Logo

菜单

收集移动端日志

Administrator
发布于 2025-01-17 / 31 阅读 / 0 评论 / 0 点赞

收集移动端日志

收集移动端日志

因公司产品涉及移动端设备,需要记录 4G 设备发送给云上服务的请求日志与记录手机端程序日志

画了个潦草图,使用的方案是部署一个 Deployment,有 3 个容器在一个 Pod 中,Nginx 负责接收请求并记录日志、filebeat 负责采集日志发送给目标、cron 负责定时清理 nginx 日志

image-xeov.png

Nginx

nginx 使用了一个开源的模块 echo_read_request_body,这里是使用的 dockerfile 通过编译源码制作的 nginx 镜像

nginx-1.26.2.tar.gz 下载地址

echo-nginx-module-0.63.tar.gz 下载地址

FROM ubuntu:20.04

# 安装编译需要的工具
RUN apt-get update && apt-get install -y --no-install-recommends \
    gcc \
    g++ \
    make \
    libpcre3 \
    libpcre3-dev \
    zlib1g \
    zlib1g-dev \
    libssl-dev \
    curl \
    tar \
    && rm -rf /var/lib/apt/lists/*

# ADD 与 COPY 区别好像是 ADD 可以直接解压
ADD nginx-1.26.2.tar.gz /usr/local
ADD echo-nginx-module-0.63.tar.gz /usr/local

# 编译
RUN cd /usr/local/nginx-1.26.2 \
    && ./configure --prefix=/usr/local/nginx \
    --with-http_ssl_module \
    --add-module=/usr/local/echo-nginx-module-0.63 \
    && make && make install

# 复制事先做好的 nginx 配置文件
COPY nginx.conf /usr/local/nginx/conf/nginx.conf

# 删除源码包
RUN rm -rf /usr/local/nginx-1.26.2
# 创建记录日志文件路径
RUN mkdir /var/log/nginx
RUN chown -R nobody:nogroup /var/log/nginx

WORKDIR /usr/local/nginx

CMD ["./sbin/nginx", "-g", "daemon off;"]

以下是 nginx.conf 配置文件内容

worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;

    keepalive_timeout  65;

    map $upstream_response_time $upstream_response_timer {
        default $upstream_response_time;
        ""        0;
    }

    log_format json escape=none '$time_iso8601 $remote_addr $request_body'; # 保存到日志文件格式

    server {
        listen       80;
        server_name  localhost;

        if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2}):(\d{2}):(\d{2})") {
            set $year $1;
            set $month $2;
            set $day $3;
            set $hour $4;
            set $minutes $5;
            set $seconds $6;
        }

        location / {
            echo_read_request_body; # 使用的模块
            echo -n '{"status":"UP"}'; # 请求返回
            access_log /var/log/nginx/access.$year$month$day$hour.log json; # 保存路径
        }

        location =/traceLog/vehicle {
            echo_read_request_body;
            echo -n '0000010000';
            access_log /var/log/nginx/traceLog_vehicle.access.$year$month$day$hour.log json;
        }

        location ~/traceLog/(.*) {
            echo_read_request_body;
            echo -n '{"code":0, "message":"成功", "data":null}';
            access_log /var/log/nginx/traceLog_$1.access.$year$month$day$hour.log json;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
}

Filebeat

这里是使用的官网的 filebeat 包复制到镜像中执行,其中 filebeatoutput 参数只有执行时才会知道,所以可以在 deployment 中实现

filebeat 下载地址

FROM ubuntu:20.04

ADD filebeat-7.17.23-linux-x86_64.tar.gz /usr/local

RUN mv /usr/local/filebeat-7.17.23-linux-x86_64 /usr/local/filebeat

WORKDIR /usr/local/filebeat

CMD ["/bin/bash", "-c", "./filebeat"]

Cron

定时任务用作删除 nginx 过时文件

FROM ubuntu:20.04

RUN apt-get update && apt-get install -y cron

COPY submit.sh /usr/local/submit.sh
COPY cronfile /etc/cron.d/submit-cron

RUN touch /var/log/cron.log
RUN rm -rf /etc/localtime
RUN ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
CMD cron && tail -f /var/log/cron.log

cronfile文件

0 1 * * * root /usr/local/submit.sh

submit.sh文件

#!/bin/bash

find /var/log/nginx -type f -mtime +7 -exec rm -f {} \;;

deployment 文件

执行 deployment 部署服务,最后使用公网负载均衡对接 svc

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: filebeat-config
data:
  filebeat.yml: |
    filebeat.inputs:
      - type: log
        enabled: true
        paths:
          - /var/log/nginx/*.log

    processors:
      - drop_fields:
          fields: ["@timestamp", "@metadata", "log", "ecs", "host", "agent", "input"]

    output.kafka:
      enabled: true
      hosts: ["192.168.89.129:9092"] #需根据真实情况修改
      topic: "nginx-logs"
      codec.format:
        string: '%{[message]}'

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-log-forwarder
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx-log-forwarder
  template:
    metadata:
      labels:
        app: nginx-log-forwarder
    spec:
      containers:
        - name: nginx
          image: nginx-log:v2
          ports:
            - containerPort: 80
          volumeMounts:
            - name: nginx-logs
              mountPath: /var/log/nginx
        - name: filebeat
          image:filebeat-log:v4
          volumeMounts:
            - name: filebeat-config
              subPath: filebeat.yml
              mountPath: /usr/local/filebeat/filebeat.yml
            - name: nginx-logs
              mountPath: /var/log/nginx
        - name: cron
          image: cron:v1
          volumeMounts:
            - name: nginx-logs
              mountPath: /var/log/nginx
      volumes:
        - name: filebeat-config # filebeat 配置文件
          configMap:
            name: filebeat-config
        - name: nginx-logs # 3个容器共享文件夹
          emptyDir: {}

---
apiVersion: v1
kind: Service
metadata:
  name: nginx-log-forwarder
spec:
  type: NodePort
  selector:
    app: nginx-log-forwarder
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
Linux 文件备份