Febbweiss/docker-log-centralizer
1
0
Fork 0
mirror of https://github.com/Febbweiss/docker-log-centralizer.git synced 2026-03-04 14:25:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Feature: add rsyslog multiline logs

Browse Source
This commit is contained in:
Febbweiss
2017-05-24 14:59:12 +02:00
parent 104cecde72
commit 84dbfe7dba
6 changed files with 68 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
docker-compose.yml
View File

@@ -8,6 +8,10 @@ services:
image: febbweiss/apache-log-generator image: febbweiss/apache-log-generator
volumes: volumes:
- ./logs/apache:/var/log/apache - ./logs/apache:/var/log/apache
java_log_generator:
image: febbweiss/java-log-generator
volumes:
- ./logs/java:/var/log/java
random_log_generator: # Star Wars quote generator random_log_generator: # Star Wars quote generator
image: davidmccormick/random_log_generator image: davidmccormick/random_log_generator
command: python log_generator.py --logFile /var/log/random/random.log command: python log_generator.py --logFile /var/log/random/random.log
@@ -33,6 +37,14 @@ services:
- ./logs/apache:/var/log/apache - ./logs/apache:/var/log/apache
links: links:
- shipper - shipper
rsyslog:
image: camptocamp/rsyslog-bin
volumes:
- ./rsyslog/conf.d:/etc/rsyslog-confd
- ./rsyslog/rsyslog.conf:/etc/rsyslog.conf
- ./logs/java:/var/log/java
links:
- shipper
#################### ####################
# Logstash shipper # # Logstash shipper #
#################### ####################

12
logstash/indexer/pipeline/kafka_elasticsearch.conf
View File

@@ -23,6 +23,12 @@ input {
topics => ["apache-forwarder"] topics => ["apache-forwarder"]
client_id => "logstash_indexer_1" client_id => "logstash_indexer_1"
} }
kafka {
codec => json{}
bootstrap_servers => "kafka:9092"
topics => ["javalog"]
client_id => "logstash_indexer_1"
}
} }
filter { filter {
@@ -130,6 +136,12 @@ output {
index => "apache-%{+YYYYMM}" index => "apache-%{+YYYYMM}"
} }
} }
if [type] == "javalog" {
elasticsearch {
hosts => ["elasticsearch:9200"]
index => "javalog-%{+YYYYMM}"
}
}
if [type] == "random-forwarder" { if [type] == "random-forwarder" {
elasticsearch { elasticsearch {
hosts => ["elasticsearch:9200"] hosts => ["elasticsearch:9200"]

21
logstash/shipper/pipeline/beat_kafka.conf
View File

@@ -2,12 +2,33 @@ input {
beats { beats {
port => 5044 port => 5044
} }
udp {
port => 10514
type => "syslog"
}
lumberjack { lumberjack {
port => 5043 port => 5043
ssl_key => "/ssl/selfsigned.key" ssl_key => "/ssl/selfsigned.key"
ssl_certificate => "/ssl/selfsigned.crt" ssl_certificate => "/ssl/selfsigned.crt"
} }
} }
filter {
if [type] == "syslog" {
mutate {
gsub => [ "message", "\t", "\\t" ]
}
if ![programname] {
json {
source => "message"
}
}
mutate {
replace => [ "type", "%{programname}" ]
}
}
}
output { output {
kafka { kafka {
codec => json codec => json

11
rsyslog/conf.d/rsyslog-json.conf Normal file
View File

@@ -0,0 +1,11 @@
template(name="ls_json"
type="list"
option.json="on") {
constant(value="{")
constant(value="\"@timestamp\":\"") property(name="timereported" dateFormat="rfc3339")
constant(value="\",\"message\":\"") property(name="msg")
constant(value="\",\"host\":\"") property(name="hostname")
constant(value="\",\"programname\":\"") property(name="programname")
constant(value="\",\"procid\":\"") property(name="procid")
constant(value="\"}")
}

9
rsyslog/conf.d/rsyslog.conf Normal file
View File

@@ -0,0 +1,9 @@
module(load="imfile" PollingInterval="10" mode="inotify") #needs to be done just once
input(type="imfile"
File="/var/log/java/*.log"
Tag="javalog"
PersistStateInterval="100"
Severity="info"
startmsg.regex="^[[:digit:]]{1,2}-[[:digit:]]{1,2}-[[:digit:]]{1,4} [[:digit:]]{1,2}:[[:digit:]]{1,2}:[[:digit:]]{1,2}"
)

3
rsyslog/rsyslog.conf Normal file
View File

@@ -0,0 +1,3 @@
$IncludeConfig /etc/rsyslog-confd/*.conf
*.* @shipper:10514;ls_json