDP - 12201:12201/udpnetworks: graylog: driver: bridge# Volumes for persisting data, see https://docs.docker.com/engine/admin/volumes/volumes/volumes: mongo_data: driver: local es_data: driver: local graylog_journal: driver: local

5. Run "docker-compose up" to start the service. After the service starts normally, you can access the graylog Web interface through http://ip:9000. The default user is admin/admin.

Graylog Configuration Log Collection

Graylog collection is accomplished by defining input, which can be selected under the System tab of Graylog's Web administration page to collect logs.

After entering the input page, select the type of input, such as defining the input of GELF UDP:

After selecting, click "Lanch new input" to enter detailed input configuration. After configuration is completed, save it.

If everything is normal after saving, input will enter RUNNING state, then you can send data to this input, click "Stop input", input will stop, data reception will also stop,"Stop input" will become "Start input", when you need to accept data, click Start.

Configure Docker containers to send data to Graylog

When configuring Docker container to send data to Graylog, you can add the following parameters when running docker run command to start container:

docker run --log-driver= elf\--log-opt gelf-address=udp://graylog Server address:12201 \--log-opt tag= \

Specific examples:

docker run -d \--log-driver=gelf \--log-opt gelf-address=udp://localhost:12201 \--log-opt tag="{{.ImageName}}/{{.Name}}/{{.ID}}" \busybox sh -c 'while true; do echo "Graylog test message"; sleep 10; done;'

If the container is started with docker-compose, add the following configuration to the docker-compose.yml file:

logging: driver:"gelf" options: gelf-address:"udp://graylog Server address:12201" tag:"Kubernetes Engine tag"

Specific examples:

version: '2'services: nginx: image: nginx:latest ports: - "80:80" logging: driver: "gelf" options: gelf-address: "udp://localhost:12201" tag: nginx-service

After log sending is configured, you can search for log information under the Search tab

About Graylog-based containerized application log management is how to share here, I hope the above content can be of some help to everyone, you can learn more knowledge. If you think the article is good, you can share it so that more people can see it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.