一、部署Graylog
Graylog总共需要3个服务:graylog服务端、mongodb(存储graylog的配置)、elasticSeach(存储日志)
本文档部署方案介绍:
- graylog服务端、mongodb(存储graylog的配置)使用docker-compose部署
- elasticSeach 引用外部地址
1. 安装docker、安装docker-compose
这部分直接参考互联网上的教程:链接
2. 通过docker-compose部署graylog
服务器上新建一个 graylog的目录,并在该目录下新建 docker-compose.yml
version: '3'
services:
mongo:
image: mongo:5.0
container_name: mongo
volumes:
- /data/docker/graylog/mongo_data:/data/db
networks:
- graylog
ports:
- 27017:27017
environment:
- TZ=Asia/Shanghai
healthcheck:
test: ["CMD", "mongo", "--eval", "db.adminCommand('ping')"]
interval: 30s
timeout: 10s
retries: 5
graylog:
image: graylog/graylog:5.2
container_name: graylog
depends_on:
mongo:
condition: service_healthy
environment:
- GRAYLOG_ROOT_PASSWORD_SHA2=xxxxx #sha2生成的密码,可以服务器通过命令获取:echo -n yournewpassword | sha256sum
- GRAYLOG_PASSWORD_SECRET=xxxxx #随机生成的secret,长度超过32位,可以自己生成
- GRAYLOG_HTTP_ENABLE_TLS=false
- GRAYLOG_TIMEZONE=Asia/Shanghai
- GRAYLOG_MONGO_URI=mongodb://mongo:27017/graylog
- GRAYLOG_ELASTICSEARCH_VERSION=7
- GRAYLOG_ELASTICSEARCH_HOSTS=http://es账户:es密码@es地址:9200
- GRAYLOG_ELASTICSEARCH_USER=es账户
- GRAYLOG_ELASTICSEARCH_PASSWORD=es密码
- GRAYLOG_HTTP_EXTERNAL_URI=http://访问地址/
- GRAYLOG_HTTP_PUBLISH_URI=http://访问地址/
- GRAYLOG_PLUGIN_SYSTEM_LANGUAGESELECTOR_DEFAULT_LOCALE=zh_CN
- TZ=Asia/Shanghai
networks:
- graylog
ports:
- "9000:9000"
- "514:514"
- "514:514/udp"
- "12201:12201"
- "12201:12201/udp"
volumes:
mongo_data:
driver: local
graylog_data:
driver: local
networks:
graylog:
driver: bridge上面的配置根据自己的环境,重新配置。
注意点:elasticSearch如果存在账密的化,参考下GRAYLOG_ELASTICSEARCH_XXX这几个配置,进行调整。
3. 启动graylog
# 1. 启动执行
docker-compose up -d
# 2. 如果希望调整docker-compose.yml的配置,需要先关闭,再重启
## 2.1 先关闭graylog的应用
docker-compose down
## 2.2 修改完文件后,再执行启动命令
docker-compose up -d
# 3.查看启动日志,确认是否完成启动
docker logs mongo;
docker logs graylog;4. 配置graylog
日志传输,建议采用UDP协议,其次包括graylog的踩坑记录,参考如下文档:
参考1
参考2
二、java应用接入Graylog
1. pom新增依赖
<!--logback gelf日志收集-->
<dependency>
<groupId>biz.paluch.logging</groupId>
<artifactId>logstash-gelf</artifactId>
<version>1.15.0</version>
</dependency>2. 配置logback.xml文件,同时增加traceId、spanId方便链路日志的追踪
a. 配置 Logback 以支持 MDC,在 logback.xml 中配置 GelfLogbackAppender,并确保包括 traceId 和 spanId 字段:
<configuration>
<appender name="GELF" class="biz.paluch.logging.gelf.logback.GelfLogbackAppender">
<host>udp:graylog的地址</host> <!-- graylog 服务器ip -->
<port>graylog开放的端口</port> <!-- graylog udp端口 -->
<version>1.1</version>
<facility>自定义一个名称</facility>
<extractStackTrace>true</extractStackTrace>
<filterStackTrace>false</filterStackTrace>
<mdcProfiling>true</mdcProfiling>
<timestampPattern>yyyy-MM-dd HH:mm:ss,SSSS</timestampPattern>
<maximumMessageSize>8192</maximumMessageSize>
<!-- Include trace and span IDs -->
<mdcFields>traceId,spanId</mdcFields>
<dynamicMdcFields>mdc.*,(mdc|MDC)fields</dynamicMdcFields>
<includeFullMdc>true</includeFullMdc>
</appender>
<root level="INFO">
<appender-ref ref="GELF"/>
</root>
<logger name="com.yourcompany" level="DEBUG">
<appender-ref ref="GELF"/>
</logger>
</configuration>b. 代码中 新增MDC过滤器
import org.slf4j.MDC;
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.UUID;
@Component
public class MDCFilter implements Filter {
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// 过滤器初始化,如果有需要
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
// 检查是否是HTTP请求
if (request instanceof HttpServletRequest) {
HttpServletRequest httpRequest = (HttpServletRequest) request;
// 获取traceId,如果已经存在则使用,否则生成新的
String traceId = httpRequest.getHeader("X-Trace-Id");
if (traceId == null || traceId.isEmpty()) {
traceId = UUID.randomUUID().toString();
}
// 生成新的spanId
String spanId = UUID.randomUUID().toString();
// 将traceId和spanId放入MDC
MDC.put("traceId", traceId);
MDC.put("spanId", spanId);
}
try {
// 继续处理请求
chain.doFilter(request, response);
} finally {
// 清理MDC
MDC.remove("traceId");
MDC.remove("spanId");
}
}
@Override
public void destroy() {
// 过滤器销毁,如果有需要
}
}c. 代码中 注册MDC过滤器
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class MDCFilterConfig {
@Bean
public FilterRegistrationBean<MDCFilter> loggingFilter() {
FilterRegistrationBean<MDCFilter> registrationBean = new FilterRegistrationBean<>();
registrationBean.setFilter(new MDCFilter());
registrationBean.addUrlPatterns("/*"); // 应用过滤器到所有路径
return registrationBean;
}
}三、Graylog使用
可以针对关键字or具体字段进行检索、聚合、告警等操作,这里就不一一讲解了,大家可以自行尝试学习。
Oinone社区 作者:冯, 天宇原创文章,如若转载,请注明出处:https://doc.oinone.top/install/13126.html
访问Oinone官网:https://www.oinone.top获取数式Oinone低代码应用平台体验
