ELK 日志手机
需求
因为原项目是PHP开发,需要部署在集群 R1,R2,R3 上,对应的日志则存在本地机器上,现在需要添加一个日志系统来收集这些日志,方便查询
处理方式
在需要收集服务器日志的机器,安装运行一个 filebeat 发送日志到日志机器上,配置文件:filebeat.yml
# ============================== Filebeat inputs
- type: log
# 收集日志的路径
paths:/data/www/a.com/runtime/log/
# ---------------------------- Elasticsearch Output
output.elasticsearch:
# Array of hosts to connect to. 输出到的局域网日志手机服务的IP
hosts: ["192.168.1.x:9200"]
新开一台服务器 R4 ,这里建议购买 dlog 盘符,只做查询方便收集保存并查询,安装 docker-composer
然后安装elk镜像,修改配置 /data/elasticsearch/elasticsearch/elasticsearch-compose.yaml
version: "3"
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.16.2
container_name: elasticsearch
environment:
- discovery.type=single-node
#- node.name=es
#- cluster.name=es-docker-cluster
#- discovery.seed_hosts=es02,es03
#- cluster.initial_master_nodes=es01,es02,es03
- bootstrap.memory_lock=true
# 设置内存
- "ES_JAVA_OPTS=-Xms4096m -Xmx4096m"
ulimits:
memlock:
soft: -1
hard: -1
volumes:
# 映射目录
- /dlog/es/data:/usr/share/elasticsearch/data
ports:
- 9200:9200
networks:
elastic:
ipv4_address: 172.18.0.11
kibana:
image: docker.elastic.co/kibana/kibana:7.9.2
container_name: kibana
volumes:
- /data/elasticsearch/elasticsearch/conf/kibana.yml:/usr/share/kibana/config/kibana.yml
environment:
SERVER_NAME: kibana.example.org
#日志主机地址
ELASTICSEARCH_HOSTS: http://172.18.0.11:9200
ports:
- "5601:5601"
networks:
elastic:
ipv4_address: 172.18.0.14
#不做logstash格式化
#logstash:
# image: docker.elastic.co/logstash/logstash:7.9.2
# container_name: logstash
# volumes:
# - ./conf/logstash.yml:/usr/share/logstash/config/logstash.yml
# - ./conf.d/:/usr/share/logstash/conf.d/
# ports:
# - "5044:5044"
# networks:
# elastic:
# ipv4_address: 172.25.0.15
volumes:
data01:
driver: local
data02:
driver: local
data03:
driver: local
networks:
elastic:
driver: bridge
启动
docker-compose -f /data/elasticsearch/elasticsearch/elasticsearch-compose.yaml up -d
作者:admin 创建时间:2022-05-19 15:25
最后编辑:admin 更新时间:2023-04-10 15:46
最后编辑:admin 更新时间:2023-04-10 15:46