docker-compose安装graylog _graylog

关山初度尘未洗，策马扬鞭再奋蹄！这篇文章主要讲述docker-compose安装graylog相关的知识，希望能为你提供帮助。
环境

graylog: 4.2
elasticsearch: 7.16.3
MongoDB: 4.2
docker: 20.10.12
docker-compose: v2.3.2
操作系统： Ubuntu20.04、rokcy-linux8.4

graylog配置文件 1. graylog.yml

version: 3 services: # MongoDB: https://hub.docker.com/_/mongo/ mongo: image: mongo:4.2 container_name: mongodb volumes: - /srv/graylog_data/mongodb:/data/db networks: - graylog # Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/7.10/docker.html elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch:7.16.3 container_name: elasticsearch volumes: - /srv/graylog_data/es:/usr/share/elasticsearch/data environment: - http.host=0.0.0.0 - transport.host=0.0.0.0 - network.host=0.0.0.0 - discovery.type=single-node - "ES_java_OPTS=-Dlog4j2.formatMsgNoLookups=true -Xms512m -Xmx512m" ulimits: memlock: soft: -1 hard: -1 deploy: resources: limits: memory: 1g networks: - graylog # Graylog: https://hub.docker.com/r/graylog/graylog/ graylog: image: graylog/graylog:4.2 container_name: graylog volumes: - /srv/graylog_data/graylog:/usr/share/graylog/data - /srv/graylog_data/graylog/config:/usr/share/graylog/data/config - /srv/graylog_data/graylog/journal:/usr/share/graylog/data/journal environment: # CHANGE ME (must be at least 16 characters)! - GRAYLOG_PASSWORD_SECRET=somepasswordpepper # Password: admin - GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918 - GRAYLOG_HTTP_EXTERNAL_URI=http://127.0.0.1:9000/ entrypoint: /usr/bin/tini -- wait-for-it elasticsearch:9200 --/docker-entrypoint.sh networks: - graylog restart: always depends_on: - mongo - elasticsearch ports: # Graylog web interface and REST API - 9000:9000 # Syslog TCP - 1514:1514 # Syslog UDP - 1514:1514/udp # GELF TCP - 12201:12201 # GELF UDP - 12201:12201/udp networks: graylog: driver: bridge

2. log4j.xml

< ?xml version="1.0" encoding="UTF-8"?> < Configuration packages="org.graylog2.log4j" shutdownHook="disable"> < Appenders> < Console name="STDOUT" target="SYSTEM_OUT"> < PatternLayout pattern="%d %-5p: %c - %m%n"/> < /Console> < !-- Internal Graylog log appender. Please do not disable. This makes internal log messages available via REST calls. --> < Memory name="graylog-internal-logs" bufferSize="500"/> < /Appenders> < Loggers> < !-- Application Loggers --> < Logger name="org.graylog2" level="info"/> < Logger name="com.github.joschi.jadconfig" level="warn"/> < !-- Prevent DEBUG message about Lucene Expressions not found. --> < Logger name="org.elasticsearch.script" level="warn"/> < !-- Disable messages from the version check --> < Logger name="org.graylog2.periodical.VersionCheckThread" level="off"/> < !-- Silence chatty natty --> < Logger name="com.joestelmach.natty.Parser" level="warn"/> < !-- Silence Kafka log chatter --> < Logger name="org.graylog.shaded.kafka09.log.Log" level="warn"/> < Logger name="org.graylog.shaded.kafka09.log.OffsetIndex" level="warn"/> < Logger name="org.apache.kafka.clients.consumer.ConsumerConfig" level="warn"/> < !-- Silence useless session validation messages --> < Logger name="org.apache.shiro.session.mgt.AbstractValidatingSessionManager" level="warn"/> < Root level="warn"> < AppenderRef ref="STDOUT"/> < AppenderRef ref="graylog-internal-logs"/> < /Root> < /Loggers> < /Configuration>

3. graylog.conf

< ?xml version="1.0" encoding="UTF-8"?> < Configuration packages="org.graylog2.log4j" shutdownHook="disable"> < Appenders> < Console name="STDOUT" target="SYSTEM_OUT"> < PatternLayout pattern="%d %-5p: %c - %m%n"/> < /Console> < !-- Internal Graylog log appender. Please do not disable. This makes internal log messages available via REST calls. --> < Memory name="graylog-internal-logs" bufferSize="500"/> < /Appenders> < Loggers> < !-- Application Loggers --> < Logger name="org.graylog2" level="info"/> < Logger name="com.github.joschi.jadconfig" level="warn"/> < !-- Prevent DEBUG message about Lucene Expressions not found. --> < Logger name="org.elasticsearch.script" level="warn"/> < !-- Disable messages from the version check --> < Logger name="org.graylog2.periodical.VersionCheckThread" level="off"/> < !-- Silence chatty natty --> < Logger name="com.joestelmach.natty.Parser" level="warn"/> < !-- Silence Kafka log chatter --> < Logger name="org.graylog.shaded.kafka09.log.Log" level="warn"/> < Logger name="org.graylog.shaded.kafka09.log.OffsetIndex" level="warn"/> < Logger name="org.apache.kafka.clients.consumer.ConsumerConfig" level="warn"/> < !-- Silence useless session validation messages --> < Logger name="org.apache.shiro.session.mgt.AbstractValidatingSessionManager" level="warn"/> < Root level="warn"> < AppenderRef ref="STDOUT"/> < AppenderRef ref="graylog-internal-logs"/> < /Root> < /Loggers> < /Configuration>

graylog安装 1.将上面配置文件目录创建好

mkdir -p /srv/graylog_data/mongodb /srv/graylog_data/es /srv/graylog_data/graylog /srv/graylog_data/graylog/config /srv/graylog_data/graylog/journal /srv/graylog_data/graylog/contentpacks /srv/graylog_data/graylog/log /srv/graylog_data/graylog/plugin

2. 配置文件移动到指定目录

# 移动graylog.yml到指定目录 mv graylog.yml /srv/docker_compose/graylog # 移动graylog.conf mv graylog.conf /srv/graylog_data/graylog/config # 移动log4j2.xml mv log4j2.xml /srv/graylog_data/graylog/config

3. 授权文件及目录

chmod 777 /srv/graylog_data/mongodb chmod 777 /srv/graylog_data/es chmod 777 /srv/graylog_data/graylog chmod 777 /srv/graylog_data/graylog/config chmod 777 /srv/graylog_data/graylog/journal chmod 777 /srv/graylog_data/graylog/config/graylog.conf chmod 777 /srv/graylog_data/graylog/config/log4j2.xml chmod +x /srv/docker_compose/graylog.yml

4. 部署

docker-compose -f graylog.yml up -d

5. 关闭防火墙

# ubuntu ufw disable # centos systemctl disable firewalld

6. 验证是否都启动成功

docker ps

文章图片

7. 登录graylog

文章图片

8.配置http模式

文章图片

9.发送日志测试

curl -X POST http://172.19.0.4:12201/gelf -p0 -d "short_message":"你好呀graylog","host":"172.19.0.4","facility":"test", "_foo":"bar"

上面ip为容器ip，docker inspect graylog
graylog发送方式

文章图片

问题与解决 1. 问题1

max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

2. 解决

# 查看配置 grep vm.max_map_count /etc/sysctl.conf # 添加配置 echo vm.max_map_count=262144 > > /etc/sysctl.conf # 查看 grep vm.max_map_count /etc/sysctl.conf #立即生效 sysctl -w vm.max_map_count=262144

3.问题2

graylog-elasticsearch-1| [2]: the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured

4. 解决