[[email protected] ~]# sysctl vm.max_map_count=262144 修改系统参数
[[email protected] ~]# docker run -p 5601:5601 -p 9200:9200 -p 5044:5044 -it --rm --name elk sebp/elk 起额elk镜像

打开网页，测试下

安装一个filebeat （我已经有了）
[[email protected] ~]# vim /etc/filebeat/filebeat.yml
enabled: true

• /var/lib/docker/containers/./*.log -增加
  #output.elasticsearch:

  Array of hosts to connect to.

  hosts: [“10.0.0.19:9200”]

[[email protected] containers]# docker rm -f docker ps -a | awk '{print $1}' | grep -v 5930f740d83d | grep -v CONTAINER —删除多余的镜像

[[email protected] ~]# /etc/init.d/filebeat start
Starting filebeat (via systemctl): [ OK ]

[[email protected] ~]# for i in {1…10};do curl 127.0.0.1;done 产生日志

成功！

[[email protected] ~]#docker run -d -p 24224:24224 -p 24224:24224/udp -v /fluentd_log:/fluentd_log fluent/fluentd 把本地的目录挂载到镜像里

改变docker 日志驱动

1.全局模式
[[email protected] ~]# vim /etc/docker/daemon.json
{
“registry-mirrors”: [“https://mmdl1uza.mirror.aliyuncs.com”],
“cluster-store”: “consul://10.0.0.19:8500”,
“cluster-advertise”: “10.0.0.17:2375”,
“dns”: [“10.0.0.2”,“8.8.8.8”],
“log-driver”: “fluentd”, --添加这里
“log-opts”: { --添加以下
“fluentd-address”:“10.0.0.19:24224”,
“tag”: “linux-node5.example.com”
}

}

[[email protected] ~]# systemctl daemon-reload
[[email protected] ~]# systemctl restart docker.service

[[email protected] ~]# /etc/init.d/filebeat stop

[[email protected] ~]# rpm -vih filebeat-5.6.5-x86_64.rpm
[[email protected] ~]# vim /etc/filebeat/filebeat.yml

• /fluentd_log/*.log

[[email protected] ~]# /etc/init.d/filebeat start
Starting filebeat (via systemctl): [ OK ]

[[email protected] ~]# docker run -it -p 80:80 nginx

[[email protected] ~]# for i in {1…10};do curl 10.0.0.17;done 模拟日志输出