Log Collection
elk
Operation on node3
docker pull sebp/elk:5610
node3# sysctl vm.max_map_count=262144
node3 # docker run -p 5601: 5601 -p 9200: 9200 -p5044: 5044 -it --rm --name elk sebp / elk: 5610 # open the corresponding port
Then open http://192.168.56.13:9200/_search?pretty
Switch to the following node1
node1 # wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.1.1-x86_64.rpm # download and install filebeat
# rpm -ivh filebeat-6.1.1-x86_64.rpm
# Docker run -it -p 80:80 --name ngxin_v2 nginx # run a nginx container
Then open a session
node1 # vi /etc/filebeat/filebeat.yml # edit the configuration file
24 behavior modification enabled: true
Comment 28 # - /var/log/*.log
under a new behavior in the 28 - /data/docker/containers/*/*.log
modify the behavior of 146 hosts: [ "192.168.56.13:9200"]
Save and exit
node1 # /etc/init.d/filebeat start #启动 filebeat
Starting filebeat (via systemctl): [ OK ]
node1 # /etc/init.d/filebeat status
filebeat.service - filebeat
Loaded: loaded (/usr/lib/systemd/system/filebeat.service; disabled; vendor preset: disabled)
Active: active (running) since Tue 2020-02-25 18:05:39 CST; 6s ago
Docs: https://www.elastic.co/guide/en/beats/filebeat/current/index.html
Main PID: 1765 (filebeat)
Tasks: 7
Memory: 3.9M
CGroup: /system.slice/filebeat.service
└─1765 /usr/share/filebeat/bin/filebeat -c /etc/filebeat/filebeat...
node1 # for i in {1..10}; do curl 127.0.0.1; done # At this time the refresh times 127.0.0.1
Then open http://192.168.56.13:9200/_search?pretty refresh a few times until the digital took over the state are greater than 0
Then open http://192.168.56.13:5601 new in kibana discover in the index value filebeat-6.1.1- *, refresh seemingly no new data, then we try to install again fluentd
Switch back to node3
node3 # mkdir / fluentd_log # Create a directory for use in hanging the container
node3 # docker run -d -p 24224: 24224 -p 24224: 24224 / udp -v / fluentd_log: / fluentd / log fluent / fluentd # -v hanging the container in the local directory to
node3 # netstat -tnlpu # 24224 checks whether the port has started
The following switch back to node1, node1 modify the driver
node1 # vi /etc/docker/daemon.json # edit the configuration file, in the final surface, insert the following file
"cluster-advertise": "192.168.56.11:2375",
"log-driver": "fluentd",
"log-opts": {
"fluentd-address":"192.168.56.13:24224",
"tag":"linux-node1.example.com"
}
}
# systemctl-daemon reload node1
node1 # systemctl restart Docker
heavy-duty service
node1 # /etc/init.d/filebeat stop # stopped filebeat
Stopping filebeat (Via systemctl): [the OK]
Switch to the following node3
Filebeat mounted on node3 # rpm -ivh filebeat-6.1.1-x86_64.rpm # node3
node3 # we /etc/filebeat/filebeat.yml
24 behavior modification enabled: true
28 behavior modification - /fluentd_log/*.log
save and exit
node3 # /etc/init.d/filebeat start # start the process
Starting filebeat (Via systemctl): [the OK]
node3 # /etc/init.d/filebeat Status
node3 # for i in {1..10} ; do curl 192.168.56.11; done # at this time refresh a few times node1
If the steps in an error, you can delete the vessel on node1, then re-build a on it
Until then open http://192.168.56.13:5601 discover in kibana you can see in the log, if you do not see the log
first check if the host is the right time
interval selected today or this week to try
to index the amended to filebeat-6.1.1- day or next day
If the time is not correct in the container, by the following method for synchronizing time
Docker CP / usr / Share / zoneinfo / Asia rongqiid: / usr / Share / zoneinfo / Asia
Docker Exec rongqiid mkdir / usr / Share / zoneinfo -p
Docker CP / usr / share / zoneinfo / Asia rongqiid: / usr / share / zoneinfo / Asia
journalctl -u docker.service view docker engine logs
Docker ELK + Filebeat Installation and Configuration
https://www.jianshu.com/p/5df9db5cda8f
Docker ELK + Filebeat Installation and Configuration
https://blog.csdn.net/qq_39284787/article/details/78809538
Use Docker rapid deployment ELK environment 5.5.1 version
https://blog.csdn.net/gongxsh00/article/details/77001603
yum install lrzsz -y