[关闭]
@JunQiu 2018-09-18T18:16:05.000000Z 字数 4552 阅读 1539

Logstash Logspout

summary_2018/09 docker tools


1、日常

1.1、docker:ELK_Logstash

2.1、docker:Logspout


2、技术

2.1、docker:ELK_Logstash

2.1.1、简介
2.1.2、主要功能
2.1.3、简单使用
2.1.4、官方参考及详细文档

2.1、Logspout

2.1.1、简介
2.1.2、简单使用
  1. // 启动logspout,及两个http服务
  2. docker run -d --name="logspout" \
  3. --volume=/var/run/docker.sock:/var/run/docker.sock \
  4. -p 8000:80 \
  5. gliderlabs/logspout
  6. // 查看logspout收集到的日志 curl http://127.0.0.1:8000/logs
  7. dazzling_hoover| * Serving Flask app "app" (lazy loading)
  8. dazzling_hoover| * Environment: production
  9. dazzling_hoover| WARNING: Do not use the development server in a production environment.
  10. dazzling_hoover| Use a production WSGI server instead.
  11. dazzling_hoover| * Debug mode: off
  12. dazzling_hoover| * Running on http://0.0.0.0:80/ (Press CTRL+C to quit)
  13. dazzling_hoover|172.17.0.1 - - [03/Sep/2018 12:09:10] "GET / HTTP/1.1" 200 -
  14. dazzling_hoover|172.17.0.1 - - [03/Sep/2018 12:09:10] "GET /favicon.ico HTTP/1.1" 404 -
  15. dazzling_hoover|172.17.0.1 - - [03/Sep/2018 12:11:16] "GET / HTTP/1.1" 200 -
  16. compassionate_kalam| * Serving Flask app "app" (lazy loading)
  17. compassionate_kalam| * Environment: production
  18. compassionate_kalam| WARNING: Do not use the development server in a production environment.
  19. compassionate_kalam| Use a production WSGI server instead.
  20. compassionate_kalam| * Debug mode: off
  21. compassionate_kalam| * Running on http://0.0.0.0:80/ (Press CTRL+C to quit)
  22. dazzling_hoover|172.17.0.1 - - [03/Sep/2018 12:28:34] "GET / HTTP/1.1" 200 -
  23. compassionate_kalam|172.17.0.1 - - [03/Sep/2018 12:29:29] "GET / HTTP/1.1" 200 -
  24. compassionate_kalam|172.17.0.1 - - [03/Sep/2018 12:29:30] "GET /favicon.ico HTTP/1.1" 404 -
2.1.2、转发到Logstash
  1. // Dockerfile修改pipeline/logstash.conf
  2. FROM docker.elastic.co/logstash/logstash:6.4.0
  3. #自定义输入、输出流
  4. RUN rm -f /usr/share/logstash/pipeline/logstash.conf
  5. ADD logstash.conf /usr/share/logstash/pipeline/
  6. // logstash.conf
  7. input {
  8. udp {
  9. port => 5000
  10. type => syslog
  11. }
  12. }
  13. // 过滤筛选条件‘’
  14. filter {
  15. }
  16. output {
  17. file {
  18. path => "~/logspout.log"
  19. }
  20. }
  21. // 启动loglogspout收集并转发日志
  22. docker run --name="logspout" \
  23. --volume=/var/run/docker.sock:/var/run/docker.sock \
  24. gliderlabs/logspout \
  25. syslog://172.17.0.6:5000
  26. # 172.17.0.6:5000是Logstash的地址,及监听端口
  27. // logspout.log中的日志,还有一些ES检测的错误信息没有放上去
  28. {"message":"<11>1 2018-09-04T05:53:12Z 4f971db7b200 dazzling_hoover 8234 - - 172.17.0.1 - - [03/Sep/2018 12:09:10] \"GET / HTTP/1.1\" 200 -\n","@version":"1","@timestamp":"2018-09-04T05:53:12.051Z","type":"syslog","host":"172.17.0.3"}
  29. {"message":"<11>1 2018-09-04T05:53:12Z 4f971db7b200 dazzling_hoover 8234 - - 172.17.0.1 - - [03/Sep/2018 12:09:10] \"GET /favicon.ico HTTP/1.1\"404 -\n","@version":"1","@timestamp":"2018-09-04T05:53:12.052Z","type":"syslog","host":"172.17.0.3"}
  30. {"message":"<11>1 2018-09-04T05:53:12Z 4f971db7b200 dazzling_hoover 8234 - - 172.17.0.1 - - [03/Sep/2018 12:11:16] \"GET / HTTP/1.1\" 200 -\n","@version":"1","@timestamp":"2018-09-04T05:53:12.052Z","type":"syslog","host":"172.17.0.3"}
  31. {"message":"<11>1 2018-09-04T05:53:12Z 4f971db7b200 dazzling_hoover 8234 - - 172.17.0.1 - - [03/Sep/2018 12:28:34] \"GET / HTTP/1.1\" 200 -\n","@version":"1","@timestamp":"2018-09-04T05:53:12.052Z","type":"syslog","host":"172.17.0.3"}
  32. {"message":"<11>1 2018-09-04T05:53:12Z 4f971db7b200 dazzling_hoover 8234 - - 172.17.0.1 - - [03/Sep/2018 12:45:33] \"GET / HTTP/1.1\" 200 -\n","@version":"1","@timestamp":"2018-09-04T05:53:12.052Z","type":"syslog","host":"172.17.0.3"}
  33. {"message":"<11>1 2018-09-04T05:53:12Z 4f971db7b200 dazzling_hoover 8234 - - 172.17.0.1 - - [03/Sep/2018 12:45:54] \"GET / HTTP/1.1\" 200 -\n","@version":"1","@timestamp":"2018-09-04T05:53:12.052Z","type":"syslog","host":"172.17.0.3"}
  34. {"message":"<11>1 2018-09-04T05:53:12Z 4f971db7b200 dazzling_hoover 8234 - - 172.17.0.1 - - [03/Sep/2018 12:46:31] \"GET / HTTP/1.1\" 200 -\n","@version":"1","@timestamp":"2018-09-04T05:53:12.053Z","type":"syslog","host":"172.17.0.3"}
2.1.3、参考及详细文档
添加新批注
在作者公开此批注前,只有你和作者可见。
回复批注