Docker 文件节拍自动发现未检测到 nginx 日志
[英]Docker filebeat autodiscover not detecting nginx logs
问题描述
On my mac I am running nginx in a docker file and filebeat in a docker file.
在我的 Mac 上,我在 docker 文件和 docker 文件中运行 nginx 文件。
docker run -p 80:80 nginx
The above command successfully runs nginx which I can visit in the browser and the output is printed to the console.上面的命令成功运行了 nginx ,我可以在浏览器中访问它,并且 output 打印到控制台。
This is my docker file that I am building and then running:这是我正在构建然后运行的 docker 文件:
FROM docker.elastic.co/beats/filebeat:7.8.0
COPY filebeat.yml /usr/share/filebeat/filebeat.yml
USER root
And this is my filebeat.yml referenced in the above:这是我上面引用的 filebeat.yml:
filebeat.autodiscover:
providers:
- type: docker
templates:
- condition:
contains:
docker.container.image: nginx
config:
- type: docker
containers.ids:
- "${data.docker.container.id}"
- module: nginx
access:
enabled: true
containers:
stream: "stdout"
error:
enabled: true
containers:
stream: "stderr"
output.console:
pretty: true
I run the filebeat docker image using:我使用以下命令运行 filebeat docker 图像:
sudo docker run -it -v /var/run/docker.sock:/var/run/docker.sock filebeat
The docker.sock stuff is because of an unable to connect to docker socket error I was getting (some kind of docker user error permissions I presume). docker.sock 的东西是因为无法连接到 docker 套接字错误我得到(某种 docker 用户错误权限我推测)。
All of the above gets the filebeat running inside the docker container.以上所有内容都在 docker 容器内运行 filebeat。
INFO [autodiscover] autodiscover/autodiscover.go:113 Starting autodiscover manager
However when I visit localhost in the browser and trigger the nginx log, the only output is occasional docker system metrics every 30 seconds:但是,当我在浏览器中访问 localhost 并触发 nginx 日志时,唯一的 output 是每隔 30 秒偶尔出现的 docker 系统指标:
{"monitoring": {"metrics": {"beat":{"cpu":{"system":{"ticks":40,"time":{"ms":43}},"total":{"ticks":100,"time":{"ms":109},"value":100},"user":{"ticks":60,"time":{"ms":66}}},"handles":{"limit":{"hard":1048576,"soft":1048576},"open":8},"info":{"ephemeral_id":"d3e79d62-6949-4d79-89e8-c595332c18ed","uptime":{"ms":30054}},"memstats":{"gc_next":10249440,"memory_alloc":5520104,"memory_total":17591608,"rss":55390208},"runtime":{"goroutines":23}},"filebeat":{"harvester":{"open_files":0,"running":0}},"libbeat":{"config":{"module":{"running":0}},"output":{"type":"console"},"pipeline":{"clients":0,"events":{"active":0}}},"registrar":{"states":{"current":0},"writes":{"success":1,"total":1}},"system":{"cpu":{"cores":2},"load":{"1":0,"15":0,"5":0,"norm":{"1":0,"15":0,"5":0}}}}}}
The nginx log is not being detected.未检测到 nginx 日志。
This is a potentially relevant warning I am getting:这是我收到的潜在相关警告:
Filebeat is unable to load the Ingest Node pipelines for the configured modules because the Elasticsearch output is not configured/enabled
Edit: I think this is the crux of the issue, the harvester is not finding any logs:编辑:我认为这是问题的症结所在,收割机没有找到任何日志:
filebeat":{"harvester":{"open_files":0,"running":0}}
Edit2: The root cause of the problem seems to be that on the Mac the terminal can't access the log files: /var/lib/docker/containers/${data.docker.container.id}/*.log as this aren't where they are stored on the Mac... so it seems running filebeat on mac is not supported this way between dockers Edit2:问题的根本原因似乎是在 Mac 上终端无法访问日志文件:不是它们在 Mac 上的存储位置......所以在 docker 之间似乎不支持在 mac 上运行 filebeat
1 个解决方案
解决方案1
0 已采纳 2020-07-03 23:33:17
Filebeat on Mac doesn't support collecting docker logs: Mac 上的 Filebeat 不支持收集 docker 日志:
https://github.com/elastic/beats/issues/17310 https://github.com/elastic/beats/issues/17310
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.