在 Docker 上使用 Filebeat 的 nginx 模块,将 nginx 的日志在 Kibana 中显示出来
起初
上一次我使用Docker,在nginx上运行,并通过Filebeat将访问日志发送到Logstash。
而这一次,我改用了Filebeat模块来将日志发送到Elasticsearch。
源代码已经上传到 GitHub。
环境
-
- docker-compoase
-
- elasticsearch
-
- kibana
-
- Filebeat (nginx Module)
- nginx
目录结构
└── es_logstash
└── es_d
├── docker-compose.yml
├── Dockerfile
└── config
└── elasticsearch.yml
└── filebeat_d
├── docker-compose.yml
├── Dockerfile
└── config
└── filebeat.yml
└── nginx.yml
└── kibana_d
├── docker-compose.yml
├── Dockerfile
└── config
└── kibana.yml
└── nginx_d
└── docker-compose.yml
version: '2'
services:
elasticsearch:
mem_limit: 512m
build: .
container_name: es_c_el
image: es_i_el:1.0.10
volumes:
- ../data/es:/usr/share/elasticsearch/data
ports:
- 9200:9200
environment:
- ES_JAVA_OPTS=-Xms256m -Xmx256m
FROM docker.elastic.co/elasticsearch/elasticsearch-oss:6.2.3
COPY ./config/elasticsearch.yml /usr/share/elasticsearch/config/elasticsearch.yml
# kuromojiをインストール
RUN elasticsearch-plugin install analysis-kuromoji
http.host: 0.0.0.0
cluster.name: "docker-cluster"
version: '2'
services:
filebeat:
mem_limit: 64m
build: .
container_name: filebeat_c_el
image: filebeat_i_el:1.0.1
volumes:
- ../data/nginx:/var/log/nginx/
external_links:
- elasticsearch
- kibana
networks:
- default
- es1_default
- kibana1_default
networks:
es1_default:
external:
name: es_d_default
kibana1_default:
external:
name: kibana_d_default
FROM docker.elastic.co/beats/filebeat:6.2.3
COPY ./config/filebeat.yml /usr/share/filebeat/filebeat.yml
USER root
RUN chown root:filebeat /usr/share/filebeat/filebeat.yml
USER filebeat
COPY ./config/nginx.yml /usr/share/filebeat/modules.d/nginx.yml
USER root
RUN chown root:filebeat /usr/share/filebeat/modules.d/nginx.yml
USER filebeat
filebeat.config:
prospectors:
path: ${path.config}/prospectors.d/*.yml
reload.enabled: false
modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
processors:
- add_cloud_metadata:
output.elasticsearch:
hosts: ['elasticsearch:9200']
username: elastic
password: changeme
setup.dashboards.enabled: true
setup.kibana:
host: "kibana:5601"
- module: nginx
# Access logs
access:
enabled: true
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
var.paths:
- /var/log/nginx/access.log
# Error logs
error:
enabled: true
# Set custom paths for the log files. If left empty,
# Filebeat will choose the paths depending on your OS.
var.paths:
- /var/log/nginx/error.log
version: '2'
services:
kibana:
mem_limit: 128m
build: .
container_name: kibana_c_el
image: kibana_i_el:1.0.9
external_links:
- elasticsearch
ports:
- 5601:5601
networks:
- default
- es1_default
environment:
NODE_OPTIONS: "--max-old-space-size=100"
networks:
es1_default:
external:
name: es_d_default
FROM docker.elastic.co/kibana/kibana-oss:6.2.3
COPY ./config/kibana.yml /opt/kibana/config/kibana.yml
server.name: kibana
server.host: "0"
elasticsearch.url: http://elasticsearch:9200
elasticsearch.username: elastic
elasticsearch.password: changeme
version: '2'
services:
web:
image: nginx:1.10
ports:
- "80:80"
volumes:
- ../data/nginx:/var/log/nginx
确认动作
启动容器
将容器依次部署为elasticsearch、kibana、filebeat、nginx。
$ docker-compose up -d
访问nginx
$ curl http://localhost
access.log 文件被更新并通过 Filebeat 存储到 Elasticsearch。
Kibana 可视化平台。
如果访问[Filebeat Nginx]的访问和错误日志,会显示仪表板上的图表。
最后
Elasticsearch非常深入。
GitHub(简称为GH)是一个面向开源及私有软件项目的共享型代码托管平台,支持Git版本控制系统。
