goreplay 输出流量捕获数据到 elasticsearch
goreplay 是一个很不错的流量拷贝,复制工具,小巧,支持一些扩展,当然也提供了企业版,企业版
功能更强大,支持二进制协议的分析 。
为了方便数据的存储,我们可以使用es 进行存储
环境准备
docker-compose
version: "3"
services:
nginx:
build: ./
ports:
- "8080:80"
app:
image: openresty/openresty:alpine-fat
ports:
- "8090:80"
app2:
image: openresty/openresty:alpine-fat
ports:
- "8091:80"
es:
image: elasticsearch:5.6.3
ports:
- "9200:9200"
- "9300:9300"
environment:
- http.host=0.0.0.0
- transport.host=localhost
- network.host=0.0.0.0
# Disable X-Pack security: https://www.elastic.co/guide/en/elasticsearch/reference/5.6/security-settings.html#general-security-settings
- xpack.security.enabled=false
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
包含goreplay 的docker 配置
- dockerfile
使用了一个tini 的工具,方便后台任务运行,同时因为wget 二进制包太慢,所以直接下载add 了
FROM openresty/openresty:alpine-fat
LABEL author="1141591465@qq.com"
COPY gor_0.16.1_x64.tar.gz .
RUN apk add --update && apk add --no-cache tini \
&& tar xzf gor_0.16.1_x64.tar.gz -C /usr/local/bin \
&& rm gor_0.16.1_x64.tar.gz
ENV PATH=$PATH:/usr/local/bin
ADD entrypoint.sh /entrypoint.sh
ADD goreplay.sh /goreplay.sh
ENTRYPOINT ["/sbin/tini","-s", "--", "/entrypoint.sh"]
- entryppint.sh
#!/bin/sh
sh goreplay.sh
exec /usr/local/openresty/bin/openresty -g "daemon off;"
- goreplay.sh
goreplay 的运行命令,主要是进行流量的拷贝
#!/bin/sh
#!/bin/sh
nohup goreplay --input-raw :80 --output-http "http://app" --output-http "http://app2" --output-http-elasticsearch es:9200/gor &
启动&测试
启动
docker-compose up -d
效果
- docker log 信息
- es 信息
参考资料
https://github.com/buger/goreplay/wiki/Exporting-to-ElasticSearch
https://github.com/rongfengliang/goreplay-openresty-demo.git