日志记录-Docker容器中的Java应用无法正确登录到syslog

我的目标@H_502_2@

我在主机中运行着几个不同的容器.它们都与彼此的/ dev / log套接字共享一个卷.主机将这些日志转发到中央日志服务器.其他所有容器日志都显示在主机的/ var / log / messages中.其他容器是python程序,它允许日志记录直接附加到/ dev / log unix域套接字.@H_502_2@

基本配置@H_502_2@

我有一个从jar文件运行scala应用程序的docker容器. / dev / log套接字在主机和容器之间作为卷共享.该应用程序的log4j.properties文件对我来说似乎不错,并且设置如下：@H_502_2@

@H_502_2@

# Root logger option
log4j.rootLogger=INFO,file,stdout,SYSLOG

# Direct log messages to a log file
log4j.appender.file=org.apache.log4j.RollingFileAppender
log4j.appender.file.File=log/associationRules.log
log4j.appender.file.MaxFileSize=10MB
log4j.appender.file.MaxBackupIndex=10
log4j.appender.file.layout=org.apache.log4j.PatternLayout
log4j.appender.file.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} [%c{1}:%L] %-5p <%X{jobID}> %m%n

# Direct log messages to stdout
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.Target=System.out
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} [%c{1}:%L] %-5p <%X{jobID}> %m%n

# Log to syslog
log4j.appender.SYSLOG=org.apache.log4j.net.SyslogAppender
log4j.appender.SYSLOG.syslogHost=localhost
log4j.appender.SYSLOG.layout=org.apache.log4j.PatternLayout
log4j.appender.SYSLOG.layout.conversionPattern=%d{yyyy-MM-dd HH:mm:ss} [%c{1}:%L] %-5p <%X{jobID}> %m%n
log4j.appender.SYSLOG.Facility=LOCAL0
log4j.appender.SYSLOG.Threshold=debug
log4j.appender.SYSLOG.FacilityPrinting=true

标准输出和文件日志正确完成,但是SYSLOG似乎无法正常工作.日志显示在容器的/ var / log / syslog中,但不显示在主机的/ var / log / messages中.我以为SyslogAppender也会输出到/ dev / log,但似乎并没有这样做.@H_502_2@

额外细节@H_502_2@

这是我在容器的/ var / log / syslog中获得的输出.我看到imuxsock无法运行的一些问题,但我不明白日志如何存储在/ var / log / syslog上.最后两行来自应用程序,与stdout和文件附加程序一致@H_502_2@

@H_502_2@

Jul  6 18:07:18 26056b722779 rsyslogd: [origin software="rsyslogd" swVersion="7.4.4" x-pid="25" x-info="http://www.rsyslog.com"] start
Jul  6 18:07:18 26056b722779 rsyslogd: cannot create '/dev/log': Address already in use
Jul  6 18:07:18 26056b722779 rsyslogd: imuxsock does not run because we could not aquire any socket

Jul  6 18:07:18 26056b722779 rsyslogd-3000: activation of module imuxsock Failed
Jul  6 18:07:18 26056b722779 rsyslogd: imklog: cannot open kernel log (/proc/kmsg): Operation not permitted.
Jul  6 18:07:18 26056b722779 rsyslogd-2145: activation of module imklog Failed [try http://www.rsyslog.com/e/2145 ]
Jul  6 18:07:19 localhost local0: 2015-07-06 18:07:19 [AssocApp$:112] INFO  <Undefined> Listening to queue ASSOCIATIONRULES 
Jul  6 18:07:19 localhost local0: 2015-07-06 18:07:19 [AssocApp$:113] INFO  <Undefined> Listening to queue ASSOCIATIONRULES

容器的基本映像是ubuntu 14.04,安装了java.在dockerfile中,该容器映像的My CMD为：@H_502_2@

@H_502_2@

CMD sudo service rsyslog start; java -cp /root/AssociationRules.jar AssocApp

然后像这样启动容器：@H_502_2@

@H_502_2@

docker run -d -v /dev/log:/dev/log <IMAGE>

/etc/rsyslog.conf@H_502_2@

@H_502_2@

#################
#### MODULES ####
#################

$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog   # provides kernel logging support
#$ModLoad immark  # provides --MARK-- message capability

# provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514

# provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514

# Enable non-kernel facility klog messages
$KLogPermitNonKernelFacility on

###########################
#### GLOBAL DIRECTIVES ####
###########################

#
# Use traditional timestamp format.
# To enable high precision timestamps,comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# Filter duplicated messages
$RepeatedMsgReduction on

#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
#$PrivDropToUser syslog
#$PrivDropToGroup syslog

#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog

#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf

$ModLoad imudp
$UDPServerRun 514

和/etc/rsyslog.d/50-default.conf@H_502_2@

@H_502_2@

auth,authpriv.*                 /var/log/auth.log                                                                                    
*.*;auth,authpriv.none          -/var/log/syslog                                                                                     
#cron.*                         /var/log/cron.log                                                                                    
#daemon.*                       -/var/log/daemon.log                                                                                 
kern.*                          -/var/log/kern.log                                                                                   
#lpr.*                          -/var/log/lpr.log                                                                                    
mail.*                          -/var/log/mail.log                                                                                   
#user.*                         -/var/log/user.log

#
# Logging for the mail system.  Split it up so that
# it is easy to write scripts to parse these files.
#
#mail.info                      -/var/log/mail.info
#mail.warn                      -/var/log/mail.warn
mail.err                        /var/log/mail.err

#
# Logging for INN news system.
#
news.crit                       /var/log/news/news.crit
news.err                        /var/log/news/news.err
news.notice                     -/var/log/news/news.notice

#
# Some "catch-all" log files.
#
#*.=debug;\
#       auth,authpriv.none;\
#       news.none;mail.none     -/var/log/debug
#*.=info;*.=notice;*.=warn;\
#       auth,authpriv.none;\
#       cron,daemon.none;\
#       mail,news.none          -/var/log/messages

#
# Emergencies are sent to everybody logged in.
#
*.emerg                                :omusrmsg:*

#
# I like to have messages displayed on the console,but only on a virtual
# console I usually leave idle.
#
#daemon,mail.*;\
#       news.=crit;news.=err;news.=notice;\
#       *.=debug;*.=info;\
#       *.=notice;*.=warn       /dev/tty8

# The named pipe /dev/xconsole is for the `xconsole' utility.  To use it,# you must invoke `xconsole' with the `-file' option:
# 
#    $xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below,or you'll go crazy if you have a reasonably
#      busy site..
#
daemon.*;mail.*;\
        news.err;\
        *.=debug;*.=info;\
        *.=notice;*.=warn       |/dev/xconsole

最佳答案

在我看来,您对此太想了.如果我正确阅读了您的问题,则希望您的Docker容器将其syslog写入主机计算机的syslog中.@H_502_2@

您描述的错误可能是由于您正在容器内启动第二个syslog守护程序而引起的,该守护程序随后想要打开/ dev / log套接字(已经存在).@H_502_2@

我想到了几个主意(尽管都未经测试.请谨慎使用)：@H_502_2@

>为什么不将Log4j配置为直接写入远程syslog守护程序？这样既不需要在容器内使用syslog守护程序,也不需要将/ dev / log挂载到容器中？@H_502_2@

@H_502_2@

# Log to syslog
log4j.appender.SYSLOG=org.apache.log4j.net.SyslogAppender
log4j.appender.SYSLOG.syslogHost=<your-host-ip>  # <-- INSERT HOST IP HERE
log4j.appender.SYSLOG.layout=org.apache.log4j.PatternLayout

为了使您的容器具有可移植性,最好使用–add-host标志在容器创建时配置syslog服务器的IP地址：@H_502_2@

@H_502_2@

docker run -d --add-host sysloghost:<host-ip-here> <IMAGE>

这样,您可以简单地将sysloghost用作Log4J配置文件中的主机名.
>如果您坚持要在应用程序容器中运行syslog服务器,则应该(记住：全部未经测试！)将其配置为将所有消息中继到远程syslog服务器(在/etc/rsyslog.conf或/中的某个位置).等/rsyslog.d)：@H_502_2@

@H_502_2@

*.* @sysloghost:512  # UDP forwarding
# *.* @@sysloghost:512  # TCP forwarding

>更好的是,为什么不在自己的Docker容器中运行syslog守护程序并将该容器链接到您的应用程序容器中呢？@H_502_2@

请记住,对于这两种解决方案,都需要将主机上的syslog守护程序配置为侦听TCP或UDP套接字[ref]：@H_502_2@

@H_502_2@

$ModLoad imudp
$UDPServerRun 514

或者[ref]：@H_502_2@

@H_502_2@

$ModLoad imtcp # needs to be done just once
$InputTCPMaxSessions 500
$InputTCPServerRun 514

原文链接：https://www.f2er.com/docker/532575.html

日志记录-Docker容器中的Java应用无法正确登录到syslog

猜你在找的Docker相关文章