首页 > 其他分享 >Ceph存储日志收集、过滤和分析

Ceph存储日志收集、过滤和分析

时间:2023-08-23 12:22:21浏览次数:31  
标签:ceph filebeat log filestream fields Ceph 过滤 日志 id

一、方案简述

存储服务组件众多,且容器化多服务实例部署后,日志分散,需要聚合分析,使用 filebeat 来收集节点系统日志、Ceph守护进程实例日志和容器日志,推送至 ELK 集群集中过滤、转换和分析,提高故障排查效率。

二、方案架构图

三、测试环境部署

1、部署单节点ES

容器化部署脚本:

# cat deploy_es.sh #!/bin/bash # docker run \   --name es01-test \   -d --restart=always \   --net elastic \   -p 9200:9200 \   -p 9300:9300 \   -e "discovery.type=single-node" \   docker.elastic.co/elasticsearch/elasticsearch:7.17.12

2、部署Kibana

容器化部署脚本:

# cat deploy_kibana.sh #!/bin/bash # docker run \   --name kib01-test \   -d --restart=always \   --net elastic \   -p 5601:5601 \   -e "ELASTICSEARCH_HOSTS=http://es01-test:9200" \   docker.elastic.co/kibana/kibana:7.17.12

3、部署Logstash

安装包:

logstash-7.17.12-x86_64.rpm

二进制部署:

rpm -ivh logstash-7.17.12-x86_64.rpm

 

配置示例:

# cat /etc/logstash/conf.d/es-pipeline.conf input {   beats {     port => 5044   } }   output {   elasticsearch {     hosts => ["http://172.16.0.1:9200"]     index => "ceph-%{[fields][dc]}-%{[fields][env]}-%{+YYYY.MM.dd}"     # user => "elastic"     # action => "create"     # ilm_enabled => true     # password => "xxxxx"   } }   # cat /etc/logstash/conf.d/filter.conf filter {   if "syslog" in [tags] {     grok {       match => {         "message" => [           "^%{SYSLOGBASE} %{GREEDYDATA:log_message}"         ]       }     }   }     else if "ceph-log" in [tags] {     grok {       match => {         "message" => [           "^%{TIMESTAMP_ISO8601:timestamp} %{NOTSPACE:logsource} %{NOTSPACE:client} %{NOTSPACE:client_ip} %{NOTSPACE} : %{NOTSPACE:program} \[%{NOTSPACE:log_level}\] %{GREEDYDATA:log_message}"         ]       }     }   }     else if "ceph-audit" in [tags] {     grok {       match => {         "message" => [           "^%{TIMESTAMP_ISO8601:timestamp} %{NOTSPACE:logsource} %{NOTSPACE:client} %{NOTSPACE:client_ip} %{NOTSPACE} : %{NOTSPACE:program} \[%{NOTSPACE:log_level}\] %{GREEDYDATA:log_message}"         ]       }     }   }     else if "ceph-mgr" in [tags] {     grok {       match => {         "message" => [           "^%{TIMESTAMP_ISO8601:timestamp} %{NOTSPACE}%{SPACE}+%{GREEDYDATA:log_message}"         ]       }     }   }     else if "ceph-rgw" in [tags] {     grok {       match => {         "message" => [           "^%{TIMESTAMP_ISO8601:timestamp} %{NOTSPACE}%{SPACE}+%{GREEDYDATA:log_message}"         ]       }     }   }     else if "ceph-mds" in [tags] {     grok {       match => {         "message" => [           "^%{TIMESTAMP_ISO8601:timestamp} %{NOTSPACE}%{SPACE}+%{GREEDYDATA:log_message}"         ]       }     }   }     else if "ceph-mon" in [tags] {     grok {       match => {         "message" => [           "^%{TIMESTAMP_ISO8601:timestamp} %{NOTSPACE}%{SPACE}+%{GREEDYDATA:log_message}"         ]       }     }   }     else if "ceph-osd" in [tags] {     grok {       match => {         "message" => [           "^%{TIMESTAMP_ISO8601:timestamp} %{NOTSPACE}%{SPACE}+%{GREEDYDATA:log_message}"         ]       }     }   } }

启动服务:

systemctl start logstash systemctl enable logstash

4、部署Filebeat

安装包:

filebeat-7.17.12-x86_64.rpm

二进制部署:

rpm -ivh filebeat-7.17.12-x86_64.rpm

配置示例:

# cat /etc/filebeat/filebeat.yml filebeat.config:   modules:     path: ${path.config}/modules.d/*.yml     reload.enabled: false   setup.template:   settings:     index.number_of_shards: 1   name: "ceph"   pattern: "ceph-*"   enabled: true   overwrite: true   setup.ilm:   enabled: false   #filebeat.autodiscover: #  providers: #    - type: docker #      hints.enabled: true   #processors: #- add_cloud_metadata: ~ #- add_docker_metadata: ~ #- add_host_metadata: ~   #output.elasticsearch: #  hosts: 172.16.0.1:9200 #  username: '' #  password: '' #  index: "ceph-%{[fields.dc]}-%{[fields.env]}-%{+yyyy.MM.dd}" # output.logstash:   hosts: ["172.16.0.1:5044"] #  index: "ceph-%{[fields.dc]}-%{[fields.env]}-%{+yyyy.MM.dd}"   setup.kibana:   host: 172.16.0.1:5601   fields:   env: prod   dc: guangming   tags: ["ceph","guangming","prod"]   filebeat.inputs: # syslog #- type: filestream #  id: syslog-filestream-id #  enabled: true #  paths: #    - /var/log/syslog #    - /var/log/messages #  fields: #    log_source: syslog #  tags: ["syslog"] #  exclude_lines: ['.*systemd\[\d+\].*','.*systemd-resolved\[\d+\].*','.*ansible-.*','.*filebeat\[\d+\].*']   # ceph - type: filestream   id: ceph-filestream-id   enabled: true   paths:     - /var/log/ceph/ceph.log   fields:     log_source: ceph-log   tags: ["ceph-log"]   - type: filestream   id: ceph-audit-filestream-id   enabled: true   paths:     - /var/log/ceph/ceph.audit.log   fields:     log_source: ceph-audit   tags: ["ceph-audit"]   - type: filestream   id: ceph-mds-filestream-id   enabled: true   paths:     - /var/log/ceph/ceph-mds.*.log   fields:     log_source: ceph-mds   tags: ["ceph-mds"]   - type: filestream   id: ceph-osd-filestream-id   enabled: true   paths:     - /var/log/ceph/ceph-osd.*.log   fields:     log_source: ceph-osd   tags: ["ceph-osd"]   - type: filestream   id: ceph-mon-filestream-id   enabled: true   paths:     - /var/log/ceph/ceph-mon.*.log   fields:     log_source: ceph-mon   tags: ["ceph-mon"]   - type: filestream   id: ceph-mgr-filestream-id   enabled: true   paths:     - /var/log/ceph/ceph-mgr.*.log   fields:     log_source: ceph-mgr   tags: ["ceph-mgr"]   - type: filestream   id: ceph-rgw-filestream-id   enabled: true   paths:     - /var/log/ceph/ceph-client.rgw.*.log   fields:     log_source: ceph-rgw   tags: ["ceph-rgw"]   - type: filestream   id: ceph-volume-filestream-id   enabled: true   paths:     - /var/log/ceph/ceph-volume.log   fields:     log_source: ceph-volume   tags: ["ceph-volume"]   - type: filestream   id: ceph-volume-systemd-filestream-id   enabled: true   paths:     - /var/log/ceph/ceph-volume-systemd.log   fields:     log_source: ceph-volume-systemd   tags: ["ceph-volume-systemd"]

启动服务:

systemctl start filebeat systemctl enable filebeat

 

容器化部署:

## 配置示例 # cat filebeat.docker.yml filebeat.config:   modules:     path: ${path.config}/modules.d/*.yml     reload.enabled: false   setup.template:   settings:     index.number_of_shards: 1   name: "ceph"   pattern: "ceph-*"   enabled: true   overwrite: true   setup.ilm:   enabled: false   filebeat.autodiscover:   providers:     - type: docker       hints.enabled: true   processors: #- add_cloud_metadata: ~ #- add_docker_metadata: ~ #- add_host_metadata: ~   #output.elasticsearch: #  hosts: '172.16.0.1:9200' #  username: '' #  password: '' #  index: "ceph-%{[fields.dc]}-%{[fields.env]}-%{+yyyy.MM.dd}"   output.logstash:   hosts: ["172.16.0.1:5044"] #  index: "ceph-%{[fields.dc]}-%{[fields.env]}-%{+yyyy.MM.dd}"   setup.kibana:   host: "172.16.0.1:5601"   filebeat.inputs: #- type: filestream #  id: ceph-filestream-id #  enabled: true #  paths: #    - /opt/log/messages #  fields: #    log_source: syslog #  tags: ["syslog"] #  exclude_lines: ['.*systemd\[\d+\].*','.*systemd-resolved\[\d+\].*','.*ansible-.*','.*filebeat\[\d+\].*']   fields:   env: pre   dc: guangming   tags: ["ceph","guangming","pre","docker"]   ## 部署脚本 # cat deploy_filebeat.sh #!/bin/bash # docker run -d \ --name=filebeat \ --restart=always \ --net=host \ --user=root \ --volume="$(pwd)/filebeat.docker.yml:/usr/share/filebeat/filebeat.yml:ro" \ --volume="/var/lib/docker/containers:/var/lib/docker/containers:ro" \ --volume="/var/run/docker.sock:/var/run/docker.sock:ro" \ --volume="/var/log:/opt/log:ro" \ docker.elastic.co/beats/filebeat:7.17.12 filebeat -e --strict.perms=false  

标签:ceph,filebeat,log,filestream,fields,Ceph,过滤,日志,id
From: https://www.cnblogs.com/varden/p/17650869.html

相关文章

  • webman:配置端口/日志等(v1.5.7)
     一,文档地址:https://www.workerman.net/doc/webman/others/security.htmlhttps://www.workerman.net/doc/webman/request.htmlhttps://www.workerman.net/doc/webman/config.html说明:刘宏缔的架构森林—专注it技术的博客,网站:https://blog.imgtouch.com原文: https://b......
  • webman:全局中间件:记录访问日志(v1.5.7)
    一,官方文档地址:https://www.workerman.net/doc/webman/middleware.html二,php代码1,配置中间件:config/middleware.php12345678910111213141516171819<?php/** *Thisfileispartofwebman. * *LicensedunderTheMITLicense......
  • 日志等级类
    日志等级类//日志等级类#ifndef__M_LEVEL_H__#define__M_LEVEL_H__namespacenmzlog{classLogLevel{public://日志等级用枚举类来表示,通过类来访问,避免枚举冲突//定义出系统所包含的全部日志等级,每一个项目中都会设置一个默认的日志输出等级......
  • ceph_object-gw
    1.部署RGW#部署rgw,名称为rgw01cephorchapplyrgwrgw01#查看rgwcephorchlscephorchps--daemon_type=rgw如果需要删除则执行cephorchrmrgw.rgw012.创建对象存储用户名#创建用户radosgw-adminusercreate--access-key="cephobj"--secret="12345678"......
  • 布隆过滤器原理及实现
    1.原理布隆过滤器拥有K个哈希函数,当一个元素要加入布隆过滤器时,会使用K个哈希函数对其进行计算,得到K个哈希值,然后根据哈希值,在一维数组中把其对应下标的值置位1。要判断某个数是否在布隆过滤器中,就进行K次哈希计算,得到哈希值,然后在位数组中判断哈希值对应位置是否都为1,如果都为......
  • 怎样做好日志分析?
    首先我们要知道日志分析是指检查并理解计算机生成的日志消息,例如日志事件或审计来跟踪记录,通过日志分析可以帮助您诊断和解决计算机系统中的问题,以及监视系统性能和安全性。如果您想知道您的网络中发生了什么,以便洞察潜在的威胁并在它们变成攻击之前阻止它们,那么您需要查看您的日......
  • Pytest allure中steps中添加日志
    是否在使用allure时,为了更好的定位问题,会把日志添加上去。类似如下的情行:#!/usr/bin/envpython#-*-coding:utf-8-*-#@Time:2023/7/189:12#@Author:huzq#@File:test_allure.pyimportloggingimportallureimportpytestLOG=logging.getLogger(......
  • idea 控制台日志乱码
    Help-->EditCustom-->VM-->Options,打开idea.vmoptions,文件位置:JetBrains\jetbra\vmoptions  在文件末尾添加:-Dfile.encoding=UTF-8 ......
  • K8s 日志高效查看神器!
    K8s日志高效查看神器!Escape K8S中文社区 2023-08-2119:57 发表于湖南通常情况下,在部署了 K8S 服务之后,为了更好地监控服务的运行情况,都会接入对应的日志系统来进行检测和分析,比如常见的 Filebeat+ElasticSearch+Kibana 这一套组合来完成。虽然该组合可以满......
  • ceph-mirror
    1.环境要求集群名称集群版本storage01v17storage02v172.创建存储池全部集群操作cephosdpoolcreaterbd6464cephosdpoolapplicationenablerbdrbd3.开启mirror功能全部集群操作cephorchapplyrbd-mirror--placement=storage01/2......