docker安装ELK

发表于 阅读次数:

elk安装

docker-compose.yml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
version: '3.8'
services:
  elasticsearch:
    image: elasticsearch:7.12.1
    container_name: elasticsearch7
    volumes:
      - ./elasticsearch/data/:/usr/share/elasticsearch/data
    environment:
      - 'discovery.type=single-node'
    ports:
      - 9201:9200 
      - 9301:9300
    restart: unless-stopped

  logstash:
    image: logstash:7.12.1
    container_name: logstash7
    volumes:
      - ./logstash/data/:/usr/share/logstash/data
      - ./logstash/config/:/usr/share/logstash/config 
      - ./logstash/pipeline/:/usr/share/logstash/pipeline 
    ports:
      - 5044:5044 
      - 5602:5602 
      - 9600:9600
    extra_hosts:
      - host.docker.internal:host-gateway

  kibana:
    image: kibana:7.12.1
    container_name: kibana7
    environment:
      - 'ELASTICSEARCH_HOSTS=http://host.docker.internal:9201'
      - 'I18N_LOCALE=zh-CN'
    ports:
      - 5601:5601 
    extra_hosts:
      - host.docker.internal:host-gateway
1
2
docker-compose up -f
docker-compose down

logstash与log4j2配置

logstash/pipeline/logstash.conf文件配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
input { 
    tcp {
     host =>"0.0.0.0"
     port => 5602
      codec => json {
             charset => "UTF-8"
         }
	}
    stdin{}
} 
filter{
   json{
      source => "message"
   }
}
output {
     elasticsearch { 
        #action => "index"
		manage_template => false
        hosts => "host.docker.internal:9201"
        index => "logstash-security-%{+YYYY-MM-dd}"
		document_type => "logstash"
     }
     stdout { codec=> rubydebug } 
}

log4j2配置

pom.xml

1
2
3
4
5
<dependency>
    <groupId>net.logstash.logback</groupId>
    <artifactId>logstash-logback-encoder</artifactId>
    <version>6.6</version>
</dependency>

log4j2.xml

1
2
3
4
5
6
7
8
9
10
11
12
<Configuration>
    <Appenders>
        <Socket name="logstash" host="192.168.1.103" port="5602" protocol="TCP">
            <PatternLayout pattern="${FILE_LOG_PATTERN}"/>
        </Socket>
    </Appenders>
    <Loggers>
        <Root level="info">
            <appender-ref ref="logstash"/>
        </Root>
    </Loggers>
</Configuration>