Docker ELK 搭建

Docker ELK 搭建

准备

搭建

一、 elasticsearch

# 1. 开启Linux系统Rsyslog服务
vim /etc/rsyslog.conf
# $ModLoad imtcp
# $InputTCPServerRun 514
# *.* @@localhost:4560
systemctl restart rsyslog

# 2. 部署elasticsearch服务
docker network create elk-network
docker run -d --restart=always --net elk-network -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" -v /opt/dockerfile/elasticsearch/data/:/usr/share/elasticsearch/data --name elk-elasticsearch elasticsearch:7.0.1

报错

1. ERROR: bootstrap checks failed max virtual memory areas vm.max_map_count [65530]

# edit
vi /etc/sysctl.conf
# add
vm.max_map_count=655360
# exec
sysctl -p

二、Logstash

1. 添加配置文件 /opt/dockerfile/logstash/logstash.conf

input {
  syslog {
    type => "rsyslog"
    port => 4560
  }
}

output {
  elasticsearch {
    hosts => [ "192.168.174.201:9200" ]
  }
}

2. 部署logstash服务

docker run -d --restart=always --net elk-network -p 4560:4560 -v /opt/dockerfile/logstash/logstash.conf:/etc/logstash.conf --link elk-elasticsearch:elasticsearch --name elk-logstash logstash:7.0.1 logstash -f /etc/logstash.conf

三、Kibana

docker run -d --restart=always --net elk-network -p 5601:5601 --link elk-elasticsearch:elasticsearch -e ELASTICSEARCH_URL=http://192.168.174.201:9200 --name elk-kibana kibana:7.0.1

四、启动nginx容器来生产日志

# 查看docker日志驱动
docker info --format '{{.LoggingDriver}}'
# $ json-file

docker run -d --restart=always --net elk-network -p 90:80 --log-driver syslog --log-opt syslog-address=tcp://192.168.174.201:514 --log-opt tag="elk-nginx" --name elk-nginx nginx:latest