获取到的log内容其中包含不同的信息,使用正则进行筛选,按照不同的内容输出到不同的地方,比如
{"log":"Error Something"}
和{"log":"Info Somethins"}
将其输出到不同的地方
使用fluentd的copy和match中的grep插件进行内容区分
fluentd服务器配置文件
<source> type forward port 24224 bind 0.0.0.0 </source> # 接收来自容器标准输出的日志 <match system_out.docker.*.**> type forest subtype file <template> path /home/lee/fluentd-log/${tag_parts[0]}/${tag_parts[2]}/temp </template> </match> # 接收来自容器标准错误输出的日志,并且其中log字段包含200(客户端进行了筛选) <match program_out.system_err.docker.*.**> type forest subtype file <template> path /home/lee/fluentd-log/${tag_parts[0]}/${tag_parts[3]}/temp </template> </match> # 接收来自容器标准错误输出的日志,并且其中log字段不包含200 <match program_err.system_err.docker.*.**> type forest subtype file <template> path /home/lee/fluentd-log/${tag_parts[0]}/${tag_parts[3]}/temp </template> </match>
fluentd客户端配置文件
<source> type forward port 24224 bind 0.0.0.0 </source> # 接收来自容器的日志 # 根据source字段包含的内容,重新添加tag <match docker.**> type rewrite_tag_filter rewriterule1 source stdout system_out.${tag} rewriterule2 source stderr system_err.${tag} </match> # 匹配原先source字段是stderr的日志 <match system_err.**> type copy <store> # 如果log字段中含有200,就添加tag前缀program_out type grep regexp1 log 200 add_tag_prefix program_out </store> <store> # 如果log字段中不含有200,就添加tag前缀program_err type grep exclude log 200 add_tag_prefix program_err </store> </match> # 转发到服务器 <match **> type forward <server> host 192.168.126.136 port 24224 </server> flush_interval 5s </match>
测试容器
开启容器
root@localhost:temp# docker run --name temp01 --log-driver=fluentd \ --log-opt tag="docker.{{.Name}}" --log-opt fluentd-async-connect=true \ -d -p 8000:8000 imekaku/simple-web python /work/simple.py f0396fce1ef0614bac7e997e043d0f1bc58c7697299b7c4df73dd6e173a8495e
查看区分之后的日志:
# 路径 lee@lee-PC:temp01$ pwd /home/lee/fluentd-log/program_out/temp01 # 包含200的日志 lee@lee-PC:temp01$ cat temp.20160920.b53cea4572521e465 2016-09-20T23:09:23+08:00 program_out.system_err.docker.temp01 {"container_id":"df31abc8f7565d7ce728b2812278cf6fabce71ec2bce9b46b7c5985b1d886f6c","container_name":"/temp01","source":"stderr","log":"[I 160920 15:09:23 web:1971] 200 GET / (192.168.126.1) 1.48ms"} 2016-09-20T23:09:23+08:00 program_out.system_err.docker.temp01 {"source":"stderr","log":"[I 160920 15:09:23 web:1971] 200 GET / (192.168.126.1) 1.83ms","container_id":"df31abc8f7565d7ce728b2812278cf6fabce71ec2bce9b46b7c5985b1d886f6c","container_name":"/temp01"} 2016-09-20T23:09:23+08:00 program_out.system_err.docker.temp01 {"log":"[I 160920 15:09:23 web:1971] 200 GET / (192.168.126.1) 8.75ms","container_id":"df31abc8f7565d7ce728b2812278cf6fabce71ec2bce9b46b7c5985b1d886f6c","container_name":"/temp01","source":"stderr"} 2016-09-20T23:09:23+08:00 program_out.system_err.docker.temp01 {"source":"stderr","log":"[I 160920 15:09:23 web:1971] 200 GET / (192.168.126.1) 2.16ms","container_id":"df31abc8f7565d7ce728b2812278cf6fabce71ec2bce9b46b7c5985b1d886f6c","container_name":"/temp01"} 2016-09-20T23:09:24+08:00 program_out.system_err.docker.temp01 {"container_name":"/temp01","source":"stderr","log":"[I 160920 15:09:24 web:1971] 200 GET / (192.168.126.1) 1.60ms","container_id":"df31abc8f7565d7ce728b2812278cf6fabce71ec2bce9b46b7c5985b1d886f6c"} 2016-09-20T23:09:24+08:00 program_out.system_err.docker.temp01 {"log":"[I 160920 15:09:24 web:1971] 200 GET / (192.168.126.1) 1.32ms","container_id":"df31abc8f7565d7ce728b2812278cf6fabce71ec2bce9b46b7c5985b1d886f6c","container_name":"/temp01","source":"stderr"} 2016-09-20T23:09:24+08:00 program_out.system_err.docker.temp01 {"log":"[I 160920 15:09:24 web:1971] 200 GET / (192.168.126.1) 1.22ms","container_id":"df31abc8f7565d7ce728b2812278cf6fabce71ec2bce9b46b7c5985b1d886f6c","container_name":"/temp01","source":"stderr"} 2016-09-20T23:09:24+08:00 program_out.system_err.docker.temp01 {"container_name":"/temp01","source":"stderr","log":"[I 160920 15:09:24 web:1971] 200 GET / (192.168.126.1) 1.13ms","container_id":"df31abc8f7565d7ce728b2812278cf6fabce71ec2bce9b46b7c5985b1d886f6c"} 2016-09-20T23:09:25+08:00 program_out.system_err.docker.temp01 {"log":"[I 160920 15:09:25 web:1971] 200 GET / (192.168.126.1) 2.33ms","container_id":"df31abc8f7565d7ce728b2812278cf6fabce71ec2bce9b46b7c5985b1d886f6c","container_name":"/temp01","source":"stderr"} 2016-09-20T23:09:25+08:00 program_out.system_err.docker.temp01 {"source":"stderr","log":"[I 160920 15:09:25 web:1971] 200 GET / (192.168.126.1) 1.23ms","container_id":"df31abc8f7565d7ce728b2812278cf6fabce71ec2bce9b46b7c5985b1d886f6c","container_name":"/temp01"} # 路径 lee@lee-PC:temp01$ pwd /home/lee/fluentd-log/program_err/temp01 # 不包含200的日志 lee@lee-PC:temp01$ cat temp.20160920.b53cea4b1786de3aa 2016-09-20T23:10:55+08:00 program_err.system_err.docker.temp01 {"container_id":"f0396fce1ef0614bac7e997e043d0f1bc58c7697299b7c4df73dd6e173a8495e","container_name":"/temp01","source":"stderr","log":"[I 160920 15:10:55 web:1971] 304 GET / (192.168.126.1) 1.33ms"} 2016-09-20T23:14:12+08:00 program_err.system_err.docker.temp01 {"log":"[I 160920 15:14:12 web:1971] 304 GET / (192.168.126.1) 2.82ms","container_id":"f0396fce1ef0614bac7e997e043d0f1bc58c7697299b7c4df73dd6e173a8495e","container_name":"/temp01","source":"stderr"} 2016-09-20T23:14:12+08:00 program_err.system_err.docker.temp01 {"container_name":"/temp01","source":"stderr","log":"[I 160920 15:14:12 web:1971] 304 GET / (192.168.126.1) 1.43ms","container_id":"f0396fce1ef0614bac7e997e043d0f1bc58c7697299b7c4df73dd6e173a8495e"} 2016-09-20T23:14:12+08:00 program_err.system_err.docker.temp01 {"log":"[I 160920 15:14:12 web:1971] 304 GET / (192.168.126.1) 1.45ms","container_id":"f0396fce1ef0614bac7e997e043d0f1bc58c7697299b7c4df73dd6e173a8495e","container_name":"/temp01","source":"stderr"} 2016-09-20T23:14:13+08:00 program_err.system_err.docker.temp01 {"log":"[I 160920 15:14:13 web:1971] 304 GET / (192.168.126.1) 2.39ms","container_id":"f0396fce1ef0614bac7e997e043d0f1bc58c7697299b7c4df73dd6e173a8495e","container_name":"/temp01","source":"stderr"} 2016-09-20T23:14:13+08:00 program_err.system_err.docker.temp01 {"source":"stderr","log":"[I 160920 15:14:13 web:1971] 304 GET / (192.168.126.1) 1.40ms","container_id":"f0396fce1ef0614bac7e997e043d0f1bc58c7697299b7c4df73dd6e173a8495e","container_name":"/temp01"} 2016-09-20T23:14:13+08:00 program_err.system_err.docker.temp01 {"source":"stderr","log":"[I 160920 15:14:13 web:1971] 304 GET / (192.168.126.1) 1.46ms","container_id":"f0396fce1ef0614bac7e997e043d0f1bc58c7697299b7c4df73dd6e173a8495e","container_name":"/temp01"}
您好,请问您的联系方式是什么?我最近在生产环境中是用fluentd遇到点问题,期待交流,QQ1755610380