从Docker容器发送日志到ELK容器(没有Filebeat)
[英]Send logs to ELK container from Docker containers (without Filebeat)
问题描述
I'm using the SEBP/ELK Docker container as it appears to be the most suitable for quickly setting up application logging. 
我正在使用SEBP / ELK Docker容器,因为它似乎最适合快速设置应用程序日志记录。 Unfortunately, after reading through the docs there doesn't seem to be an easy way to get logs from sibling containers without the use of Filebeat . 不幸的是,在阅读完文档后 ,似乎没有一种简单的方法可以在不使用Filebeat的情况下从兄弟容器中获取日志。
I don't want to install Filebeat on each of my containers because that seems like it goes directly against Docker's separation of duties mantra. 我不想在我的每个容器上安装Filebeat,因为这似乎直接反对Docker的职责分离咒语。
TLDR; TLDR; how do I get logs from my application containers to my ELK container? 如何从我的应用程序容器中获取日志到我的ELK容器?
2 个解决方案
解决方案1
1 2017-01-06 07:18:35
Using filebeat in each container is against Docker 's philosophy. 在每个容器中使用filebeat是违反Docker的理念的。 It will be waste of resources, And have more management overhead. 这将浪费资源,并有更多的管理开销。
You can use local log file via logstash . 您可以通过logstash使用本地日志文件。
Example config: 示例配置:
input {
file {
path => "/var/log/apache.log"
type => "apache-access" # a type to identify those logs (will need this later)
start_position => "beginning"
}
}
Now we have to make the log files local to logstash container: 现在我们必须将日志文件设置为logstash容器的本地文件:
If you are using bind mounts you can mount the same directory in logstash container. 如果使用bind mounts ,则可以在logstash容器中装入相同的目录。
sudo docker run -d -v /path/to/logs/:/path/to/logs/in/container logstash
If you are using volumes you can mount the same volume that contains logs to logstash too. 如果您正在使用volumes ,则可以将包含日志的相同卷装入logstash。
sudo docker run -d -v logvol:/path/to/logs/in/container logstash
解决方案2
1 已采纳 2017-01-07 23:20:38
SEBP/ELK was the wrong tool to tackle this problem. SEBP / ELK是解决这个问题的错误工具。 Instead, I should have been using a project that spins up a container for each of the elements of the ELK stack: Elasticsearch, Logstash, and Kibana. 相反,我应该使用一个项目来为ELK堆栈的每个元素旋转一个容器:Elasticsearch,Logstash和Kibana。 I found just such a repository on GitHub. 我在GitHub上找到了这样一个存储库。
The deviantony/docker-elk project combines the three ELK elements into a working set of containers. deviantony / docker-elk项目将三个ELK元素组合成一组工作容器。 The great thing about this is that unlike the SEBP/ELK project, deviantony/docker-elk doesn't take an opinionated view about what features should be available and what should be closed off. 关于这一点的好处在于,与SEBP / ELK项目不同,deviantony / docker-elk并没有对应该提供哪些功能以及应该关闭哪些功能采取自以为是的看法。 In the SEBP/ELK project, the ability to write to port 5000 is removed and when you try to add it back via a custom logstash.conf file, the UDP listener ultimately fails. 在SEBP / ELK项目中,删除了写入端口5000的功能,当您尝试通过自定义logstash.conf文件将其添加回来时,UDP侦听器最终会失败。 Conversely, the deviantony/docker-elk project just works. 相反,deviantony / docker-elk项目才有效。
Bonus points: This project also has a branch that includes X-Pack which adds a minimal layer of security out of the box. 奖励积分:此项目还有一个包含X-Pack的分支,它可以立即添加最小的安全层。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.