ops-11 Graylog 收集查看日志举例
Graylog 应用详解:
- 服务端安装部署,根据自身需求更改:
version: '2'
services:
# MongoDB
mongodb:
image: mongo:3
ports:
- 27017:27017
volumes:
- /data/mongo/db:/data/db:Z
networks:
- graylog
restart: always
# Elasticsearch
elasticsearch:
image: elasticsearch:6.7.0
environment:
- http.host=0.0.0.0
- transport.host=localhost
- network.host=0.0.0.0
- xpack.security.enabled=false
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
mem_limit: 3g
ports:
- 9200:9200
- 9300:9300
volumes:
- /data/elasticsearch/data:/usr/share/elasticsearch/data:Z
networks:
- graylog
restart: always
# Graylog
graylog:
image: graylog/graylog:3.2
environment:
# 自行修改
- GRAYLOG_PASSWORD_SECRET=Graylog@monkeys123
# Password: admin
- GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
# 提供给外部web端访问,我搭建Graylog的服务器IP是192.168.66.15
- GRAYLOG_HTTP_EXTERNAL_URI=http://192.168.66.15:9000/
- GRAYLOG_ROOT_TIMEZONE=Asia/Shanghai
- GRAYLOG_SERVER_JAVA_OPTS=-XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -XX:NewRatio=1 -XX:MaxMetaspaceSize=256m -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow -Duser.timezone=GMT+8
links:
- mongodb:mongo
- elasticsearch
depends_on:
- mongodb
- elasticsearch
ports:
# Graylog web interface and REST API
- 9000:9000
# Syslog TCP
- 514:514
# Syslog UDP
- 514:514/udp
# GELF TCP
- 12201:12201
# GELF UDP
- 12201:12201/udp
# 5044 TCP
- 5044:5044
# 5044 UDP
- 5044:5044/udp
volumes:
- /data/graylog/data/journal:/usr/share/graylog/data/journal:Z
networks:
- graylog
restart: always
networks:
graylog:
driver: bridge
- 收集Nginx日志为例:创建server_api_token
- 安装 filebeat
- 安装 sidecar ,systemctl enable graylog-sidecar && systemctl start graylog-sidecar
- 进入graylog WEBUI 配置 http://192.168.66.15:9000/
# vi /etc/graylog/sidecar/sidecar.yml
# 更改为 graylog 的api服务ip
server_url: http://192.168.66.15:9000/api/
server_api_token: "1s8a7702qlessa6c9rf6fa567fa0jggef6rep25doo1fa7usslen" ## 这就是上面步骤获取到的那个server_api_token
node_id: nginx-front1
update_interval: 10
tls_skip_verify: true
send_status: true
list_log_files: []
cache_path: /var/cache/graylog-sidecar
log_path: /var/log/graylog-sidecar
log_rotation_time: 86400
log_max_age: 604800
tags: nginx_beats_input ## 这个值随意输入一个
backends:
- name: nxlog
enabled: false
binary_path: /usr/bin/nxlog
configuration_path: /etc/graylog/collector-sidecar/generated/nxlog.conf
- name: filebeat
enabled: true
binary_path: /usr/bin/filebeat
configuration_path: /etc/graylog/collector-sidecar/generated/filebeat.yml
参考博文配置:
珊瑚海
浙公网安备 33010602011771号