Docker ELK 搭建
Docker ELK 搭建
准备
搭建
一、 elasticsearch
# 1. 开启Linux系统Rsyslog服务
vim /etc/rsyslog.conf
# $ModLoad imtcp
# $InputTCPServerRun 514
# *.* @@localhost:4560
systemctl restart rsyslog
# 2. 部署elasticsearch服务
docker network create elk-network
docker run -d --restart=always --net elk-network -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" -v /opt/dockerfile/elasticsearch/data/:/usr/share/elasticsearch/data --name elk-elasticsearch elasticsearch:7.0.1
报错
- ERROR: bootstrap checks failed max virtual memory areas vm.max_map_count [65530]
# edit
vi /etc/sysctl.conf
# add
vm.max_map_count=655360
# exec
sysctl -p
二、Logstash
- 添加配置文件 /opt/dockerfile/logstash/logstash.conf
input {
syslog {
type => "rsyslog"
port => 4560
}
}
output {
elasticsearch {
hosts => [ "192.168.174.201:9200" ]
}
}
- 部署logstash服务
docker run -d --restart=always --net elk-network -p 4560:4560 -v /opt/dockerfile/logstash/logstash.conf:/etc/logstash.conf --link elk-elasticsearch:elasticsearch --name elk-logstash logstash:7.0.1 logstash -f /etc/logstash.conf
三、Kibana
docker run -d --restart=always --net elk-network -p 5601:5601 --link elk-elasticsearch:elasticsearch -e ELASTICSEARCH_URL=http://192.168.174.201:9200 --name elk-kibana kibana:7.0.1
四、启动nginx容器来生产日志
# 查看docker日志驱动
docker info --format '{{.LoggingDriver}}'
# $ json-file
docker run -d --restart=always --net elk-network -p 90:80 --log-driver syslog --log-opt syslog-address=tcp://192.168.174.201:514 --log-opt tag="elk-nginx" --name elk-nginx nginx:latest
