← 返回首页
📝

Docker日志管理

📂 devops ⏱ 2 min 254 words
docker日志日志管理进阶

Docker日志管理

日志驱动

Docker支持多种日志驱动:

驱动 说明
json-file JSON格式(默认)
syslog 发送到syslog
journald 发送到systemd journal
fluentd 发送到Fluentd
awslogs 发送到AWS CloudWatch

查看当前驱动

# 查看Docker信息
docker info | grep "Logging Driver"

# 查看容器日志驱动
docker inspect --format='{{json .HostConfig.LogConfig}}' container_name

配置日志驱动

# 全局配置
# /etc/docker/daemon.json
{
    "log-driver": "json-file",
    "log-opts": {
        "max-size": "10m",
        "max-file": "3"
    }
}

# 容器级别
docker run --log-driver=json-file --log-opt max-size=10m myapp

查看日志

# 查看容器日志
docker logs container_name

# 实时跟踪
docker logs -f container_name

# 查看最近100行
docker logs --tail 100 container_name

# 查看特定时间段
docker logs --since 2024-01-01T00:00:00 container_name
docker logs --since 30m container_name

集中式日志方案

ELK Stack

# docker-compose.yml
version: '3.8'

services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:8.10.0
    environment:
      - discovery.type=single-node
      - xpack.security.enabled=false
    volumes:
      - es_data:/usr/share/elasticsearch/data
    ports:
      - "9200:9200"

  logstash:
    image: docker.elastic.co/logstash/logstash:8.10.0
    volumes:
      - ./logstash.conf:/usr/share/logstash/pipeline/logstash.conf
    depends_on:
      - elasticsearch

  kibana:
    image: docker.elastic.co/kibana/kibana:8.10.0
    ports:
      - "5601:5601"
    depends_on:
      - elasticsearch

  app:
    image: myapp
    logging:
      driver: "fluentd"
      options:
        fluentd-address: "localhost:24224"
        tag: "docker.{{.Name}}"

volumes:
  es_data:

Loki + Grafana

services:
  loki:
    image: grafana/loki:latest
    ports:
      - "3100:3100"

  grafana:
    image: grafana/grafana:latest
    ports:
      - "3000:3000"

  promtail:
    image: grafana/promtail:latest
    volumes:
      - /var/log:/var/log
      - ./promtail.yml:/etc/promtail/config.yml

实践:日志收集配置

Fluentd配置

<source>
  @type forward
  port 24224
  bind 0.0.0.0
</source>

<match docker.**>
  @type elasticsearch
  host elasticsearch
  port 9200
  index_name docker-logs
</match>

Logstash配置

input {
  tcp {
    port => 5000
    codec => json
  }
}

filter {
  if [container_name] {
    mutate {
      add_field => { "index_name" => "docker-%{+YYYY.MM.dd}" }
    }
  }
}

output {
  elasticsearch {
    hosts => ["elasticsearch:9200"]
  }
}

日志轮转

# 配置Docker日志轮转
{
    "log-driver": "json-file",
    "log-opts": {
        "max-size": "10m",
        "max-file": "5",
        "compress": "true"
    }
}

日志分析

# 统计容器日志大小
docker inspect --format='{{.LogPath}}' container_name | xargs ls -lh

# 清理容器日志
echo "" > $(docker inspect --format='{{.LogPath}}' container_name)

# 使用logrotate
/var/lib/docker/containers/*/*.log {
    daily
    rotate 7
    compress
    missingok
    notifempty
}

总结

Docker日志管理是容器化运维的重要环节。选择合适的日志方案,可以实现日志的集中收集、存储和分析。