Loki学习

Promtail，rsyslogd 和loki 配置搭建交换机日志服务器

1：软件安装

下载并安装这几个包

yum -y install nano net-tools unzip sysstat iotop rsyslog iperf3

yum -y install grafana-enterprise-10.1.0-1.x86_64.rpm loki-2.8.4.x86_64.rpm promtail-2.8.4.x86_64.rpmc

2：启动服务

​ systemctl restart grafana-server
​ systemctl enable grafana-server.service
​ systemctl restart loki
​ systemctl enable loki.service
​ systemctl restart promtail
​ systemctl enable promtail.service

3：配置

[配置日志服务rsyslog]

cat /etc/rsyslog.conf 
# 最小化配置
$ModLoad imuxsock
$ModLoad imudp
$ModLoad imtcp

$UDPServerRun 514
$InputTCPServerRun 514

$WorkDirectory /var/spool/rsyslog

# 包含自定义配置
$IncludeConfig /etc/rsyslog.d/*.conf
[root@localhost centos_7_zabbix_7.0.x_mysql]# cat /etc/rsyslog.d/loki.conf 
$CreateDirs on  # 自动创建目录
$Umask 0022     # 目录/文件权限

# 第一步：定义「基础路径模板」（按IP+日期存储，保留结构）
$template SwitchLogPath, "/var/log/loki/switch/%fromhost-ip%/%fromhost-ip%_%$NOW%.log"

# 第二步：定义「日志格式模板」（保留原始日志内容，关键修改！）
# %rawmsg% = 交换机发送的原始日志（无任何修改），\n 换行
$template SwitchLogFormat, "%rawmsg%\n"

# 第三步：核心规则（存储原始日志，保留按IP/日期存储逻辑）
if $fromhost-ip != '127.0.0.1' and $fromhost-ip != '::1' then {
    action(
        type="omfile"
        dynafile="SwitchLogPath"
        template="SwitchLogFormat"
        fileCreateMode="0644"
        dirCreateMode="0755"
        # 注释channel：轮转脚本未启用时避免报错
        # channel="log_rotation"
    )
    stop
}

[配置/etc/loki/config.yml]

auth_enabled: false

server:
  http_listen_port: 3100
  grpc_listen_port: 9096

common:
  instance_addr: 127.0.0.1
  path_prefix: /tmp/loki
  storage:
    filesystem:
      chunks_directory: /tmp/loki/chunks
      rules_directory: /tmp/loki/rules
  replication_factor: 1
  ring:
    kvstore:
      store: inmemory

query_range:
  results_cache:
    cache:
      embedded_cache:
        enabled: true
        max_size_mb: 100

schema_config:
  configs:
    - from: 2020-10-24
      store: boltdb-shipper
      object_store: filesystem
      schema: v11
      index:
        prefix: index_
        period: 24h

ruler:
  alertmanager_url: http://localhost:9093

# By default, Loki will send anonymous, but uniquely-identifiable usage and configuration
# analytics to Grafana Labs. These statistics are sent to https://stats.grafana.org/
#
# Statistics help us better understand how Loki is used, and they show us performance
# levels for most users. This helps us prioritize features and documentation.
# For more information on what's sent, look at
# https://github.com/grafana/loki/blob/main/pkg/usagestats/stats.go
# Refer to the buildReport method to see what goes into a report.
#
# If you would like to disable reporting, uncomment the following lines:
#analytics:
#  reporting_enabled: false

[配置/etc/promtail/config.yml]

server:
  http_listen_port: 9080
  grpc_listen_port: 0
positions:
  filename: /var/lib/promtail/positions.yaml
  sync_period: 10s
clients:
  - url: http://127.0.0.1:3100/loki/api/v1/push
scrape_configs:
  - job_name: switch_logs
    static_configs:
      - targets:
          - localhost
        labels:
          job: switch_logs
          __path__: /var/log/loki/switch/*/*.log
    pipeline_stages:
      - regex:
          expression: ^/var/log/loki/switch/(?P<switch_ip>\d+\.\d+\.\d+\.\d+)/\d+\.\d+\.\d+\.\d+_(?P<log_date>\d{4}-\d{2}-\d{2})\.log$
      - labels:
          switch_ip:
          log_date:
      - timestamp:
          source: time
          format: "2006-01-02 15:04:05"
          fallback_to_current_time: true

grafana配置数据库

导入模板13639

完美上图