以下是一个简单的实践,主要是打算测试nginx 与graylog 的集成,为了简单都是使用容器运行的,同时也测试了
nginx 对于配置多个access_log 的处理
环境准备
- docker-compose 文件
version: "3"
services:
log:
image: openresty/openresty:alpine
ports:
- "8080:8080"
volumes:
- "./nginx.conf:/usr/local/openresty/nginx/conf/nginx.conf"
- "./log1:/opt/log1"
- "./log2:/opt/log2"
syslog:
image: balabit/syslog-ng
ports:
- "514:514/udp"
- "601:601"
- "6514:6514"
- nginx 配置
使用openresty
worker_processes 1;
user root;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
lua_code_cache off;
lua_need_request_body on;
gzip on;
resolver 127.0.0.11 ipv6=off;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
gzip_min_length 2k;
gzip_buffers 4 16k;
log_format compression '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" "$gzip_ratio"';
gzip_comp_level 4;
gzip_types text/plain text/css image/png application/javascript image/jpeg image/gif;
server {
listen 8080;
server_name _;
charset utf-8;
# 此处配置多个,主要目的是方便 nginx 端的查看以及日志server 信息的查看
access_log /opt/log1/nginx-access.log compression buffer=32k;
access_log /opt/log2/nginx-access.log compression buffer=32k;
access_log syslog:server=syslog,facility=local7,tag=nginx,severity=info,nohostname compression;
default_type text/html;
location / {
default_type text/plain;
index index.html index.htm;
}
location = /favicon.ico {
root /opt/app/static;
}
location = /empty {
empty_gif;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
启动&&测试
- 启动
docker-compose up -d
- 效果
本地文件
syslog:
syslog 的日志需要进入容器查看,可以使用如下命令
tail -f /var/log/messages
- 增强
如果启用了graylog 的syslog udp input,我们就可以通过graylog 处理log 了,参考效果
说明
实际实践中为了方便我们可以同时添加本地的log 以及基于graylog 的log 处理,同时基于graylog 强大的分析,以及数据处理能力,可以做好多数据上的分析
参考资料
https://nginx.org/en/docs/syslog.html
https://nginx.org/en/docs/http/ngx_http_log_module.html#access_log
https://github.com/rongfengliang/nginx-syslog-access_log
https://hub.docker.com/r/balabit/syslog-ng