【介绍】
- Grafana:相当于 EFK 中的 Kibana ,用于 UI 的展示。
- Loki:相当于 EFK 中的 ElasticSearch ,用于存储日志和处理查询。
- Promtail:相当于 EFK 中的 Filebeat/Fluentd ,用于采集日志并将其发送给 Loki 。
- Rsyslog:用于接受各种来源的日志,采集迅速,输出到不同的目的地,集成日志分析平台
关闭防火墙、selinux
systemctl stop firewalld && systemctl disable firewalld
sed -i 's/enforcing/disabled/g' /etc/selinux/config下载 Loki、Promtail(地址:https://github.com/grafana/loki/releases)
[root@localhost ~]# ls
loki-linux-amd64.zip promtail-linux-amd64.zip配置Loki
unzip -d /usr/local/bin/ loki-linux-amd64.zip
useradd -r -s /sbin/nologin loki
mkdir -pv /etc/loki /data/loki
cat > /etc/loki/loki-config.yaml << EOF
> auth_enabled: false
>
> server:
> http_listen_port: 3100
> grpc_listen_port: 9096
>
> common:
> path_prefix: /data/loki
> storage:
> filesystem:
> chunks_directory: /data/loki/chunks
> rules_directory: /data/loki/rules
> replication_factor: 1
> ring:
> instance_addr: 192.168.88.34
> kvstore:
> store: inmemory
>
> schema_config:
> configs:
> - from: 2020-10-24
> store: boltdb-shipper
> object_store: filesystem
> schema: v11
> index:
> prefix: index_
> period: 24h
>
> ruler:
> alertmanager_url: http://localhost:9093
> EOF
cat > /lib/systemd/system/loki.service << EOF
> [Unit]
> Description=Loki service
> After=network.target
>
> [Service]
> Type=simple
> User=loki
> ExecStart=/usr/local/bin/loki-linux-amd64 -config.file /etc/loki/loki-config.yaml
>
> [Install]
> WantedBy=multi-user.target
> EOF
chown -R loki:loki /etc/loki
chown -R loki:loki /data/loki/
systemctl start loki && systemctl enable loki
配置Promtail
(官方模板https://github.com/grafana/loki/blob/v1.6.1/cmd/promtail/promtail-local-config.yaml)
unzip -d /usr/local/bin/ promtail-linux-amd64.zip
useradd -r -s /sbin/nologin promtail
mkdir -pv /etc/promtail
touch /tmp/positions.yaml
cat > /etc/promtail/promtail-config.yaml << EOF
> server:
> http_listen_port: 9080
> grpc_listen_port: 0
>
> positions:
> filename: /tmp/positions.yaml
>
> clients:
> - url: http://localhost:3100/loki/api/v1/push
>
> scrape_configs:
> - job_name: system
> static_configs:
> - targets:
> - localhost
> labels:
> job: varlogs
> __path__: /var/log/yum.log
>
> - job_name: syslog
> static_configs:
> - targets:
> - localhost
> labels:
> job: syslog
> env: prod
> location: shbd
> vendor: cisco
> hostname: Test-C3560G
> __path__: /var/log/network/192.168.99.254-192.168.99.254.log
> EOF
cat > /lib/systemd/system/promtail.service << EOF
> [Unit]
> Description=Promtail service
> After=network.target
>
> [Service]
> Type=simple
> User=promtail
> ExecStart=/usr/local/bin/promtail-linux-amd64 -config.file /etc/promtail/promtail-config.yaml
>
> [Install]
> WantedBy=multi-user.target
> EOF
chown promtail:promtail /tmp/positions.yaml
chown -R promtail:promtail /etc/promtail/
systemctl start promtail && systemctl enable promtail配置Rsyslog
(%HOSTNAME%-%FROMHOST-IP%.log是日志文件的名字,表示主机名+发送源主机IP;514为rsyslog 日志接收端口)
cat >> /etc/rsyslog.conf << 'EOF'
> # provides UDP syslog reception
> module(load="imudp")
> input(type="imudp" port="514")
>
> # provides TCP syslog reception
> module(load="imtcp")
> input(type="imtcp" port="514")
>
>
>
> $template IpTemplate,"/var/log/network/%HOSTNAME%-%FROMHOST-IP%.log"
> *.* ?IpTemplate
> & ~
> EOF
systemctl restart rsyslog查看 rsyslog 已接收并重命名生成的日志文件:
注:日志文件需要改为与pormtail配置文件内一致,且pormtail需要对这些日志文件有读取、写入权限,以便传递至loki
## 例如:
mv /var/log/localhost_127.0.0.1.log /var/log/yum.log
chmod 777 /var/log/yum.log
chown -R promtail:promtail /var/log/network/查看promtail日志接发状态:
配置Grafana(添加数据源、导入数据)
配置交换机、防火墙 发送日志到Loki
## Cisco交换机
# 设置发送日志的源端口
logging source-interface Vlan99
# 设置目标主机
logging 192.168.88.34
## Huawei交换机
# 根据实际情况修改源接口,或者不配置
info-center loghost source Vlanif999
# 设置 syslog 的目标主机
info-center loghost 192.168.88.34
# 默认情况下是Info级别,所以此命令可以不执行
info-center source default channel loghost log level informational
查看效果:
再查看此套日志系统性能占用率(很轻量级)
参考文章:
316
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
