graylog官网
graylog1.png
支持多种安装方式,我选择了RPM安装
image.png
安装条件
- java8以上
- Elasticsearch5.x以上或6.x以上
- MongoDB大于等于3.6
- 不能使用Elasticsearch7.x版本
Linux版本的话基本没问题,我使用的是CentOS7.4
安装MongoDB
mongodb我使用docker安装,因为graylog的一些配置信息会存储到mongodb中,所以mongodb用的不是很多。
下载镜像
docker pull mongo:4
启动mongodb
docker run \
-p 27017:27017 \
-v $PWD/db:/data/db \
-d mongo:4
安装Elasticsearch
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
vim /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
安装
yum install elasticsearch
启动
systemctl start elasticsearch
systemctl enable elasticsearch
安装Graylog3
rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-3.0-repository_latest.rpm
yum install graylog-server -y
安装pwgen
yum install pwgen -y
修改配置文件
vim /etc/graylog/server/server.conf
image.png
配置文件中要求必须设置password_secret,使用pwgen生成
image.png
使用echo -n yourpassword | shasum -a 256设置一下admin账户的密码
root_timezone = Asia/Shanghai
http_bind_address = 0.0.0.0:9000
http_publish_uri = http://公网ip:9000/
elasticsearch_hosts = http://127.0.0.1:9200
elasticsearch_shards =1
elasticsearch_replicas = 0
mongodb_uri = mongodb://127.0.0.1:27017/graylog
可自行设置邮件通知的参数
# Email transport
#transport_email_enabled = false
#transport_email_hostname = mail.example.com
#transport_email_port = 587
#transport_email_use_auth = true
#transport_email_auth_username = you@example.com
#transport_email_auth_password = secret
#transport_email_subject_prefix = [graylog]
#transport_email_from_email = graylog@example.com
启动graylog
systemctl start graylog-server
systemctl enable graylog-server
使用graylog
地址:公网ip:9000
image.png
添加一个input
image.png
image.png
image.png
image.png
spring cloud中集成graylog
引入依赖
<dependency>
<groupId>de.siegmar</groupId>
<artifactId>logback-gelf</artifactId>
<version>2.0.1</version>
</dependency>
在logback.xml文件中添加
<appender name="GELF" class="de.siegmar.logbackgelf.GelfUdpAppender">
<graylogHost>localhost</graylogHost>
<graylogPort>12201</graylogPort>
<maxChunkSize>508</maxChunkSize>
<useCompression>true</useCompression>
<encoder class="de.siegmar.logbackgelf.GelfEncoder">
<!--<originHost>localhost</originHost>-->
<includeRawMessage>false</includeRawMessage>
<includeMarker>true</includeMarker>
<includeMdcData>true</includeMdcData>
<includeCallerData>false</includeCallerData>
<includeRootCauseData>false</includeRootCauseData>
<includeLevelName>false</includeLevelName>
<shortPatternLayout class="ch.qos.logback.classic.PatternLayout">
<pattern>%m%nopex</pattern>
</shortPatternLayout>
<fullPatternLayout class="ch.qos.logback.classic.PatternLayout">
<pattern>%m%n</pattern>
</fullPatternLayout>
<staticField>app_name:host</staticField>
<staticField>os_arch:${os.arch}</staticField>
<staticField>os_name:${os.name}</staticField>
<staticField>os_version:${os.version}</staticField>
</encoder>
</appender>
graylogHost为graylog服务器ip
graylogPort为udp端口号
originHost不设置的话自动会显示服务器ip
app_name为应用名称,建议设置一下,后面可以使用应用名称过滤
添加输入配置
<root level="info">
<appender-ref ref="consoleAppender" />
<appender-ref ref="GELF" />
</root>
启动项目后,即可以看到日志了
image.png
在日常使用中我们需要对生产环境的日志进行监控,而开发环境是不需要的,如何做多环境配置呢?
在spring boot启动yml文件中添加配置
logging:
config: classpath:logback-${spring.cloud.config.profile}.xml
image.png
配置多份logback.xml后达到了动态实现生产环境进行graylog日志监控。
