# graylog

**Repository Path**: sunnyfe/graylog

## Basic Information

- **Project Name**: graylog
- **Description**: docker-compose搭建Graylog分布式日志采集系统
- **Primary Language**: Java
- **License**: Not specified
- **Default Branch**: main
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 2
- **Forks**: 0
- **Created**: 2023-08-17
- **Last Updated**: 2024-08-22

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

# docker-compose搭建分布式日志采集系统


**分布式日志收集系统包含组件, MongoDB, Elasticsearch, Graylog**

## 一、环境:

docker: 24.0.1
	具体安装教程移步: [Docker初级学习笔记](https://blog.csdn.net/Fall_enleaves/article/details/130325496?spm=1001.2014.3001.5502)
	docker-compose: 1.24.1
		具体安装教程移步: [Docker-Compos模版,常用命令,学习笔记](https://blog.csdn.net/Fall_enleaves/article/details/130325496?spm=1001.2014.3001.5502)


Graylog 官方文档地址: https://go2docs.graylog.org/5-1/downloading_and_installing_graylog/docker_installation.htm


## 二、步骤

### 1. 获取最新docker-compose.yml文件(这里展示的不是最新的)

````yml
# https://go2docs.graylog.org/5-1/downloading_and_installing_graylog/docker_installation.htm
version: '3'

services:
  mongo:
    image: mongo:3
    container_name: graylog_mongo
    restart: unless-stopped
    environment: 
      - TZ=Asia/Shanghai
    networks:
      - graylog

  elasticsearch:
    image: elasticsearch
    container_name: graylog_elasticsearch
    restart: unless-stopped
    environment:
      - http.host=0.0.0.0
      - transport.host=localhost
      - network.host=0.0.0.0
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - TZ=Asia/Shanghai
    ulimits:
      memlock:
        soft: -1
        hard: -1
    deploy:
      resources:
        limits:
          memory: 1g
    networks:
      - graylog

  graylog:
    image: graylog/graylog:3.3
    container_name: graylog
    restart: unless-stopped
    environment:
      - GRAYLOG_PASSWORD_SECRET=somepasswordpepper
       # Password: admin
      - GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
      # TODO 这里填写自己的ip地址
      - GRAYLOG_HTTP_EXTERNAL_URI=http:127.0.0.1:9001/
      - TZ=Asia/Shanghai
    ports:
      # Graylog web interface and REST API
      - 9001:9000
      # Syslog TCP
      - 1514:1514
      # Syslog UDP
      - 1514:1514/udp
      # GELF TCP
      - 12201:12201
      # GELF UDP
      - 12201:12201/udp
    networks:
      - graylog
    depends_on:
      - mongo
      - elasticsearch

# 网桥graylog -> 方便相互通讯
networks:
  graylog:
    driver: bridge
````


 ### 2. docker-compose启动脚本

 docker-compose up -d
 等待执行结束

### 3. 开放相应端口

开放Graylog页面端口
firewall-cmd --zone=public --add-port=9001/tcp --permanent
开放日志提交Graylog端口
firewall-cmd --zone=public --add-port=12201/tcp --permanent
重启防火墙
firewall-cmd --reload


## 三、启动一个springboot项目, 推送日志到Graylog

### 1. 添加logback.xml

**说三遍!!!!!**
 **全部复制!** 
 **全部复制!**
  **全部复制**

````xml
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <!--也可以使用工程的名字-->
    <springProperty scope="context" name="springAppName" source="spring.application.name"/>

    <property name="log.path" value="./logs"/>
    <property name="console.log.pattern"
              value="${springAppName} %red(%d{yyyy-MM-dd HH:mm:ss}) %green([%thread]) %highlight(%-5level) %boldMagenta(%logger{36}) - %msg%n"/>
    <property name="log.pattern" value="%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %msg%n"/>

    <!-- 控制台输出 -->
    <appender name="console" class="ch.qos.logback.core.ConsoleAppender">
        <encoder class="com.yomahub.tlog.core.enhance.logback.AspectLogbackEncoder">
            <pattern>${console.log.pattern}</pattern>
            <charset>utf-8</charset>
        </encoder>
    </appender>

    <!-- 控制台输出 -->
    <appender name="file_console" class="ch.qos.logback.core.rolling.RollingFileAppender">
        <file>${log.path}/sys-console.log</file>
        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
            <!-- 日志文件名格式 -->
            <fileNamePattern>${log.path}/sys-console.%d{yyyy-MM-dd}.log</fileNamePattern>
            <!-- 日志最大 1天 -->
            <maxHistory>1</maxHistory>
        </rollingPolicy>
        <encoder class="com.yomahub.tlog.core.enhance.logback.AspectLogbackEncoder">
            <pattern>${log.pattern}</pattern>
            <charset>utf-8</charset>
        </encoder>
        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
            <!-- 过滤的级别 -->
            <level>INFO</level>
        </filter>
    </appender>

    <!-- 系统日志输出 -->
    <appender name="file_info" class="ch.qos.logback.core.rolling.RollingFileAppender">
        <file>${log.path}/sys-info.log</file>
        <!-- 循环政策：基于时间创建日志文件 -->
        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
            <!-- 日志文件名格式 -->
            <fileNamePattern>${log.path}/sys-info.%d{yyyy-MM-dd}.log</fileNamePattern>
            <!-- 日志最大的历史 60天 -->
            <maxHistory>60</maxHistory>
        </rollingPolicy>
        <encoder class="com.yomahub.tlog.core.enhance.logback.AspectLogbackEncoder">
            <pattern>${log.pattern}</pattern>
        </encoder>
        <filter class="ch.qos.logback.classic.filter.LevelFilter">
            <!-- 过滤的级别 -->
            <level>INFO</level>
            <!-- 匹配时的操作：接收（记录） -->
            <onMatch>ACCEPT</onMatch>
            <!-- 不匹配时的操作：拒绝（不记录） -->
            <onMismatch>DENY</onMismatch>
        </filter>
    </appender>

    <appender name="file_error" class="ch.qos.logback.core.rolling.RollingFileAppender">
        <file>${log.path}/sys-error.log</file>
        <!-- 循环政策：基于时间创建日志文件 -->
        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
            <!-- 日志文件名格式 -->
            <fileNamePattern>${log.path}/sys-error.% d{yyyy-MM-dd}.log</fileNamePattern>
            <!-- 日志最大的历史 60天 -->
            <maxHistory>60</maxHistory>
        </rollingPolicy>
        <encoder class="com.yomahub.tlog.core.enhance.logback.AspectLogbackEncoder">
            <pattern>${log.pattern}</pattern>
        </encoder>
        <filter class="ch.qos.logback.classic.filter.LevelFilter">
            <!-- 过滤的级别 -->
            <level>ERROR</level>
            <!-- 匹配时的操作：接收（记录） -->
            <onMatch>ACCEPT</onMatch>
            <!-- 不匹配时的操作：拒绝（不记录） -->
            <onMismatch>DENY</onMismatch>
        </filter>
    </appender>

    <appender name="GELF" class="de.siegmar.logbackgelf.GelfUdpAppender">
        <graylogHost>172.16.201.213</graylogHost>
        <graylogPort>12201</graylogPort>
    </appender>

    <!-- 系统模块日志级别控制  -->
    <logger name="com.example" level="info" />
    <!-- Spring日志级别控制  -->
    <logger name="org.springframework" level="warn" />

    <root level="info">
        <appender-ref ref="console" />
    </root>

    <!--系统操作日志-->
    <root level="info">
        <appender-ref ref="file_info" />
        <appender-ref ref="file_error" />
        <appender-ref ref="file_console" />
        <appender-ref ref="GELF" />
    </root>

</configuration>
````


### 2. maven添加依赖

这个tlLog很香, 后面有机会再介绍
可以参考学习: https://blog.csdn.net/weixin_41541562/article/details/123629617

````xml
<dependency>
    <groupId>de.siegmar</groupId>
    <artifactId>logback-gelf</artifactId>
    <version>3.0.0</version>
</dependency>

<dependency>
    <groupId>com.yomahub</groupId>
    <artifactId>tlog-web-spring-boot-starter</artifactId>
    <version>1.3.6</version>
</dependency>
````
### 3. 起动Springboot项目
写个定时任务, 一直打印日志
````java
@Slf4j
@Component
@EnableScheduling
public class AppScheduledJobs {

    /**
     * 每3秒执行一次
     */
    @Scheduled(cron = "*/1 * * * * ?")
    public void test() {
        log.debug("deb日志" + new Date());
        log.error("error 【{}】 ", new Date());
        log.warn("warn Start: 【{}】 ", new Date());
        log.info("info Start: 【{}】 ", new Date());
        log.debug("debug Start: 【{}】 ", new Date());
    }

}

````

## 四、进入Graylog 配置日志查询
### 1. 访问ip:9001进到Graylog
点击导航栏: System -> inputs
![Graylog配置日志](img.png)

### 2. 配置日志信息
只用填写名字
![配置日志信息](img_1.png)
保存 就O了

### 2. 点击导航栏search

日志就来了
![日志](img_2.png)