Preface

The default log driver of docker is json-file , each container will generate a /var/lib/docker/containers/containerID/containerID-json.log locally, and the log driver supports extensions. This chapter mainly explains the Fluentd driver Collect docker logs.

Fluentd is an open source data collector for the unified logging layer. It is the sixth CNCF graduated project after Kubernetes, Prometheus, Envoy, CoreDNS and containerd. It is often used to compare elastic logstash, which is relatively lightweight. Flexible, now the development is very fast, the community is very active.At the time of writing this blog, the star of github is 8.8k, and the fork is 1k.

premise

docker
Understanding fluentd configuration
docker-compose

Prepare configuration file

docker-compose.yml

version: '3.7'

x-logging:
  &default-logging
  driver: fluentd
  options:
    fluentd-address: localhost:24224
    fluentd-async-connect: 'true'
    mode: non-blocking
    max-buffer-size: 4m
    tag: "kafeidou.{
   
   {.Name}}"  #配置容器的tag,以kafeidou.为前缀,容器名称为后缀,docker-compose会给容器添加副本后缀,如 fluentd_1

services:

  fluentd:
   image: fluent/fluentd:v1.3.2
   ports:
    - 24224:24224
   volumes:
    - ./:/fluentd/etc
    - /var/log/fluentd:/var/log/fluentd
   environment:
    - FLUENTD_CONF=fluentd.conf

  fluentd-worker:
   image: fluent/fluentd:v1.3.2
   depends_on:
     - fluentd
   logging: *default-logging

fluentd.conf

<source>
  @type forward
  port 24224
  bind 0.0.0.0
</source>

<match kafeidou.*>
  @type              file
  path               /var/log/fluentd/kafeidou/${tag[1]}
  append             true
  <format>
    @type            single_value
    message_key      log
  </format>
  <buffer tag,time>
    @type             file
    timekey           1d
    timekey_wait      10m
    flush_mode        interval
    flush_interval    5s
  </buffer>
</match>

<match **>
  @type              file
  path               /var/log/fluentd/${tag}
  append             true
  <format>
    @type            single_value
    message_key      log
  </format>
  <buffer tag,time>
    @type             file
    timekey           1d
    timekey_wait      10m
    flush_mode        interval
    flush_interval    5s
  </buffer>
</match>

Because fluentd need to have write permissions in the directory configuration, so you need to be ready to store log directory and give permission.
Create a directory

mkdir /var/log/fluentd

Give permission, here for experimental demonstration, directly authorize 777

chmod -R 777 /var/log/fluentd

Execute the command in the directory of docker-compose.yml and fluentd.conf:
docker-compose up -d

[root@master log]# docker-compose up -d
WARNING: The Docker Engine you're using is running in swarm mode.

Compose does not use swarm mode to deploy services to multiple nodes in a swarm. All containers will be scheduled on the current node.

To deploy your application across the swarm, use `docker stack deploy`.

Creating network "log_default" with the default driver
Creating fluentd ... done
Creating fluentd-worker ... done

Check the log directory, there should be a corresponding container log file:

[root@master log]# ls /var/log/fluentd/kafeidou/
fluentd-worker.20200215.log  ${tag[1]}

This is the result of my last experiment. A $(tag[1]) directory will be created, which is strange, and there will be two files in this directory.

[root@master log]# ls /var/log/fluentd/kafeidou/\$\{tag\[1\]\}/
buffer.b59ea0804f0c1f8b6206cf76aacf52fb0.log  buffer.b59ea0804f0c1f8b6206cf76aacf52fb0.log.meta

If anyone understands this, welcome to communicate together!

Architecture summary

Why not use docker's original log?

Let's first take a look at the architecture of the original docker log:

Docker will generate a log file for each container in the local /var/lib/docker/containers/containerID/containerID-json.log path to store docker logs.

There are a total of 7 containers in the above figure.If it is regarded as 7 microservices, it is already very inconvenient when you need to view the logs.In the worst case, you need to view the logs of each container on three machines.

What is the difference after using fluentd?

After using fluentd to collect docker logs, the containers can be aggregated together. Let's take a look at the architecture after configuring the fluentd configuration file in this article:

Since fluentd is configured to be stored in the local directory of the machine where fluentd is located, the effect is to collect the container logs of other machines into the local directory of the machine where fluentd is located.

Can fluentd only collect container logs locally?

Fluentd can actually transfer the collected logs again, for example to storage software such as elasticsearch:

fluentd flexibility

There are many things that fluentd can do. Fluentd itself can be used as a transmission node and as a receiving node. It can also filter specific logs, format logs with specific content, and transmit the matching specific logs again. Here is just a simple The effect of collecting docker container logs.

Originating in four coffee beans , reproduced, please declare the source.

Follow the public account -> [Four Coffee Beans] Get the latest content

Use fluentd as docker log driver to collect logs