Fluent-BitでファイルにJSON形式でログ出力する

 
カテゴリー Container Logging   タグ

ファイルに出力する

ファイルへの出力はFileOutputプラグインを使用する

docker-compose.yml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
version: '3.5'
services:
  web1:
    image: nginx:latest
    ports:
      - "8888:80" 
    depends_on:
      - fluent-bit
    command: [nginx-debug, '-g', 'daemon off;']
    logging:
      driver: fluentd
      options:
        fluentd-address: "localhost:24224"
        fluentd-async-connect: "false"
  web2:
    image: nginx:latest
    ports:
      - "8889:80" 
    depends_on:
      - fluent-bit
    command: [nginx-debug, '-g', 'daemon off;']
    logging:
      driver: fluentd
      options:
        fluentd-address: "localhost:24224"
        fluentd-async-connect: "false"
  fluent-bit:
    image: fluent/fluent-bit
    volumes:
        - ./fluent-bit.conf:/fluent-bit/etc/fluent-bit.conf
        - ./log:/log:rw
    ports:
      - "24224:24224"

fluent-bit.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
[SERVICE]
    Log_Level       info
    Parsers_File    parsers.conf

[INPUT]
    Name    forward
    Listen  0.0.0.0
    Port    24224

[FILTER]
    Name parser
    Match *
    Key_Name log
    Parser nginx
    Preserve_Key Off
    Reserve_Data On

[OUTPUT]
    Name file
    Match *
    Path /log/

どのように記録されるか?

標準設定で出力してみる

‘/log’ディレクトリには以下のファイルが作成された

1
2
3
4
Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
-a---l        2021/08/15     14:15          16383 247a34282381
-a---l        2021/08/15     14:12           2205 9b0fd4a80449

ファイルにはeginxのログが記録されている

1
2
3
4
5
6
7
8
9
10
247a34282381: [1629004368.000000000, {"source":"stdout","log":"/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration","container_id":"247a342823810c30c81814b59743aa4da98240b96bac829f0558770956925f67","container_name":"/output-jsonfile_web1_1"}]
247a34282381: [1629004368.000000000, {"container_id":"247a342823810c30c81814b59743aa4da98240b96bac829f0558770956925f67","container_name":"/output-jsonfile_web1_1","source":"stdout","log":"/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/"}]
247a34282381: [1629004368.000000000, {"container_name":"/output-jsonfile_web1_1","source":"stdout","log":"/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh","container_id":"247a342823810c30c81814b59743aa4da98240b96bac829f0558770956925f67"}]
247a34282381: [1629004368.000000000, {"log":"10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf","container_id":"247a342823810c30c81814b59743aa4da98240b96bac829f0558770956925f67","container_name":"/output-jsonfile_web1_1","source":"stdout"}]
247a34282381: [1629004368.000000000, {"log":"10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf","container_id":"247a342823810c30c81814b59743aa4da98240b96bac829f0558770956925f67","container_name":"/output-jsonfile_web1_1","source":"stdout"}]
247a34282381: [1629004368.000000000, {"log":"/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh","container_id":"247a342823810c30c81814b59743aa4da98240b96bac829f0558770956925f67","container_name":"/output-jsonfile_web1_1","source":"stdout"}]
247a34282381: [1629004368.000000000, {"log":"/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh","container_id":"247a342823810c30c81814b59743aa4da98240b96bac829f0558770956925f67","container_name":"/output-jsonfile_web1_1","source":"stdout"}]
247a34282381: [1629004368.000000000, {"container_id":"247a342823810c30c81814b59743aa4da98240b96bac829f0558770956925f67","container_name":"/output-jsonfile_web1_1","source":"stdout","log":"/docker-entrypoint.sh: Configuration complete; ready for start up"}]
247a34282381: [1629004383.000000000, {"remote":"172.27.0.1","host":"-","user":"-","method":"GET","path":"/","code":"304","size":"0","referer":"-","agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36","container_id":"247a342823810c30c81814b59743aa4da98240b96bac829f0558770956925f67","container_name":"/output-jsonfile_web1_1","source":"stdout"}]
247a34282381: [1629004384.000000000, {"remote":"172.27.0.1","host":"-","user":"-","method":"GET","path":"/","code":"304","size":"0","referer":"-","agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36","container_id":"247a342823810c30c81814b59743aa4da98240b96bac829f0558770956925f67","container_name":"/output-jsonfile_web1_1","source":"stdout"}]

ログフォーマットは?

標準のフォーマットはtag: [time, {"key1":"value1", "key2":"value2", "key3":"value3"}]というもの。

タグがファイル名として使用され、タグとタイムスタンプ以外はJSON形式になっている。

ログファイル名をカスタマイズしたい

ログファイル名はタグが使用されるので、タグ名をファイル名として整形すれば希望のログファイル名を設定できる。
docker-composeで起動している場合、docker-composeのオプションでタグを調整する。

loggingoptionstag: "logfile_name_${DATE_YYYYMMDD}.log"のような設定を行う。
dateコマンドなどでYYYYMMDD形式に整形した日付を環境変数DATE_YYYYMMDDとして定義する。

ログは/log/logfile_name_YYYYMMDD.logのようなファイルで生成される。

docker-compose.ymlタグ修正版

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
version: '3.5'
services:
  web1:
    image: nginx:latest
    ports:
      - "8888:80" 
    depends_on:
      - fluent-bit
    command: [nginx-debug, '-g', 'daemon off;']
    logging:
      driver: fluentd
      options:
        fluentd-address: "localhost:24224"
        fluentd-async-connect: "false"
        tag: "logfile_name_${DATE_YYYYMMDD}.log"
  web2:
    image: nginx:latest
    ports:
      - "8889:80" 
    depends_on:
      - fluent-bit
    command: [nginx-debug, '-g', 'daemon off;']
    logging:
      driver: fluentd
      options:
        fluentd-address: "localhost:24224"
        fluentd-async-connect: "false"
        tag: "logfile_name_${DATE_YYYYMMDD}.log"
  fluent-bit:
    image: fluent/fluent-bit
    volumes:
        - ./fluent-bit.conf:/fluent-bit/etc/fluent-bit.conf
        - ./log:/log:rw
    ports:
      - "24224:24224"

コメント・シェア

EFKスタックをdocker-composeでマルチノードを構成する

 
カテゴリー Container Logging   タグ

EFK Composeをマルチノード化する

Docker Logging Efk Composeで、docker-composeを使ったELKスタックの例があるが、これをElasticSearchのマルチノード構成にする。

docker-compsoe.yml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
version: '3.7'
services:
  web:
    image: httpd
    ports:
      - "8080:80"
    links:
      - fluentd
    logging:
      driver: "fluentd"
      options:
        fluentd-address: "localhost:24224"
        fluentd-async-connect: "false"
        tag: httpd.access
    networks:
      - elastic

  fluentd:
    build: ./fluentd
    volumes:
      - ./fluentd/conf:/fluentd/etc
    links:
      - es01
      - es02
      - es03
    ports:
      - "24224:24224"
      - "24224:24224/udp"
    networks:
      - elastic

  es01:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.12.1
    container_name: es01
    environment:
      - node.name=es01
      - cluster.name=es-docker-cluster
      - discovery.seed_hosts=es02,es03
      - cluster.initial_master_nodes=es01,es02,es03
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ./data/data01:/usr/share/elasticsearch/data:rw
    ports:
      - 9200:9200
    networks:
      - elastic

  es02:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.12.1
    container_name: es02
    environment:
      - node.name=es02
      - cluster.name=es-docker-cluster
      - discovery.seed_hosts=es01,es03
      - cluster.initial_master_nodes=es01,es02,es03
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ./data/data02:/usr/share/elasticsearch/data:rw
    networks:
      - elastic

  es03:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.12.1
    container_name: es03
    environment:
      - node.name=es03
      - cluster.name=es-docker-cluster
      - discovery.seed_hosts=es01,es02
      - cluster.initial_master_nodes=es01,es02,es03
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ./data/data03:/usr/share/elasticsearch/data:rw
    networks:
      - elastic

  kib01:
    image: docker.elastic.co/kibana/kibana:7.12.1
    container_name: kib01
    ports:
      - 5601:5601
    links:
      - es01
      - es02
      - es03
    environment:
      ELASTICSEARCH_URL: http://es01:9200
      ELASTICSEARCH_HOSTS: '["http://es01:9200","http://es02:9200","http://es03:9200"]'
    networks:
      - elastic

networks:
  elastic:
    driver: bridge

fluentd/conf/fluent.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# fluentd/conf/fluent.conf
<source>
  @type forward
  port 24224
  bind 0.0.0.0
</source>
<match *.**>
  @type copy
  <store>
    @type elasticsearch
    host es01
    port 9200
    logstash_format true
    logstash_prefix fluentd
    logstash_dateformat %Y%m%d
    include_tag_key true
    type_name access_log
    tag_key @log_name
    flush_interval 1s
    reconnect_on_error true
    reload_on_failure true
    reload_connections false
  </store>
  <store>
    @type stdout
  </store>
</match>

fluentd/Dockerfile

1
2
3
# fluentd/Dockerfile
FROM fluent/fluentd:latest
RUN gem install fluent-plugin-elasticsearch --no-rdoc --no-ri

Kibanaの状態

Kibanaにアクセス。

Kibana width=640

左上のメニューからStack Managemetを選択。

Kibana width=640

Index Managementを選択。fluentd-YYYYMMDDの形式でインデックスが登録されている。

Kibana width=640

コメント・シェア

SplashのLuaスクリプトでgsubやgmatchがうごかない

 
カテゴリー Lua Python   タグ

Splash上で正規表現動かない

Splash上のLuaスクリプトで特定の標準ライブラリが動かない・・・正規表現を使うタイプのものが動かないようだ。

1
'Error happened while executing Lua script', 'info': {'source': '[string "..."]', 'line_number': 107, 'error': "attempt to call field 'gsub' (a nil value)", 'type': 'LUA_ERROR', 'message': 'Lua error: [string "..."]:107: attempt to call field \'gsub\' (a nil value)'}}

Splashの制限によるものだ

SplashのLuaサンドボックスでリソース食いのものが制限されている。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
local _string = {
  byte = string.byte,
  char = string.char,
  find = string.find,
  format = string.format,
--  gmatch = string.gmatch,     -- can be CPU intensive
--  gsub = string.gsub,         -- can be CPU intensive; can result in arbitrary native code execution (in 5.1)?
  len = string.len,
  lower = string.lower,
--  match = string.match,       -- can be CPU intensive
--  rep = string.rep,           -- can eat memory
  reverse = string.reverse,
  sub = string.sub,
  upper = string.upper,
}

どうすればいい?

Splash起動時に--disable-lua-sandboxでLuaサンドボックスを無効化すればいい。

コメント・シェア

リモートブランチを消してしまったときに

 
カテゴリー Git   タグ

リモートブランチが消えた時に

リモートのブランチが消えてしまった?

1
2
3
PS > git pull
Your configuration specifies to merge with the ref 'refs/heads/issue90'
from the remote, but no such ref was fetched.

ローカルブランチがあるなら

ローカルがあるならpushするだけ

1
2
3
4
5
6
7
8
9
10
11
12
13
14
PS > git push origin issue90
Enumerating objects: 5, done.
Counting objects: 100% (5/5), done.
Delta compression using up to 16 threads
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 555 bytes | 555.00 KiB/s, done.
Total 3 (delta 2), reused 0 (delta 0)
remote: Resolving deltas: 100% (2/2), completed with 2 local objects.
remote:
remote: Create a pull request for 'issue90' on GitHub by visiting:
remote:      https://github.com/{USER}/{REPO}/pull/new/issue90
remote:
To XXXXXXXXXXXXXX:{USER}/{REPO}
 * [new branch]      issue90 -> issue90

pullすると正常にリモートを参照できている

1
2
PS > git pull
Already up to date.

コメント・シェア

  • page 1 of 1


nullpo

めも


募集中


Japan