Graylog简介
Graylog是一个开源的完整的日志管理工具,功能和ELK类似,安装部署更方便。
官方网站 https://www.graylog.org
1、pom.xml引入以下包
<!--日志收集-->
<dependency>
<groupId>de.siegmar</groupId>
<artifactId>logback-gelf</artifactId>
<version>2.1.0</version>
</dependency>
2、logback.xml文件名修改成logback-spring.xml。
3、logback-spring.xml配置如下:
<!--引用 application-xxx.yml 里的配置-->
<springProperty scope="context" name="graylog.graylogHost" source="graylog.graylogHost"/>
<springProperty scope="context" name="graylog.graylogPort source="graylog.graylogPort"/>
<springProperty scope="context" name="graylog.app_name" source="graylog.app_name"/>
<springProperty scope="context" name="address.ip" source="address.ip"/>
<!--统一日志收集平台配置-->
<appender name="GELF" class="de.siegmar.logbackgelf.GelfUdpAppender">
<graylogHost>${graylog.graylogHost}</graylogHost>
<graylogPort>${graylog.graylogPort}</graylogPort>
<maxChunkSize>508</maxChunkSize>
<useCompression>true</useCompression>
<encoder class="de.siegmar.logbackgelf.GelfEncoder">
<includeRawMessage>false</includeRawMessage>
<includeMarker>true</includeMarker>
<includeMdcData>true</includeMdcData>
<includeCallerData>false</includeCallerData>
<includeRootCauseData>false</includeRootCauseData>
<includeLevelName>true</includeLevelName>
<shortPatternLayout class="ch.qos.logback.classic.PatternLayout">
<pattern>%m%nopex</pattern>
</shortPatternLayout>
<fullPatternLayout class="ch.qos.logback.classic.PatternLayout">
<pattern>%m%n</pattern>
</fullPatternLayout>
<numbersAsString>false</numbersAsString>
<staticField>app_name:${graylog.app_name}</staticField>
<staticField>os_arch:${os.arch}</staticField>
<staticField>os_name:${os.name}</staticField>
<staticField>java_version:${java.version}</staticField>
<staticField>address_ip:${address.ip}</staticField>
</encoder>
</appender>
<root level="INFO">
<appender-ref ref="GELF" />
</root>
4、spring-boot中加入如下配置:
# graylog
graylog.graylogHost: 10.10.11.103
graylog.graylogPort: 28082
graylog.app_name: cloud-graylog
address.ip: ${spring.cloud.client.ip-address}
5、界面首页Search:默认用户:admin 密码:admin
搜索举例:
(1)搜索某个项目:app_name:spring-boot(spring-boot项目名)。
(2)搜索日志级别:app_name:spring-boot AND level_name:INFO (AND:一定大写、INFO:日志级别,一定大写)。
(3)搜索日志内容:app_name:play-guizhou-gateway-dev AND level_name:INFO AND '内容'(‘内容’:日志需要查询内容,双引号指的是精确查询、不加双引号模糊查询)。
(4)选择时间 下拉选择最近多久时间日志。
(5)选择时间段
下拉选择Absolute选择查询日志时间。
http://docs.graylog.org/en/3.0/pages/queries.html (官网查询规则。)
二、demo代码仓库。
https://github.com/xplx/cloud-graylog.git
三、使用docker安装graylog环境
1、安装mongo(用户储存graylog配置文件)
docker pull mongo:3 (拉镜像)
-- 创建文件(保存Mongodb数据)
mkdir /data/mongodb0
-- 启动mogodb
docker run --name mongo -v /data/mongodb0:/data/db -p 27017:27017 -d 7494a2ec70c9
-v后面的参数表示把数据文件挂载到宿主机的路径
-p把mongo端口映射到宿主机的指定端口
--auth表示连接mongodb需要授权(不用授权,不需要加上)
docker exec -it mongo mongo admin -- 进入容器
2、安装elasticsearch(用于保存日志数据)
pull docker.elastic.co/elasticsearch/elasticsearch:5.6.3 (拉镜像)
-e ES_JAVA_OPTS="-Xms256m -Xmx256m" //设置初始内存 和最大内存
启动elasticsearch
docker run -p 9200:9200 -p 9300:9300 --name elasticsearch \
-e ES_JAVA_OPTS="-Xms256m -Xmx256m" \
-e http.host=0.0.0.0 \
-e transport.host=localhost \
-e network.host=0.0.0.0 \
-e http.cors.allow-origin=http://192.168.124.129:28060 \
-e http.cors.allow-headers=X-Requested-With,X-Auth-Token,Content-Type,Content-Length,Authorization \
-e http.cors.allow-credentials=true \
-e xpack.security.enabled=false \
-d 8b4495052160
xpack.security.enabled:关不安全设置
返回如下内容,说明成功
http://192.168.124.129:9200/ 访问是否成功
浏览器返回如下信息,证明安装成功
{
"name" : "kdJt_qz",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "24MHPea3QCGX10L_yyxe4A",
"version" : {
"number" : "5.6.10",
"build_hash" : "b727a60",
"build_date" : "2018-06-06T15:48:34.860Z",
"build_snapshot" : false,
"lucene_version" : "6.6.1"
},
"tagline" : "You Know, for Search"
}
3、grallog启动
docker pull graylog/graylog:3.0 (拉镜像)
docker run --link mongo --link elasticsearch --name graylog \
-p 9000:9000 -p 12201:12201/udp -p 1514:1514 -p 5555:5555 \
-e GRAYLOG_PASSWORD_SECRET=somepasswordpepper \
-e GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918 \
-e GRAYLOG_WEB_ENDPOINT_URI=http://192.168.124.129:9000 \
-e GRAYLOG_HTTP_EXTERNAL_URI=http://192.168.124.129:9000/ \
-e GRAYLOG_WEB_LISTEN_URI=http://0.0.0.0:9000 \
-e GRAYLOG_REST_LISTEN_URI=http://0.0.0.0:9000/api \
-e GRAYLOG_ROOT_TIMEZONE=Asia/Shanghai \
-e GRAYLOG_ALLOW_HIGHLIGHTING=true \
-v graylog_journal:/usr/share/graylog/data/journal \
-d 5a55cba56cf8
## GRAYLOG_HTTP_EXTERNAL_URI:需要修改,电脑本机ip,否则无法访问
//设置高亮
-e GRAYLOG_ALLOW_HIGHLIGHTING=true
4、docker-compose构建
version: '3'
services:
graylog-mongo:
image: '192.168.0.108:1180/dev_tools/mongo:latest'
container_name: graylog-mongo
hostname: graylog-mongo
networks:
- b2c_net
ports:
- '27017:27017'
deploy:
replicas: 1
placement:
constraints:
- node.labels.role==web
restart_policy: {condition: on-failure, delay: 5s}
graylog-elasticsearch:
image: '192.168.0.108:1180/dev_tools/elasticsearch/elasticsearch:5.6.3'
container_name: graylog-elasticsearch
hostname: graylog-elasticsearch
environment:
- http.host=0.0.0.0
- transport.host=localhost
- network.host=0.0.0.0
- http.cors.allow-origin=http://log.swarm1.vgogbuy.com.cn
- http.cors.allow-headers=X-Requested-With,X-Auth-Token,Content-Type,Content-Length,Authorization
- http.cors.allow-credentials=true
- xpack.security.enabled=false
networks:
- b2c_net
ports:
- '28063:9200'
- '28064:9300'
deploy:
replicas: 1
placement:
constraints:
- node.labels.role==web
restart_policy: {condition: on-failure, delay: 5s}
graylog-graylog:
image: '192.168.0.108:1180/dev_tools/graylog/graylog:3'
container_name: graylog-graylog
hostname: graylog-graylog
environment:
- GRAYLOG_ELASTICSEARCH_HOSTS=http://192.168.0.76:28063
- GRAYLOG_MONGODB_URI=mongodb://192.168.0.76:27017/graylog
- GRAYLOG_ROOT_TIMEZONE=Asia/Shanghai
- GRAYLOG_WEB_ENDPOINT_URI=https://log.swarm1.gcongo.com/api
- GRAYLOG_HTTP_EXTERNAL_URI=https://log.swarm1.gcongo.com/
- GRAYLOG_WEB_LISTEN_URI=http://0.0.0.0:9000/
- GRAYLOG_REST_LISTEN_URI=http://0.0.0.0:9000/api
- GRAYLOG_PASSWORD_SECRET=somepasswordpepper
- GRAYLOG_ROOT_USERNAME=leon
- GRAYLOG_ROOT_PASSWORD_SHA2=33c1e9f1f9da30db0951669864dce0b6e616ad09324bc1caf2b008b41f512a3d
networks:
- b2c_net
ports:
- '28060:9000'
- '28061:12201/udp'
deploy:
replicas: 1
placement:
constraints:
- node.labels.role==web
restart_policy: {condition: on-failure, delay: 5s}
networks:
b2c_net:
external: true
driver: overlay
GRAYLOG_ROOT_USERNAME:用户名。
GRAYLOG_ROOT_PASSWORD_SHA2:密码生成sha2