9
6

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

fluentd理解

Last updated at Posted at 2016-07-13

概要

さくらのナレッジの説明が一番わかりやすかったです。
http://knowledge.sakura.ad.jp/tech/1336/

環境

  • CentOS 6.7
  • fluentd 0.12.20

Install+設定

こんな感じでansibleでinstallしました。
webserverに立てたapachのlogをlogserverで受けています。
logを送る側もlogを受ける側もどちらもtd-agentという同じserviceが動いています。
webserverが複数台になった時にlogserverにlogが集約されるので、あとはElastic searchを何か入れれば良いと思います。

  • td-agentというuserで実行しようとしてpermission deniedが発生していたので、rootで実行するように設定fileを書き換えている。

ansible-galaxyから次のroleを使わせていただきました。

  • geerlingguy.apache
  • williamyeh.fluentd
{webserver.yml}
# webserver playbook
- name: configure the web server
  hosts: webserver
  vars:
    - apache_listen_port: 10443
  roles:
    - geerlingguy.apache
  tasks:
    - name: copy init files
      copy: src=roles/tomcat8/files/httpd-proxy.conf dest=/etc/httpd/conf/httpd-proxy.conf owner=root group=wheel mode=0644

    - name: deploy setting file
      lineinfile: dest=/etc/httpd/conf/httpd.conf line='Include /etc/httpd/conf/httpd-proxy.conf'

    - name: restart service and auto startup setting
      service: name=httpd state=restarted

- name: configure fluentd
  hosts: webserver
  vars:
    - tdagent_conf_template: "roles/td-agent/templates/web-td-agent.conf.j2"
    - aggregator_ip: "{{ logserver.ip }}"
    - tdagent_port: "{{ logserver.tdagent_port }}"
  roles:
    - williamyeh.fluentd
  tasks:
    - name: change start user to root
      lineinfile: >
        dest=/etc/init.d/td-agent
        regexp='TD_AGENT_USER'
        line='TD_AGENT_USER=root'
      notify: td-agent restart
    - name: change start group to root
      lineinfile: >
        dest=/etc/init.d/td-agent
        regexp='TD_AGENT_GROUP'
        line='TD_AGENT_GROUP=root'
      notify: td-agent restart
  handlers:
    - name: td-agent restart                                                         
      service: name=td-agent state=restarted
{logserver.yml}
# logserver playbook
- name: configure fluentd
  hosts: logserver
  vars:
    - tdagent_conf_template: "roles/td-agent/templates/log-td-agent.conf.j2"
    - tdagent_port: 24224
  roles:
    - williamyeh.fluentd
{roles/td-agent/templates/web-td-agent.conf.j2}
####
## Source descriptions:
##

#
# Apache Log
#
## access
<source>
  type tail
  path /var/log/httpd/access_log
  tag apache.access
  pos_file /var/log/td-agent/httpd-access_log.pos
  format apache2
</source>
## error
<source>
  type tail
  path /var/log/httpd/error_log
  tag apache.error
  pos_file /var/log/td-agent/httpd-error_log.pos
  format apache_error
</source>

####
## Output descriptions:
##

#
# Apache Log
#
<match apache.**>
  type forward
  <server>
    host {{ aggregator_ip }}
    port {{ tdagent_port }}
  </server>
</match>
{roles/td-agent/templates/log-td-agent.conf.j2}
####
## Source descriptions:
##

#
# Recieve Logs
#
<source>
  type forward
  port {{ tdagent_port }}
</source>

####
## Output descriptions:
##
<match apache.access>
  type file
  path /var/log/td-agent/httpd/access.log
  time_slice_format %Y%m%d
  time_slice-wait 10m
  compress gzip
</match>
<match apache.error>
  type file
  path /var/log/td-agent/httpd/error.log
  time_slice_format %Y%m%d
  time_slice-wait 10m
  compress gzip
</match>

構成はこんな感じ

fluentd_structure.png

結果

webserverのapacheのlog

192.168.1.1 - - [07/Jul/2016:19:26:31 +0900] "GET / HTTP/1.1" 403 4961 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
192.168.1.1 - - [07/Jul/2016:19:26:40 +0900] "GET / HTTP/1.1" 403 4961 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
192.168.2.3 - - [07/Jul/2016:19:55:28 +0900] "GET / HTTP/1.1" 403 4961 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
192.168.2.3 - - [07/Jul/2016:19:55:28 +0900] "GET /icons/apache_pb.gif HTTP/1.1" 304 - "http://164.70.6.213:10443/" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"

logserverに送られたlog

{/var/log/td-agent/httpd/access.log}
2016-07-07T19:26:31+09:00       apache.access   {"host":"192.168.1.1","user":null,"method":"GET","path":"/","code":403,"size":4961,"referer":null,"agent":"Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"}
2016-07-07T19:26:40+09:00       apache.access   {"host":"192.168.1.1","user":null,"method":"GET","path":"/","code":403,"size":4961,"referer":null,"agent":"Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"}
2016-07-07T19:55:28+09:00       apache.access   {"host":"192.168.2.3","user":null,"method":"GET","path":"/","code":403,"size":4961,"referer":null,"agent":"Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"}
2016-07-07T19:55:28+09:00       apache.access   {"host":"192.168.2.3","user":null,"method":"GET","path":"/icons/apache_pb.gif","code":304,"size":null,"referer":"http://164.70.6.213:10443/","agent":"Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"}

便利ツール

9
6
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
9
6

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?