docker部署elk日志采集系统(kafka方式)

一、logback + elk,tcp方式发送 

环境搭建参考上一篇博客:https://www.cnblogs.com/alan6/p/11667758.html

tcp方式存在的问题:tcp方式在日志量比较大,并发量较高的情况下,可能导致日志丢失。可以考虑采用 kafka 保存日志消息,做一个流量削峰。

二、logback + kafka + elk

1、docker安装 zookeeper + kafka

拉镜像:
docker pull wurstmeister/zookeeper
docker pull wurstmeister/kafka

运行zookeeper:
docker run -d --name zookeeper --restart always --publish 2181:2181 --volume /etc/localtime:/etc/localtime wurstmeister/zookeeper:latest

运行kafka:
docker run -d --name kafka --restart always --publish 9092:9092 --link zookeeper --env KAFKA_ZOOKEEPER_CONNECT=zookeeper:2181 \
--env KAFKA_ADVERTISED_HOST_NAME=kafka所在宿主机的IP \
--env KAFKA_ADVERTISED_PORT=9092 \
--volume /etc/localtime:/etc/localtime \
wurstmeister/kafka:latest

2、配置logback发送到kafka

在服务端的pom文件添加依赖

<dependency>
      <groupId>com.github.danielwegener</groupId>
      <artifactId>logback-kafka-appender</artifactId>
</dependency>

在logback-spring.xml配置文件中添加appender

    <appender name="kafka" class="com.github.danielwegener.logback.kafka.KafkaAppender">
        <encoder class="com.github.danielwegener.logback.kafka.encoding.LayoutKafkaMessageEncoder">
            <layout class="net.logstash.logback.layout.LogstashLayout" >
                <includeContext>true</includeContext>
                <includeCallerData>true</includeCallerData>
                <customFields>{"system":"test"}</customFields>
                <fieldNames class="net.logstash.logback.fieldnames.ShortenedFieldNames"/>
            </layout>
            <charset>UTF-8</charset>
        </encoder>
        <!--kafka topic 需要与配置文件里面的topic一致 -->
        <topic>kafka_elk</topic>
        <keyingStrategy class="com.github.danielwegener.logback.kafka.keying.HostNameKeyingStrategy" />
        <deliveryStrategy class="com.github.danielwegener.logback.kafka.delivery.AsynchronousDeliveryStrategy" />
        <producerConfig>bootstrap.servers=192.168.33.128:9092</producerConfig>
    </appender>

    <!-- 日志输出级别 -->
    <root level="INFO">
        <appender-ref ref="STDOUT" />
        <appender-ref ref="FILE"/>
        <appender-ref ref="kafka" />
    </root>

3、配置logstash

启动elk,进入容器:

#docker exec -it elk /bin/bash

进入 /etc/logstash/conf.d/ 目录,创建配置文件 logstash.conf,编辑内容,主要是 input 和 output

input {
    kafka {
        bootstrap_servers => ["192.168.33.128:9092"]
        auto_offset_reset => "latest"
        consumer_threads => 5
        decorate_events => true
        group_id => "elk"
        topics => ["elk_kafka"]
        type => "bhy"
    }
}

output {
    stdout {}
    elasticsearch {
          hosts => ["192.168.33.128:9200"]
          index => "kafka-elk-%{+YYYY.MM.dd}"
    }
}

编辑 /etc/init.d/logstash,修改

LS_USER=root //原来默认为logstash
LS_GROUP=root //原为默认为logstash

修改完成后退出,重启 elk 容器
#docker restart elk

4、配置kibana

配置方式和上一篇博客差不多,Index Pattern 选择 logstash 中配置的 “kafka-elk-日期“ 的 https://www.cnblogs.com/alan6/p/11667758.html 

 

posted @ 2019-10-15 17:30  Alan6  阅读(1872)  评论(0编辑  收藏  举报