日志记录-Docker容器中的Java应用无法正确登录到syslog

前端之家收集整理的这篇文章主要介绍了日志记录-Docker容器中的Java应用无法正确登录到syslog 前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

我的目标

我在主机中运行着几个不同的容器.它们都与彼此的/ dev / log套接字共享一个卷.主机将这些日志转发到中央日志服务器.其他所有容器日志都显示在主机的/ var / log / messages中.其他容器是python程序,它允许日志记录直接附加到/ dev / log unix域套接字.

基本配置

我有一个从jar文件运行scala应用程序的docker容器. / dev / log套接字在主机和容器之间作为卷共享.该应用程序的log4j.properties文件对我来说似乎不错,并且设置如下:

  1. # Root logger option
  2. log4j.rootLogger=INFO,file,stdout,SYSLOG
  3. # Direct log messages to a log file
  4. log4j.appender.file=org.apache.log4j.RollingFileAppender
  5. log4j.appender.file.File=log/associationRules.log
  6. log4j.appender.file.MaxFileSize=10MB
  7. log4j.appender.file.MaxBackupIndex=10
  8. log4j.appender.file.layout=org.apache.log4j.PatternLayout
  9. log4j.appender.file.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} [%c{1}:%L] %-5p <%X{jobID}> %m%n
  10. # Direct log messages to stdout
  11. log4j.appender.stdout=org.apache.log4j.ConsoleAppender
  12. log4j.appender.stdout.Target=System.out
  13. log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
  14. log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} [%c{1}:%L] %-5p <%X{jobID}> %m%n
  15. # Log to syslog
  16. log4j.appender.SYSLOG=org.apache.log4j.net.SyslogAppender
  17. log4j.appender.SYSLOG.syslogHost=localhost
  18. log4j.appender.SYSLOG.layout=org.apache.log4j.PatternLayout
  19. log4j.appender.SYSLOG.layout.conversionPattern=%d{yyyy-MM-dd HH:mm:ss} [%c{1}:%L] %-5p <%X{jobID}> %m%n
  20. log4j.appender.SYSLOG.Facility=LOCAL0
  21. log4j.appender.SYSLOG.Threshold=debug
  22. log4j.appender.SYSLOG.FacilityPrinting=true

标准输出文件日志正确完成,但是SYSLOG似乎无法正常工作.日志显示在容器的/ var / log / syslog中,但不显示在主机的/ var / log / messages中.我以为SyslogAppender也会输出到/ dev / log,但似乎并没有这样做.

额外细节

这是我在容器的/ var / log / syslog中获得的输出.我看到imuxsock无法运行的一些问题,但我不明白日志如何存储在/ var / log / syslog上.最后两行来自应用程序,与stdout和文件附加程序一致

  1. Jul 6 18:07:18 26056b722779 rsyslogd: [origin software="rsyslogd" swVersion="7.4.4" x-pid="25" x-info="http://www.rsyslog.com"] start
  2. Jul 6 18:07:18 26056b722779 rsyslogd: cannot create '/dev/log': Address already in use
  3. Jul 6 18:07:18 26056b722779 rsyslogd: imuxsock does not run because we could not aquire any socket
  4. Jul 6 18:07:18 26056b722779 rsyslogd-3000: activation of module imuxsock Failed
  5. Jul 6 18:07:18 26056b722779 rsyslogd: imklog: cannot open kernel log (/proc/kmsg): Operation not permitted.
  6. Jul 6 18:07:18 26056b722779 rsyslogd-2145: activation of module imklog Failed [try http://www.rsyslog.com/e/2145 ]
  7. Jul 6 18:07:19 localhost local0: 2015-07-06 18:07:19 [AssocApp$:112] INFO <Undefined> Listening to queue ASSOCIATIONRULES
  8. Jul 6 18:07:19 localhost local0: 2015-07-06 18:07:19 [AssocApp$:113] INFO <Undefined> Listening to queue ASSOCIATIONRULES

容器的基本映像是ubuntu 14.04,安装了java.在dockerfile中,该容器映像的My CMD为:

  1. CMD sudo service rsyslog start; java -cp /root/AssociationRules.jar AssocApp

然后像这样启动容器:

  1. docker run -d -v /dev/log:/dev/log <IMAGE>

/etc/rsyslog.conf

  1. #################
  2. #### MODULES ####
  3. #################
  4. $ModLoad imuxsock # provides support for local system logging
  5. $ModLoad imklog # provides kernel logging support
  6. #$ModLoad immark # provides --MARK-- message capability
  7. # provides UDP syslog reception
  8. #$ModLoad imudp
  9. #$UDPServerRun 514
  10. # provides TCP syslog reception
  11. #$ModLoad imtcp
  12. #$InputTCPServerRun 514
  13. # Enable non-kernel facility klog messages
  14. $KLogPermitNonKernelFacility on
  15. ###########################
  16. #### GLOBAL DIRECTIVES ####
  17. ###########################
  18. #
  19. # Use traditional timestamp format.
  20. # To enable high precision timestamps,comment out the following line.
  21. #
  22. $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
  23. # Filter duplicated messages
  24. $RepeatedMsgReduction on
  25. #
  26. # Set the default permissions for all log files.
  27. #
  28. $FileOwner syslog
  29. $FileGroup adm
  30. $FileCreateMode 0640
  31. $DirCreateMode 0755
  32. $Umask 0022
  33. #$PrivDropToUser syslog
  34. #$PrivDropToGroup syslog
  35. #
  36. # Where to place spool and state files
  37. #
  38. $WorkDirectory /var/spool/rsyslog
  39. #
  40. # Include all config files in /etc/rsyslog.d/
  41. #
  42. $IncludeConfig /etc/rsyslog.d/*.conf
  43. $ModLoad imudp
  44. $UDPServerRun 514

和/etc/rsyslog.d/50-default.conf

  1. auth,authpriv.* /var/log/auth.log
  2. *.*;auth,authpriv.none -/var/log/syslog
  3. #cron.* /var/log/cron.log
  4. #daemon.* -/var/log/daemon.log
  5. kern.* -/var/log/kern.log
  6. #lpr.* -/var/log/lpr.log
  7. mail.* -/var/log/mail.log
  8. #user.* -/var/log/user.log
  9. #
  10. # Logging for the mail system. Split it up so that
  11. # it is easy to write scripts to parse these files.
  12. #
  13. #mail.info -/var/log/mail.info
  14. #mail.warn -/var/log/mail.warn
  15. mail.err /var/log/mail.err
  16. #
  17. # Logging for INN news system.
  18. #
  19. news.crit /var/log/news/news.crit
  20. news.err /var/log/news/news.err
  21. news.notice -/var/log/news/news.notice
  22. #
  23. # Some "catch-all" log files.
  24. #
  25. #*.=debug;\
  26. # auth,authpriv.none;\
  27. # news.none;mail.none -/var/log/debug
  28. #*.=info;*.=notice;*.=warn;\
  29. # auth,authpriv.none;\
  30. # cron,daemon.none;\
  31. # mail,news.none -/var/log/messages
  32. #
  33. # Emergencies are sent to everybody logged in.
  34. #
  35. *.emerg :omusrmsg:*
  36. #
  37. # I like to have messages displayed on the console,but only on a virtual
  38. # console I usually leave idle.
  39. #
  40. #daemon,mail.*;\
  41. # news.=crit;news.=err;news.=notice;\
  42. # *.=debug;*.=info;\
  43. # *.=notice;*.=warn /dev/tty8
  44. # The named pipe /dev/xconsole is for the `xconsole' utility. To use it,# you must invoke `xconsole' with the `-file' option:
  45. #
  46. # $xconsole -file /dev/xconsole [...]
  47. #
  48. # NOTE: adjust the list below,or you'll go crazy if you have a reasonably
  49. # busy site..
  50. #
  51. daemon.*;mail.*;\
  52. news.err;\
  53. *.=debug;*.=info;\
  54. *.=notice;*.=warn |/dev/xconsole
最佳答案
在我看来,您对此太想了.如果我正确阅读了您的问题,则希望您的Docker容器将其syslog写入主机计算机的syslog中.

您描述的错误可能是由于您正在容器内启动第二个syslog守护程序而引起的,该守护程序随后想要打开/ dev / log套接字(已经存在).

我想到了几个主意(尽管都未经测试.请谨慎使用):

>为什么不将Log4j配置为直接写入远程syslog守护程序?这样既不需要在容器内使用syslog守护程序,也不需要将/ dev / log挂载到容器中?

  1. # Log to syslog
  2. log4j.appender.SYSLOG=org.apache.log4j.net.SyslogAppender
  3. log4j.appender.SYSLOG.syslogHost=<your-host-ip> # <-- INSERT HOST IP HERE
  4. log4j.appender.SYSLOG.layout=org.apache.log4j.PatternLayout

为了使您的容器具有可移植性,最好使用–add-host标志在容器创建时配置syslog服务器的IP地址:

  1. docker run -d --add-host sysloghost:<host-ip-here> <IMAGE>

这样,您可以简单地将sysloghost用作Log4J配置文件中的主机名.
>如果您坚持要在应用程序容器中运行syslog服务器,则应该(记住:全部未经测试!)将其配置为将所有消息中继到远程syslog服务器(在/etc/rsyslog.conf或/中的某个位置).等/rsyslog.d):

  1. *.* @sysloghost:512 # UDP forwarding
  2. # *.* @@sysloghost:512 # TCP forwarding

>更好的是,为什么不在自己的Docker容器中运行syslog守护程序并将该容器链接到您的应用程序容器中呢?

请记住,对于这两种解决方案,都需要将主机上的syslog守护程序配置为侦听TCP或UDP套接[ref]

  1. $ModLoad imudp
  2. $UDPServerRun 514

或者[ref]

  1. $ModLoad imtcp # needs to be done just once
  2. $InputTCPMaxSessions 500
  3. $InputTCPServerRun 514

猜你在找的Docker相关文章