1. Introduction
1.绪论
Graylog is a log aggregation service. Simply put, it’s capable of collecting millions of log messages from multiple sources and displaying them in a single interface.
Graylog是一个日志聚合服务。简单地说,它能够从多个来源收集数以百万计的日志信息,并在一个界面上显示这些信息。
And, it also provides a number of other features such as real-time alerts, dashboards with graphs and charts, and much more.
而且,它还提供了许多其他功能,如实时警报、带有图表的仪表板等等。
In this tutorial, we’ll see how to set up a Graylog server and send log messages to it from a Spring Boot application.
在本教程中,我们将看到如何设置Graylog服务器并从Spring Boot应用中向其发送日志信息。
2. Setting up Graylog
2.设置Graylog
There are several ways to install and run Graylog. In this tutorial, we’ll discuss the two quickest ways: Docker and Amazon Web Services.
有几种方法来安装和运行Graylog。在本教程中,我们将讨论两种最快捷的方式。Docker和亚马逊网络服务。
2.1. Docker
2.1 Docker
The following commands will download all the required Docker images and start a container for each service:
下面的命令将下载所有需要的Docker镜像,并为每个服务启动一个容器。
$ docker run --name mongo -d mongo:3
$ docker run --name elasticsearch -p 9200:9200 -p 9300:9300 \
-e ES_JAVA_OPTS="-Xms2g -Xmx4g" \
-e "discovery.type=single-node" -e "xpack.security.enabled=false" \
-e "bootstrap.memory_lock=true" --ulimit memlock=-1:-1 \
-d docker.elastic.co/elasticsearch/elasticsearch:5.6.11
$ docker run --name graylog --link mongo --link elasticsearch \
-p 9000:9000 -p 12201:12201 -p 514:514 -p 5555:5555 \
-e GRAYLOG_WEB_ENDPOINT_URI="http://127.0.0.1:9000/api" \
-d graylog/graylog:2.4.6-1
The Graylog dashboard is now available using the URL http://localhost:9000/ and the default username and password are both admin.
Graylog仪表板现在可以使用http://localhost:9000/,默认用户名和密码都是admin。
While the Docker setup is the simplest, it does require a substantial amount of memory. It also doesn’t work on Docker for Mac, so may not be suitable for all platforms.
虽然Docker设置是最简单的,但它确实需要大量的内存。它也不能在Docker for Mac上运行,所以可能不适合所有平台。
2.2. Amazon Web Services
2.2.亚马逊网络服务
The next easiest option for setting up Graylog for testing is Amazon Web Services. Graylog provides an official AMI that includes all the required dependencies, although it does require some additional configuration after installation.
设置Graylog进行测试的第二个最简单的选择是Amazon Web Services。Graylog提供了一个官方AMI,包括所有需要的依赖性,尽管它在安装后需要一些额外的配置。
We can quickly deploy an EC2 instance with the Graylog AMI by clicking here and selecting a region. Graylog recommends using an instance with at least 4GB memory.
我们可以通过点击这里并选择一个区域,快速部署一个带有Graylog AMI的EC2实例。Graylog建议使用一个至少有4GB内存的实例。
After the instance has started, we need to SSH into the host and make a few changes. The following commands will configure the Graylog service for us:
实例启动后,我们需要SSH进入主机并做一些修改。下面的命令将为我们配置Graylog服务。
$ sudo graylog-ctl enforce-ssl
$ sudo graylog-ctl set-external-ip https://<EC2 PUBLIC IP>:443/api/
$ sudo graylog-ctl reconfigure
We also need to update the security group that was created with the EC2 instance to allow network traffic on specific ports. The graphic below shows the ports and protocols that need to be enabled:
我们还需要更新与EC2实例一起创建的安全组,以允许特定端口的网络流量。下面的图形显示了需要启用的端口和协议。
The Graylog dashboard is now available using the URL https://<EC2 PUBLIC IP>/ and the default username and password are both admin.
Graylog仪表板现在可以使用https://<EC2 PUBLIC IP>/,默认用户名和密码都是admin。
2.3. Other Graylog Installations
2.3.其他Graylog安装
Aside from Docker and AWS, there are also Graylog packages for various operating systems. With this approach, we also have to set up an ElasticSearch and MongoDB service.
除了Docker和AWS之外,还有适用于各种操作系统的Graylog包。通过这种方法,我们还必须设置ElasticSearch和MongoDB服务。
For this reason, Docker and AWS are much easier to set up, especially for development and testing purposes.
由于这个原因,Docker和AWS更容易设置,特别是在开发和测试方面。
3. Sending in Log Messages
3.送入日志信息
With Graylog up and running, we must now configure our Spring Boot application to send log messages to the Graylog server.
随着Graylog的启动和运行,我们现在必须配置我们的Spring Boot应用程序,以发送日志信息到Graylog服务器。
Any Java logging framework can support sending messages to a Graylog server using the GELF protocol.
任何Java日志框架都可以支持使用GELF协议向Graylog服务器发送消息。
3.1. Log4J
3.1. Log4J
At this time the only officially supported logging framework is Log4J. Graylog provides an appender, which is available on Maven central.
目前,官方唯一支持的日志框架是Log4J。Graylog提供了一个appender,可在Maven central上使用。
We can enable it by adding the following Maven dependency to any pom.xml file:
我们可以通过在任何pom.xml文件中添加以下Maven依赖项来启用它。
<dependency>
<groupId>org.graylog2</groupId>
<artifactId>gelfj</artifactId>
<version>1.1.16</version>
</dependency>
We also must exclude the logging starter module anywhere we use a Spring Boot starter module:
我们还必须在使用Spring Boot启动模块的地方排除日志启动模块。
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<exclusions>
<exclusion>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
Now we can define a new appender in our log4j.xml file:
现在我们可以在我们的log4j.xml文件中定义一个新的appender。
<appender name="graylog" class="org.graylog2.log.GelfAppender">
<param name="graylogHost" value="<GRAYLOG IP>"/>
<param name="originHost" value="localhost"/>
<param name="graylogPort" value="12201"/>
<param name="extractStacktrace" value="true"/>
<param name="addExtendedInformation" value="true"/>
<param name="facility" value="log4j"/>
<param name="Threshold" value="INFO"/>
<param name="additionalFields" value="{'environment': 'DEV', 'application': 'GraylogDemoApplication'}"/>
</appender>
This will configure all log messages with INFO level or higher to go to the Graylog appender, which in turn sends the log message to the Graylog server.
这将配置所有INFO级别或更高的日志信息到Graylog appender,后者反过来将日志信息发送到Graylog服务器。
3.2. Other Logging Frameworks
3.2.其他日志框架
The Graylog marketplace has additional libraries that support a variety of other logging frameworks such as Logback, Log4J2, and more. Just beware that these libraries are not maintained by Graylog. Some of them are abandoned, and others have little or no documentation.
Graylog市场有额外的库,支持其他各种日志框架,如Logback、Log4J2等。请注意,这些库并非由Graylog维护。其中一些已被放弃,而另一些则几乎没有任何文档。
Caution should be used when relying on these 3rd party libraries.
在依赖这些第三方库时,应谨慎行事。
3.3. Graylog Collector Sidecar
3.3.灰色日志收集器侧车
Another option for log collection is the Graylog Collector Sidecar. The sidecar is a process that runs along a file collector, sending log file contents to a Graylog server.
日志收集的另一个选择是Graylog Collector Sidecar。sidecar是一个沿着文件收集器运行的进程,将日志文件内容发送到Graylog服务器。
The Sidecar is a great option for applications where changing log configuration files isn’t possible. And because it reads log files directly from disk, it can also be used to integrate log messages from any platform and programming language.
对于那些不可能改变日志配置文件的应用,Sidecar是一个很好的选择。而且由于它直接从磁盘上读取日志文件,它还可以用来整合来自任何平台和编程语言的日志信息。
4. Viewing Messages in Graylog
4.查看灰色日志中的信息
We can use the Graylog dashboard to confirm successful delivery of our log messages. Using the filter source:localhost will show the log messages from our sample log4j config above:
我们可以使用Graylog仪表板来确认我们的日志信息是否成功交付。使用过滤器source:localhost将显示我们上面的样本log4j配置中的日志信息。
5. Conclusion
5.总结
Graylog is just one of many log aggregation services. It can quickly search millions of log messages, visualize log data in real-time, and send alerts when certain conditions are true.
Graylog只是众多日志聚合服务中的一个。它可以快速搜索数以百万计的日志信息,实时可视化日志数据,并在某些条件下发送警报。
Integrating Graylog into a Spring Boot application only requires a few lines of configuration and without any new code.
将Graylog集成到Spring Boot应用中只需要几行配置,而且不需要任何新代码。
Code samples, as always, can be found on GitHub.