以下是一個簡單的實踐,主要是打算測試nginx 與graylog 的集成,為了簡單都是使用容器運行的,同時也測試了
nginx 對於配置多個access_log 的處理
環境准備
- docker-compose 文件
version: "3"
services:
log:
image: openresty/openresty:alpine
ports:
- "8080:8080"
volumes:
- "./nginx.conf:/usr/local/openresty/nginx/conf/nginx.conf"
- "./log1:/opt/log1"
- "./log2:/opt/log2"
syslog:
image: balabit/syslog-ng
ports:
- "514:514/udp"
- "601:601"
- "6514:6514"
- nginx 配置
使用openresty
worker_processes 1;
user root;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
lua_code_cache off;
lua_need_request_body on;
gzip on;
resolver 127.0.0.11 ipv6=off;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
gzip_min_length 2k;
gzip_buffers 4 16k;
log_format compression '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" "$gzip_ratio"';
gzip_comp_level 4;
gzip_types text/plain text/css image/png application/javascript image/jpeg image/gif;
server {
listen 8080;
server_name _;
charset utf-8;
# 此處配置多個,主要目的是方便 nginx 端的查看以及日志server 信息的查看
access_log /opt/log1/nginx-access.log compression buffer=32k;
access_log /opt/log2/nginx-access.log compression buffer=32k;
access_log syslog:server=syslog,facility=local7,tag=nginx,severity=info,nohostname compression;
default_type text/html;
location / {
default_type text/plain;
index index.html index.htm;
}
location = /favicon.ico {
root /opt/app/static;
}
location = /empty {
empty_gif;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
啟動&&測試
- 啟動
docker-compose up -d
- 效果
本地文件
syslog:
syslog 的日志需要進入容器查看,可以使用如下命令
tail -f /var/log/messages
- 增強
如果啟用了graylog 的syslog udp input,我們就可以通過graylog 處理log 了,參考效果
說明
實際實踐中為了方便我們可以同時添加本地的log 以及基於graylog 的log 處理,同時基於graylog 強大的分析,以及數據處理能力,可以做好多數據上的分析
參考資料
https://nginx.org/en/docs/syslog.html
https://nginx.org/en/docs/http/ngx_http_log_module.html#access_log
https://github.com/rongfengliang/nginx-syslog-access_log
https://hub.docker.com/r/balabit/syslog-ng