我正在尝试在 docker-compose 中使用EFK运行应用程序。应用程序将日志写入/var/log/containers目录。当我检查流利的位日志时,它有一个错误[error] [input:tail:tail.0] read error, check permissions: /var/log/containers/*.log。
看起来应用程序日志对流利的位是不可见的。
流利的位日志
[2022/01/20 07:57:11] [ info] [storage] version=1.0.3, initializing...
2022-01-20T07:57:11.304007900Z [2022/01/20 07:57:11] [ info] [storage] in-memory
2022-01-20T07:57:11.304040100Z [2022/01/20 07:57:11] [ info] [storage] normal synchronization mode, checksum disabled, max_chunks_up=128
2022-01-20T07:57:11.304052200Z [2022/01/20 07:57:11] [ info] [engine] started (pid=1)
2022-01-20T07:57:11.304061000Z [2022/01/20 07:57:11] [error] [input:tail:tail.0] read error, check permissions: /var/log/containers/*.log
2022-01-20T07:57:11.304068900Z [2022/01/20 07:57:11] [ info] [sp] stream processor started
码头工人撰写文件
version: "3.8"
services:
elasticsearch:
image: elasticsearch:7.3.2
environment:
- discovery.type=single-node
- "ES_JAVA_OPTS=-Xms256m -Xmx256m"
ports:
- 9200:9200
deploy:
resources:
limits:
memory: 1g
kibana:
image: kibana:7.3.2
ports:
- 5601:5601
deploy:
resources:
limits:
memory: 1g
depends_on:
- elasticsearch
app:
image: "raushandoc/efk-springboot-docker-kubernetes"
ports:
- "9898:9898"
links:
- fluent-bit
logging:
driver: "fluentd"
options:
fluentd-address: localhost:24224
fluent-bit:
image: fluent/fluent-bit:1.4.3
command: /fluent-bit/bin/fluent-bit -c /fluent-bit/config/fluent-bit.conf
container_name: fluent-bit
ports:
- "24224:24224"
- "24224:24224/udp"
volumes:
- ./fluent-bit.conf:/fluent-bit/config/fluent-bit.conf
- ./parsers.conf:/fluent-bit/config/parsers.conf
deploy:
resources:
limits:
memory: 60m
links:
- elasticsearch
networks:
default:
name: local
流利的bit.conf
[SERVICE]
Flush 2
Log_Level trace
Parsers_File parsers.conf
[INPUT]
Name tail
Path /var/log/containers/*.log
Tag docker.*
Parser docker
[OUTPUT]
Name es
Match *
Host elasticsearch
Port 9200
Logstash_Format On
Replace_Dots On
Retry_Limit False
解析器配置文件
[PARSER]
Name apache
Format regex
Regex ^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name apache2
Format regex
Regex ^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^ ]*) +\S*)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>.*)")?$
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name apache_error
Format regex
Regex ^\[[^ ]* (?<time>[^\]]*)\] \[(?<level>[^\]]*)\](?: \[pid (?<pid>[^\]]*)\])?( \[client (?<client>[^\]]*)\])? (?<message>.*)$
[PARSER]
Name nginx
Format regex
Regex ^(?<remote>[^ ]*) (?<host>[^ ]*) (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name json
Format json
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name docker
Format json
Time_Key time
Time_Format %Y-%m-%dT%H:%M:%S.%L
Time_Keep On
# --
# Since Fluent Bit v1.2, if you are parsing Docker logs and using
# the Kubernetes filter, it's not longer required to decode the
# 'log' key.
#
# Command | Decoder | Field | Optional Action
# =============|==================|=================
#Decode_Field_As json log
[PARSER]
Name docker-daemon
Format regex
Regex time="(?<time>[^ ]*)" level=(?<level>[^ ]*) msg="(?<msg>[^ ].*)"
Time_Key time
Time_Format %Y-%m-%dT%H:%M:%S.%L
Time_Keep On
[PARSER]
Name kube-custom
Format regex
Regex (?<tag>[^.]+)?\.?(?<pod_name>[a-z0-9](?:[-a-z0-9]*[a-z0-9])?(?:\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*)_(?<namespace_name>[^_]+)_(?<container_name>.+)-(?<docker_id>[a-z0-9]{64})\.log$