Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Configuring Graylog on Clients
- ## Docker Configuration
- To configure Docker to use the `json` log driver, edit the following file:
- `sudo nano /etc/docker/daemon.json`
- Then add the following configuration:
- ```
- {
- "log-driver": "json-file"
- }
- ```
- On startup, the Docker daemon will automatically check this file for configurations and use those.
- To get these changes to take effect, the Docker daemon needs to be restarted and any running containers destroyed and recreated.
- `sudo systemctl restart docker`
- Now recreate any running containers and all logs will be sent straight to Graylog.
- ## Filebeat Configuration
- Deploy the filebeat stack on the server with the following config:
- ```
- version: "3.7"
- volumes:
- filebeat:
- external: true
- services:
- filebeat:
- image: docker.elastic.co/beats/filebeat:7.2.0
- user: root
- hostname: hpe-private-swarm-x86-dss1-staging
- volumes:
- - filebeat:/usr/share/filebeat
- - /var/lib/docker/containers:/var/lib/docker/containers/:ro
- - /var/run/docker.sock:/var/run/docker.sock
- ```
- And create the following YAML file in the volume:
- `sudo nano filebeat.yml`
- ```
- filebeat.config:
- modules:
- path: ${path.config}/modules.d/*.yml
- reload.enabled: false
- filebeat.inputs:
- - type: container
- enabled: true
- paths:
- - '/var/lib/docker/containers/*/*.log'
- multiline.pattern: '^v[0-9]\.[0-9][0-9]-'
- multiline.negate: true
- multiline.match: after
- processors:
- - add_docker_metadata:
- host: "unix:///var/run/docker.sock"
- output.logstash:
- hosts: ["192.168.1.40:5044"]
- logging.metrics.period: 300s
- ```
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
