新款kubernetes日志收集利器fluent bit
2017-06-20 17:13
197 查看
Fluent Bit是一个开源和多平台的日志转发器 ,可以让您从不同来源收集数据/日志,统一并将其发送到多个目的地。它与Docker和Kubernetes环境完全兼容。
Fluent Bit用C编写,具有支持30个扩展的可插拔架构。它快速轻便,通过TLS提供网络操作所需的安全性。
最主要的是支持app分类,按容器id app等排序爽,而不是fluentd只有一个tag非常乱。
此config我已加入监控 cpu 内存 磁盘等
kubectl create 启动即可
cat fluent-bit-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: fluent-bit
# namespace: logging
labels:
component: fluent-bit
data:
fluent-bit.conf: |
[SERVICE]
Flush 1
Daemon Off
Log_Level info
Parsers_File parsers.conf
# HTTP_Monitor Off
# HTTP_Port 2020
[INPUT]
Name tail
Path /var/log/containers/*.log
Parser docker
Tag kube.*
Mem_Buf_Limit 5MB
# DB /path/to/logs.db
# [INPUT]
# Name kmsg
# Tag kernel
[INPUT]
Name disk
Tag disk
Interval_Sec 60
[INPUT]
Name cpu
Tag my_cpu
[INPUT]
Name mem
Tag memory
[FILTER]
Name kubernetes
Match kube.*
[OUTPUT]
Name es
Match *
Host ${FLUENT_ELASTICSEARCH_HOST}
Port ${FLUENT_ELASTICSEARCH_PORT}
Logstash_Format On
Logstash_Prefix fluent-bit
Retry_Limit False
parsers.conf: |
[PARSER]
Name apache
Format regex
Regex ^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name apache2
Format regex
Regex ^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^ ]*) +\S*)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name apache_error
Format regex
Regex ^\[[^ ]* (?<time>[^\]]*)\] \[(?<level>[^\]]*)\](?: \[pid (?<pid>[^\]]*)\])?( \[client (?<client>[^\]]*)\])? (?<message>.*)$
[PARSER]
Name nginx
Format regex
Regex ^(?<remote>[^ ]*) (?<host>[^ ]*) (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name json-test
Format json
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name docker
Format json
Time_Key time
Time_Format %Y-%m-%dT%H:%M:%S
Time_Keep On
[PARSER]
Name syslog
Format regex
Regex ^\<(?<pri>[0-9]+)\>(?<time>[^ ]* {1,2}[^ ]* [^ ]*) (?<host>[^ ]*) (?<ident>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<pid>[0-9]+)\])?(?:[^\:]*\:)? *(?<message>.*)$
Time_Key time
Time_Format %b %d %H:%M:%S
cat fluent-bit-daemonset.yaml
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: fluent-bit
# namespace: kube-system
# namespace: logging
labels:
k8s-app: fluent-bit-logging
version: v1
kubernetes.io/cluster-service: "true"
spec:
template:
metadata:
labels:
k8s-app: fluent-bit-logging
version: v1
kubernetes.io/cluster-service: "true"
spec:
containers:
- name: fluent-bit
image: 192.168.1.103/k8s_public/fluent-bit:0.11.2
# image: fluent/fluent-bit-kubernetes-daemonset:latest
env:
- name: FLUENT_ELASTICSEARCH_HOST
value: "elasticsearch-logging"
- name: FLUENT_ELASTICSEARCH_PORT
value: "9200"
resources:
limits:
memory: 100Mi
requests:
cpu: 100m
memory: 100Mi
volumeMounts:
- name: config
mountPath: /fluent-bit/etc
- name: host-var-log
mountPath: /var/log
- name: host-var-lib-docker-containers
mountPath: /var/lib/docker/containers
# readOnly: true
- name: minikube-var-lib-docker-containers
mountPath: /mnt/sda1/var/lib/docker/containers
terminationGracePeriodSeconds: 10
volumes:
- name: config
configMap:
name: fluent-bit
- name: host-var-log
hostPath:
path: /var/log
- name: host-var-lib-docker-containers
hostPath:
path: /var/lib/docker/containers
- name: minikube-var-lib-docker-containers
hostPath:
path: /mnt/sda1/var/lib/docker/containers
#注意namespace 我这里为default , 如果你是其它namespace 要和es空间一致,kibana上创建索引注意头部为fluent-bit-*
Fluent Bit用C编写,具有支持30个扩展的可插拔架构。它快速轻便,通过TLS提供网络操作所需的安全性。
最主要的是支持app分类,按容器id app等排序爽,而不是fluentd只有一个tag非常乱。
此config我已加入监控 cpu 内存 磁盘等
kubectl create 启动即可
cat fluent-bit-configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: fluent-bit
# namespace: logging
labels:
component: fluent-bit
data:
fluent-bit.conf: |
[SERVICE]
Flush 1
Daemon Off
Log_Level info
Parsers_File parsers.conf
# HTTP_Monitor Off
# HTTP_Port 2020
[INPUT]
Name tail
Path /var/log/containers/*.log
Parser docker
Tag kube.*
Mem_Buf_Limit 5MB
# DB /path/to/logs.db
# [INPUT]
# Name kmsg
# Tag kernel
[INPUT]
Name disk
Tag disk
Interval_Sec 60
[INPUT]
Name cpu
Tag my_cpu
[INPUT]
Name mem
Tag memory
[FILTER]
Name kubernetes
Match kube.*
[OUTPUT]
Name es
Match *
Host ${FLUENT_ELASTICSEARCH_HOST}
Port ${FLUENT_ELASTICSEARCH_PORT}
Logstash_Format On
Logstash_Prefix fluent-bit
Retry_Limit False
parsers.conf: |
[PARSER]
Name apache
Format regex
Regex ^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name apache2
Format regex
Regex ^(?<host>[^ ]*) [^ ]* (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^ ]*) +\S*)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name apache_error
Format regex
Regex ^\[[^ ]* (?<time>[^\]]*)\] \[(?<level>[^\]]*)\](?: \[pid (?<pid>[^\]]*)\])?( \[client (?<client>[^\]]*)\])? (?<message>.*)$
[PARSER]
Name nginx
Format regex
Regex ^(?<remote>[^ ]*) (?<host>[^ ]*) (?<user>[^ ]*) \[(?<time>[^\]]*)\] "(?<method>\S+)(?: +(?<path>[^\"]*?)(?: +\S*)?)?" (?<code>[^ ]*) (?<size>[^ ]*)(?: "(?<referer>[^\"]*)" "(?<agent>[^\"]*)")?$
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name json-test
Format json
Time_Key time
Time_Format %d/%b/%Y:%H:%M:%S %z
[PARSER]
Name docker
Format json
Time_Key time
Time_Format %Y-%m-%dT%H:%M:%S
Time_Keep On
[PARSER]
Name syslog
Format regex
Regex ^\<(?<pri>[0-9]+)\>(?<time>[^ ]* {1,2}[^ ]* [^ ]*) (?<host>[^ ]*) (?<ident>[a-zA-Z0-9_\/\.\-]*)(?:\[(?<pid>[0-9]+)\])?(?:[^\:]*\:)? *(?<message>.*)$
Time_Key time
Time_Format %b %d %H:%M:%S
cat fluent-bit-daemonset.yaml
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: fluent-bit
# namespace: kube-system
# namespace: logging
labels:
k8s-app: fluent-bit-logging
version: v1
kubernetes.io/cluster-service: "true"
spec:
template:
metadata:
labels:
k8s-app: fluent-bit-logging
version: v1
kubernetes.io/cluster-service: "true"
spec:
containers:
- name: fluent-bit
image: 192.168.1.103/k8s_public/fluent-bit:0.11.2
# image: fluent/fluent-bit-kubernetes-daemonset:latest
env:
- name: FLUENT_ELASTICSEARCH_HOST
value: "elasticsearch-logging"
- name: FLUENT_ELASTICSEARCH_PORT
value: "9200"
resources:
limits:
memory: 100Mi
requests:
cpu: 100m
memory: 100Mi
volumeMounts:
- name: config
mountPath: /fluent-bit/etc
- name: host-var-log
mountPath: /var/log
- name: host-var-lib-docker-containers
mountPath: /var/lib/docker/containers
# readOnly: true
- name: minikube-var-lib-docker-containers
mountPath: /mnt/sda1/var/lib/docker/containers
terminationGracePeriodSeconds: 10
volumes:
- name: config
configMap:
name: fluent-bit
- name: host-var-log
hostPath:
path: /var/log
- name: host-var-lib-docker-containers
hostPath:
path: /var/lib/docker/containers
- name: minikube-var-lib-docker-containers
hostPath:
path: /mnt/sda1/var/lib/docker/containers
#注意namespace 我这里为default , 如果你是其它namespace 要和es空间一致,kibana上创建索引注意头部为fluent-bit-*
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- kubernetes上部署Fluentd+Elasticsearch+kibana日志收集系统
- ELK实战二:日志收集利器rsyslog
- 使用开源工具fluentd-pilot收集容器日志
- 部署 Kubernetes 集群日志插件 Fluentd、Elasticsearch、Kibana
- mac 环境安装日志收集系统搭建(Fluent,ES,Kibana)
- 海量日志收集利器 ―― Flume
- Kubernetes日志收集
- 开源日志收集软件fluentd 转发(forward)架构配置
- Fluentd (td-agent) 日志收集系统
- Nginx容器日志收集方案fluentd+elasticsearch+kilbana
- 使用开源工具fluentd-pilot收集容器日志
- 安装 fluent-bit ,以及导入日志目录到es中
- 海量日志收集利器flume
- fluent bit数据收集流程及相关概念
- 万能日志数据收集器 Fluentd - 每天5分钟玩转 Docker 容器技术(91)
- 使用Fluentd + MongoDB构建实时日志收集系统
- Kubernetes部署ELK并使用Filebeat收集容器日志
- Fluentd (td-agent) 日志收集系统
- fluentd+mongodb构建分布式日志收集系统