ELK 日志手机

需求

因为原项目是PHP开发,需要部署在集群 R1,R2,R3 上,对应的日志则存在本地机器上,现在需要添加一个日志系统来收集这些日志,方便查询

处理方式

在需要收集服务器日志的机器,安装运行一个 filebeat 发送日志到日志机器上,配置文件:filebeat.yml

# ============================== Filebeat inputs
- type: log
  # 收集日志的路径
  paths:/data/www/a.com/runtime/log/

# ---------------------------- Elasticsearch Output
output.elasticsearch:
  # Array of hosts to connect to. 输出到的局域网日志手机服务的IP
  hosts: ["192.168.1.x:9200"]

新开一台服务器 R4 ,这里建议购买 dlog 盘符,只做查询方便收集保存并查询,安装 docker-composer

然后安装elk镜像,修改配置 /data/elasticsearch/elasticsearch/elasticsearch-compose.yaml

version: "3"
services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.16.2
    container_name: elasticsearch
    environment:
      - discovery.type=single-node
      #- node.name=es
      #- cluster.name=es-docker-cluster
      #- discovery.seed_hosts=es02,es03
      #- cluster.initial_master_nodes=es01,es02,es03
      - bootstrap.memory_lock=true
      # 设置内存
      - "ES_JAVA_OPTS=-Xms4096m -Xmx4096m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      # 映射目录
      - /dlog/es/data:/usr/share/elasticsearch/data
    ports:
      - 9200:9200
    networks:
      elastic:
        ipv4_address: 172.18.0.11

  kibana:
    image: docker.elastic.co/kibana/kibana:7.9.2
    container_name: kibana
    volumes:
      - /data/elasticsearch/elasticsearch/conf/kibana.yml:/usr/share/kibana/config/kibana.yml
    environment:
      SERVER_NAME: kibana.example.org
      #日志主机地址
      ELASTICSEARCH_HOSTS: http://172.18.0.11:9200
    ports:
      - "5601:5601"
    networks:
      elastic:
        ipv4_address: 172.18.0.14
  #不做logstash格式化
  #logstash:
  #  image: docker.elastic.co/logstash/logstash:7.9.2
  #  container_name: logstash
  #  volumes:
  #    - ./conf/logstash.yml:/usr/share/logstash/config/logstash.yml
  #    - ./conf.d/:/usr/share/logstash/conf.d/
  #  ports:
  #    - "5044:5044"
  #  networks:
  #    elastic:
  #      ipv4_address: 172.25.0.15

volumes:
  data01:
    driver: local
  data02:
    driver: local
  data03:
    driver: local

networks:
  elastic:
    driver: bridge

启动

docker-compose -f /data/elasticsearch/elasticsearch/elasticsearch-compose.yaml up -d
作者:admin  创建时间:2022-05-19 15:25
最后编辑:admin  更新时间:2023-04-10 15:46