我正在尝试在Docker容器上使用流利的比特设置EFK堆栈。虽然我可以将日志从流利的位推送到Elasticsearch,但是当我尝试集成fluentd时,却遇到了问题。这是确切的错误味精:
意外错误error_class = Errno :: EADDRNOTAVAIL error =“地址不可用-\” fluent-bit \“端口24224”的bind(2)“
docker-compose 文件中的服务
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:${TAG}
ports:
- '9200:9200'
- '9300:9300'
volumes:
- type: bind
source: ./config/elasticsearch.yml
target: /usr/share/elasticsearch/config/elasticsearch.yml
read_only: true
- type: volume
source: elasticsearch
target: /usr/share/elasticsearch/data
networks:
- efk_1
fluentd:
image: fluent/fluentd:${FLBV}
ports:
- '24224:24224'
volumes:
- type: bind
source: ./config/fluent.conf
target: /fluentd/etc/fluent.conf
read_only: true
networks:
- efk_1
depends_on:
- elasticsearch
fluent-bit:
image: fluent/fluent-bit:${FBITV}
ports:
- '2020:2020'
volumes:
- type: bind
source: ./config/fluent-bit.conf
target: /fluent-bit/etc/fluent-bit.conf
read_only: true
- type: bind
source: ./sample_logs
target: /var/log
networks:
- efk_1
depends_on:
- fluentd
以前,我像这样直接将日志从fluent-bit推送到elasticsearch,而无需在任何地方进行fluentd配置:
[SERVICE]
Flush 2
Log_Level debug
[INPUT]
Name tail
Path /var/log/log.txt
[OUTPUT]
Name es
Match *
Host elasticsearch
Port 9200
这成功地将日志推送到了Elasticsearch,但是现在我在两者之间添加了fluentd,因此fluent-bit会将日志发送到fluentd,然后将其推送到elasticsearch。
流利的位配置:
[SERVICE]
Flush 2
Log_Level debug
[INPUT]
Name tail
Path /var/log/log.txt
[OUTPUT]
Name forward
Match *
Host fluentd
流利的会议:
<source>
@type forward
bind fluent-bit
</source>
<match **>
@type stdout
</match>
这给了我错误,因为即使它们属于同一泊坞窗网络,他们也无法检测到地址。
这些是我得到的错误:
fluent-bit_1 | [2019/11/06 10:31:02] [错误] [io] TCP连接失败:fluentd:24224(连接被拒绝)
和
fluentd_1 | 2019-11-06 10:31:02 +0000 [错误]:#0意外错误error_class = Errno :: EADDRNOTAVAIL error =“地址不可用-bind(2)for \” fluent-bit \“ port 24224”
有人可以帮我知道我在哪里出错吗?
答案 0 :(得分:0)
我认为您的流利配置应该像这样:
<source>
type forward
bind 0.0.0.0
port 24224
</source>
<match fluent_bit>
type stdout
</match>
可能流利地应该在绑定字段中具有清晰的IP而不是主机名。
请参见As in docs和issue。
答案 1 :(得分:0)
我创建了下一个配置: docker-compose.yaml
version: "3.7"
services:
fluentd:
image: fluent/fluentd:v1.7.4-1.0
ports:
- '24224:24224'
volumes:
- type: bind
source: ./config/fluent.conf
target: /fluentd/etc/fluent.conf
read_only: true
fluent-bit:
image: fluent/fluent-bit:0.14
ports:
- '2020:2020'
volumes:
- type: bind
source: ./config/fluent-bit.conf
target: /fluent-bit/etc/fluent-bit.conf
read_only: true
- type: bind
source: /var/log/
target: /var/log/
depends_on:
- fluentd
fluent.conf
<source>
@type forward
bind 0.0.0.0
port 24224
</source>
<match test>
@type stdout
</match>
fluent-bit.conf
[SERVICE]
Flush 2
Log_Level debug
[INPUT]
Name tail
Path /var/log/syslog
Tag test
[OUTPUT]
Name forward
Match *
Host fluentd
在这些配置中,流畅的运行和流畅的位能够发送系统日志
答案 2 :(得分:0)
您的流利配置需要在输入时绑定到0.0.0.0,然后将输出发送到ES:
<source>
@type forward
port 24224
bind 0.0.0.0
</source>
<match **>
@type copy
<store>
@type elasticsearch
host ${ELASTICSEARCH_URL}
port 9200
</store>
</match>
甚至还可以更改Fluent Bit的输出:
[OUTPUT]
Name forward
Match *
Host 0.0.0.0
Port 24224
如果您可以使用它,则可以调整设置以通过名称和端口调用容器