高效部署ELK日志监控系统指南-深圳市維司達科技有限公司

收集日志alertmanager＋grafana服务器地址：10.100.1.30 （需部署flunted）

部署kibanna展示服务器地址：10.0.1.106

1) .10.0.1.106 机器部署EFK及elasticsearch＋kibanna

mkdir -p /opt/efk cd /opt/efk vim docker-compose.yml

version: '3' services: elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch:8.12.0 container_name: elasticsearch environment: - discovery.type=single-node - xpack.security.enabled=false - "ES_JAVA_OPTS=-Xms512m -Xmx512m" ports: - "9200:9200" volumes: - es_data:/usr/share/elasticsearch/data networks: - efk kibana: image: docker.elastic.co/kibana/kibana:8.12.0 container_name: kibana ports: - "5601:5601" environment: - ELASTICSEARCH_HOSTS=http://elasticsearch:9200 depends_on: - elasticsearch networks: - efk fluentd: image: fluentd-with-es:1.16 container_name: fluentd volumes: - ./fluentd/conf:/fluentd/etc - /var/log/remote:/var/log/remote:ro # 挂载远程日志目录（通过 NFS 或 rsync 同步） ports: - "24224:24224" - "24224:24224/udp" depends_on: - elasticsearch networks: - efk volumes: es_data: networks: efk:

运行yml文件

docker-compose up -d fluentd

如果以上kibanna没起来执行：

docker run -d --name kibana --net host -e ELASTICSEARCH_HOSTS="http://localhost:9200" -e SERVER_HOST="0.0.0.0" docker.elastic.co/kibana/kibana:8.12.0

2).10.100.1.30 docker部署fluentbit

编写编辑flunted配置文件

mkdir -p /etc/td-agent-bit cd /etc/td-agent-bit vim td-agent-bit.conf

[SERVICE] Flush 1 Log_Level info Parsers_File /fluent-bit/etc/parsers.conf [INPUT] Name tail Path /var/lib/docker/containers/091e511307cd01514f1106b013da4b84baafb8413b0720d413df8cd9a0305892/091e511307cd01514f1106b013da4b84baafb8413b0720d413df8cd9a0305892-json.log Parser docker Tag alertmanager.* [INPUT] Name tail Path /var/lib/docker/containers/a3ce3efc50bb380704c8374f3fccef0f1a426150abad2841809b59e7975eaa6d/a3ce3efc50bb380704c8374f3fccef0f1a426150abad2841809b59e7975eaa6d-json.log Parser docker Tag grafana.* [FILTER] Name record_modifier Match alertmanager.* Record source alertmanager Record service monitoring [FILTER] Name record_modifier Match grafana.* Record source grafana Record service monitoring [OUTPUT] Name es Match * Host 10.0.1.106 Port 9200 Index monitor-%Y.%m.%d Time_Key @timestamp tls Off Suppress_Type_Name true

3).docker部署fluentbit

docker run -d --name fluent-bit \ --restart always \ --network host \ -v /var/log:/var/log:ro \ -v /var/lib/docker/containers:/var/lib/docker/containers:ro \ -v /etc/td-agent-bit/td-agent-bit.conf:/fluent-bit/etc/fluent-bit.conf:ro \ -v /etc/fluent-bit/parsers.conf:/fluent-bit/etc/parsers.conf:ro \ fluent/fluent-bit:3.1.7

3).浏览器打开10.0.1.106:5601

添加索引fluentbit-*即可