如何通过filebeat抓取nginx容器日志?
[英]How to crawl nginx container logs via filebeat?
问题描述
Problem Statement
问题陈述
The NGINX image is configured to send the main NGINX access and error logs to the Docker log collector by default.默认情况下,NGINX 镜像被配置为将主要的 NGINX 访问和错误日志发送到 Docker 日志收集器。 This is done by linking them to stdout and stderr, which causes all messages from both logs to be stored in the file /var/lib/docker/containers/<container id>/<container id>-json.log on the Docker Host.这是通过将它们链接到 stdout 和 stderr 来完成的,这会导致来自两个日志的所有消息都存储在 Docker 主机上的文件/var/lib/docker/containers/<container id>/<container id>-json.log .
Since the hard work of getting the logs out of the container and into the host has already been taken care of us, perhaps we should try to leverage that?既然我们已经完成了将日志从容器中取出并放入主机的艰巨工作,也许我们应该尝试利用它? But there are numerous indistinguishable folders in /var/lib/docker/containers/但是/var/lib/docker/containers/有许多无法区分的文件夹
# ls -alrt /var/lib/docker/containers/
total 84
drwx--x--x 14 root root 4096 Jul 4 13:40 ..
drwx------ 4 root root 4096 Jul 4 13:55 a4ee4224c3e4c68a8023eb63c01b2a288019257440b30c4efb7226eb83629956
drwx------ 4 root root 4096 Jul 6 16:24 59d1465b5c42f2ce6b13747c39ff3995191d325d641b6ef8cad1a8446247ef24
...
drwx------ 4 root root 4096 Jul 9 06:34 cab3407af18d778b259f54df16e60f5e5187f14b01a020b30f6c91c6f8003bdd
drwx------ 4 root root 4096 Jul 9 06:35 0b99140af456b29af6fcd3956a6cdfa4c78d1e1b387654645f63b8dc4bbf049c
drwx------ 21 root root 4096 Jul 9 06:35 .
Even if we narrow them down by searching recursively through /var/lib/docker/containers/ for any files that are of type -json.log and contain the string upstream_response_time即使我们通过/var/lib/docker/containers/递归搜索任何类型为-json.log并包含字符串upstream_response_time文件来缩小它们的范围
# grep -lr "upstream_response_time" /var/lib/docker/containers/ --include "*-json.log"
/var/lib/docker/containers/cfe8...fe18/cfe8...fe18-json.log
/var/lib/docker/containers/c3c3...6662/c3c3...6662-json.log
... still leaves us in a situation where we will constantly have to step in to find the correct folders due to containers starting/stopping ... we would be stuck reconfiguring FileBeat to crawl them. ...仍然让我们处于一种情况,由于容器启动/停止,我们将不得不不断介入以找到正确的文件夹......我们将被困在重新配置FileBeat以抓取它们。
Question: So how can the docker container log folders be renamed to give them a predictable name?
Alternatives备择方案
Here are certain other methods that I've ruled out but feel free to differ.以下是我排除的某些其他方法,但可以随意不同。
Setting up a named volume设置named volume
$ tree /var/lib/docker/volumes/*nginx-log-volume
/var/lib/docker/volumes/my_swarm_stack_nginx-log-volume
└── _data
├── access.log -> /dev/stdout
└── error.log -> /dev/stderr
The named volume exists as a combination of the stack name and the named volume name: my_swarm_stack_nginx-log-volume .命名卷作为stack名称和named volume名称的组合存在: my_swarm_stack_nginx-log-volume 。 BUT rather than being regular files, these are some sort of a softlink/pipe to std streams.但是,这些不是常规文件,而是某种到std流的软链接/管道。 So I felt that this approach is invalid.所以我觉得这种做法是无效的。
1 个解决方案
解决方案1
0 已采纳 2020-03-16 20:36:18
I think you are over-complicating the problem at hand.我认为你把手头的问题复杂化了。 Filebeat already has a lot of configurable options, you don't need to reinvent stuff like this. Filebeat 已经有很多可配置的选项,你不需要重新发明这样的东西。
I suggest you just use add_docker_metadata processor.我建议你只使用add_docker_metadata处理器。 This will attach useful information like image & container name for each log produced by the container, which could then be checked by drop processor and you could make the conditions here such that you only accept logs from a specific container only.这将为container name生成的每个日志附加有用的信息,例如image和container name ,然后可以由drop处理器检查,您可以在此处设置条件,以便仅接受来自特定容器的日志。
processors:
- add_docker_metadata:
- drop_event:
when:
not:
regexp:
docker.container.name: "^nginx"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.