Graylog是一个开源的日志聚合、分析、审计、展现和预警工具。功能上和ELK类似,但又比ELK要简单,依靠着更加简洁,高效,部署使用简单的优势很快受到许多人的青睐。
使用Docker安装
官方文档:https://docs.graylog.org/en/3.3/pages/installation/docker.html
1、配置文件 docker-compose.yml
version: '3'
services:
# MongoDB: https://hub.docker.com/_/mongo/
mongo:
image: mongo:3
networks:
- graylog
# Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/6.x/docker.html
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.8.10
environment:
- http.host=0.0.0.0
- transport.host=localhost
- network.host=0.0.0.0
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
deploy:
resources:
limits:
memory: 1g
networks:
- graylog
# Graylog: https://hub.docker.com/r/graylog/graylog/
graylog:
image: graylog/graylog:3.3
environment:
# CHANGE ME (must be at least 16 characters)!
- GRAYLOG_PASSWORD_SECRET=somepasswordpepper
# Password: admin
- GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
# 访问URL
- GRAYLOG_HTTP_EXTERNAL_URI=http://127.0.0.1:9000/
# 设置时区,不然会时间不对
- GRAYLOG_ROOT_TIMEZONE=Asia/Shanghai
networks:
- graylog
depends_on:
- mongo
- elasticsearch
ports:
# Graylog web interface and REST API
- 9000:9000
# Syslog TCP
- 1514:1514
# Syslog UDP
- 1514:1514/udp
# GELF TCP
- 12201:12201
# GELF UDP
- 12201:12201/udp
networks:
graylog:
driver: bridge
2、运行启动所有三个Docker容器
docker-compose up
在新窗口打开,查看容器进程
3、浏览器中打开http://127.0.0.1:9000/ ,账户密码:admin/admin
4、手动配置input
5、通过CRUL发送日志消息
$ curl -XPOST http://127.0.0.1:12201/gelf -p0 -d '{"message":"hello Tinywan222", "host":"127.0.0.1", "facility":"test", "topic": "meme"}'
$ curl -XPOST http://127.0.0.1:12201/gelf -p0 -d '{"message":"hello Tinywan 2020", "host":"127.0.0.1", "facility":"test", "topic": "meme"}'
6、打开控制台,查看是否接受成功
7、结束