Fluentd是比logstash和filebeat更轻量级的日志采集工具。本文介绍Fluentd安装使用方法。
安装部署
基于rpm包安装
cat << 'EOT' >> /etc/security/limits.conf
root soft nofile 65536
root hard nofile 65536
* soft nofile 65536
* hard nofile 65536
EOT
cat << 'EOT' >> /etc/sysctl.conf
net.core.somaxconn = 1024
net.core.netdev_max_backlog = 5000
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_wmem = 4096 12582912 16777216
net.ipv4.tcp_rmem = 4096 12582912 16777216
net.ipv4.tcp_max_syn_backlog = 8096
net.ipv4.tcp_slow_start_after_idle = 0
net.ipv4.tcp_tw_reuse = 1
net.ipv4.ip_local_port_range = 10240 65535
EOT
执行:
sysctl -p
curl -L https://toolbelt.treasuredata.com/sh/install-redhat-td-agent4.sh | sh
配置文件说明
- source: 定义数据源
- match: 定义数据的输出目标
- filter: 事件处理管道
- system: 设置系统范围配置
- label: 用来组织filter和match
- @include: 重用配置
syslog demo
编辑/etc/td-agent/td-agent.conf如下:
<source>
@type syslog
port 5140
bind 0.0.0.0
tag demo
</source>
<match demo.**>
@type file
@id output_file
path /var/log/td-agent/demo
</match>
测试:
[root@c4-11 demo]# nc -vu 10.76.4.11 5140
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 10.76.4.11:5140.
sdf
abc
# 日志如下:
2021-02-09 16:15:15 +0800 [warn]: #0 failed to parse message data="sdf"
2021-02-09 16:15:16 +0800 [warn]: #0 failed to parse message data="abc"
Docker日志收集
准备
/path/to/conf/fluent.conf
<source>
@type forward
</source>
<match *>
@type file
path /fluentd/log/${tag}/${tag}
append true
<format>
@type single_value
message_key log
</format>
<buffer tag,time>
@type file
timekey 1d
timekey_wait 10m
flush_mode interval
flush_interval 30s
</buffer>
</match>
mkdir -p /path/to/log/fluentd
启动容器
docker run -it -d \
-p 24224:24224 \
-v /path/to/conf/fluent.conf:/fluentd/etc/fluent.conf \
-v /path/to/log/fluentd:/fluentd/log
fluent/fluentd:v1.3
docker启动容器配置
docker run -it -d \
--log-driver=fluentd \
--log-opt fluentd-address=<fluentdhost>:24224 \
--log-opt mode=non-blocking \
--log-opt tag={{.Name}} \
busybox \
/bin/sh -c i=0; while true; do echo "$i: $(date)"; i=$((i+1)); sleep 1; done
启动后,可以在/path/to/log/fluentd查看到日志。
插件
- fluent-plugin-forest: 路径中加入tag
- fluent-plugin-record-reformer: 修改record
- fluent-plugin-rewrite-tag-filter: 修改tag
- fluent-plugin-grep: 正则匹配日志内容、筛选