带有 Syslog 容器的 Docker 日志记录

Question

问题

所以我正在尝试在我的 docker-compose 设置中设置日志记录。
现在我遇到了app 服务连接到logging 服务的问题，特别是...

Error response from daemon: failed to initialize logging driver: dial udp: lookup ng on 192.168.65.5:53: read udp 192.168.65.4:50257->192.168.65.5:53: i/o timeout

我希望我的应用程序/容器将其所有日志发送到另一个具有 rsyslog 设置的容器。我不确定是否需要将服务指定为主机或其他内容，但我找不到任何解释我将如何做到这一点的东西。

最后，我想水平扩展应用程序，并让它们都指向一个负载平衡代理，如 Traefik，它将日志传递到多个 rsyslog 容器。

文档

命令行输出

    $ docker-compose up
    [+] Building 1.7s (18/18) FINISHED
     => [turbo-train_syslog-ng internal] load build definition from Dockerfile                                               0.1s
     => => transferring dockerfile: 202B                                                                                     0.0s
     => [turbo-train_application internal] load build definition from Dockerfile                                             0.1s
     => => transferring dockerfile: 509B                                                                                     0.0s
     => [turbo-train_syslog-ng internal] load .dockerignore                                                                  0.0s
     => => transferring context: 2B                                                                                          0.0s
     => [turbo-train_application internal] load .dockerignore                                                                0.0s
     => => transferring context: 2B                                                                                          0.0s
     => [turbo-train_syslog-ng internal] load metadata for docker.io/library/alpine:latest                                   0.0s
     => [turbo-train_syslog-ng 1/3] FROM docker.io/library/alpine:latest                                                     0.0s
     => [turbo-train_syslog-ng internal] load build context                                                                  0.1s
     => => transferring context: 2.91kB                                                                                      0.0s
     => [turbo-train_application internal] load metadata for docker.io/library/golang:latest                                 1.3s
     => CACHED [turbo-train_syslog-ng 2/3] RUN apk update && apk upgrade --available && apk add rsyslog                      0.0s
     => [turbo-train_syslog-ng 3/3] COPY conf/rsyslog.conf /etc/rsyslog.conf                                                 0.1s
     => [turbo-train_application] exporting to image                                                                         0.0s
     => => exporting layers                                                                                                  0.0s
     => => writing image sha256:<HashValue>                                                                                  0.0s
     => => naming to docker.io/library/turbo-train_syslog-ng                                                                 0.0s
     => => writing image sha256:<HashValue>                                                                                  0.0s
     => => naming to docker.io/library/turbo-train_application                                                               0.0s
     => [auth] library/golang:pull token for registry-1.docker.io                                                            0.0s
     => [turbo-train_application build 1/4] FROM docker.io/library/golang:latest@sha256:<HashValue>                          0.0s
     => [turbo-train_application internal] load build context                                                                0.1s
     => => transferring context: 222B                                                                                        0.0s
     => CACHED [turbo-train_application build 2/4] WORKDIR /go/src/app                                                       0.0s
     => CACHED [turbo-train_application build 3/4] COPY [ ./src/go-app.go, ./src/go.mod, /go/src/app/ ]                      0.0s
     => CACHED [turbo-train_application build 4/4] RUN go build -o go-app                                                    0.0s
     => CACHED [turbo-train_application stage-1 1/1] COPY --from=build /go/src/app/go-app /go-app                            0.0s
    
    Use 'docker scan' to run Snyk tests against images to find vulnerabilities and learn how to fix them
    [+] Running 3/3
     - Network turbo-train_default  Created                                                                                  0.7s
     - Container gopkg              Created                                                                                  0.3s
     - Container syslog-ng          Created                                                                                  0.3s
    Attaching to gopkg, syslog-ng
    syslog-ng  | rsyslogd 8.2012.0: running as pid 1, enabling container-specific defaults, press ctl-c to terminate rsyslog
    Error response from daemon: failed to initialize logging driver: dial udp: lookup ng on 192.168.65.5:53: read udp 192.168.65.4:50257->192.168.65.5:53: i/o timeout

docker-compose.yml

    # docker-compose.yml
    version: '3.9'
    services:
      # Svc 1
      application:
        build:
          context: ./app
          dockerfile: Dockerfile
        container_name: gopkg
        dns: 1.1.1.1
        logging:
          driver: syslog
          options:
            syslog-address: "udp://${syslog-ng}:514"
            tag: gopkg
        depends_on:
          - logging
      # Svc 2
      syslog-ng:
        build:
          context: ./syslog
          dockerfile: Dockerfile
        container_name: syslog-ng
        dns: 1.1.1.1

/etc/rsyslog.conf

    # rsyslog configuration file
    #
    # For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
    # or latest version online at http://www.rsyslog.com/doc/rsyslog_conf.html
    # If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
    
    
    #### Global directives ####
    
    # Sets the directory that rsyslog uses for work files.
    $WorkDirectory /var/lib/rsyslog
    
    # Sets default permissions for all log files.
    $FileOwner root
    $FileGroup adm
    $FileCreateMode 0640
    $DirCreateMode 0755
    $Umask 0022
    
    # Check config syntax on startup and abort if unclean (default off).
    #$AbortOnUncleanConfig on
    
    # Reduce repeating messages (default off).
    #$RepeatedMsgReduction on
    
    
    #### Modules ####
    
    # Provides --MARK-- message capability.
    module(load="immark")
    
    # Provides support for local system logging (e.g. via logger command).
    module(load="imuxsock")
    
    # Reads kernel messages.
    # module(load="imklog")
    
    #### Config files ####
    
    # Include all config files in /etc/rsyslog.d/.
    include(file="/etc/rsyslog.d/*.conf" mode="optional")
    
    #### Rules ####
    
    # Log all kernel messages to kern.log.
    kern.*                                                  /var/log/kern.log
    
    # Log anything (except mail) of level info or higher.
    # Don't log private authentication messages!
    # NOTE: The minus sign in front of filename disables buffer flush.
    *.info;authpriv.none;cron.none;kern.none;mail.none      -/var/log/messages
    
    # The authpriv file has restricted access.
    authpriv.*                                              /var/log/auth.log
    
    # Log all the mail messages in one place.
    mail.*                                                  -/var/log/mail.log
    
    # Log cron stuff.
    cron.*                                                  -/var/log/cron.log
    
    # Everybody gets emergency messages.
    *.emerg                                                 :omusrmsg:*
    
    # Log all kernel messages to the console.
    # Logging much else clutters up the screen.
    #kern.*                                                 /dev/console
    
    
    ### Examples ####
    
    # Send all logs to remote syslog via UDP.
    # An on-disk queue is created for this action. If the remote host is
    # down, messages are spooled to disk and sent when it is up again.
    #*.* action(
    #       type="omfwd"
    #       target="192.168.0.1"
    #       port="514"
    #       protocol="udp"
    #       queue.filename="fwdRule1"  # unique name prefix for spool files
    #       queue.type="LinkedList"
    #       queue.maxDiskSpace="256m"
    #       queue.saveOnShutdown="on"
    #       action.resumeRetryCount="-1"
    #       action.resumeInterval="30"
    #)
    
    # Receive messages from remote host via UDP
    # for parameters see http://www.rsyslog.com/doc/imudp.html
    module(load="imudp")  # needs to be done just once
    input(
          type="imudp"
          port="514"
    )

Dockerfile - rsyslog (./syslog/Dockerfile)

    FROM alpine:latest AS syslog
    RUN apk update && apk upgrade --available && apk add rsyslog
    COPY conf/rsyslog.conf /etc/rsyslog.conf
    ENTRYPOINT ["rsyslogd", "-n"]

Dockerfile - Go 应用程序 (./app/Dockerfile)

    # STAGE 1: Build
    FROM golang:latest AS build
    WORKDIR /go/src/app
    COPY [ "./src/go-app.go", "./src/go.mod", "/go/src/app/" ]
    RUN go build -o go-app
    
    # -------------------------------------------------
    # STAGE 2: Deployment
    FROM scratch
    COPY --from=build /go/src/app/go-app /go-app
    ENTRYPOINT [ "/go-app" ]

Answer 1

我认为您遇到的错误是由于无法在日志记录驱动程序 syslog-address 中引用另一个容器（请参阅类似问题 here 和 here）。此外，我认为您也不需要将日志发送到 go 应用程序中的 syslog，它应该定期记录到 stdout。

其中一种解决方案可能是运行系统日志并公开其系统日志端口，然后将 syslog-address 指向 host.docker.internal。

这是我的示例（好吧，稍微修改了您的示例），也可以通过 here 进行克隆。

文件夹结构：

 ~/Projects/docker/log-test  tree
.
├── app
│   ├── Dockerfile
│   └── src
│       ├── go-app.go
│       └── go.mod
├── docker-compose.yml
└── syslog
    ├── Dockerfile
    └── conf
        └── rsyslog.conf

应用程序/Dockerfile

unmodified

app/src/go-app.go

package main

import (
  "fmt"
  "time"
)

func main() {
  for i := 0; i < 1000; i ++ {
    fmt.Printf("Log Entry #%d\n", i)
    time.Sleep(time.Second * 1)
  }
}

系统日志/Dockerfile

unmodified

syslog/conf/rsyslog.conf

unmodified

docker-compose.yml

cat docker-compose.yml
version: '3.8'
services:
  application:
    build:
      context: ./app
      dockerfile: Dockerfile
    container_name: gopkg
    dns: 1.1.1.1
    logging:
      driver: syslog
      options:
        syslog-address: "udp://host.docker.internal:5514"
        tag: gopkg
    depends_on:
      - syslog-ng

  syslog-ng:
    build:
      context: ./syslog
      dockerfile: Dockerfile
    container_name: syslog-ng
    dns: 1.1.1.1
    ports:
    - "5514:514/udp"

验证：

docker compose up -d
[+] Running 3/3
 ⠿ Network log-test_default  Created                                                                                                                                                                                                                                                                                   0.0s
 ⠿ Container syslog-ng       Started                                                                                                                                                                                                                                                                                   0.5s
 ⠿ Container gopkg           Started

docker compose exec syslog-ng tail /var/log/messages
2021-11-19T05:35:56+00:00 192.168.0.1 gopkg[1452]: Log Entry #47
2021-11-19T05:35:57+00:00 192.168.0.1 gopkg[1452]: Log Entry #48
2021-11-19T05:35:58+00:00 192.168.0.1 gopkg[1452]: Log Entry #49
2021-11-19T05:35:59+00:00 192.168.0.1 gopkg[1452]: Log Entry #50
2021-11-19T05:36:00+00:00 192.168.0.1 gopkg[1452]: Log Entry #51
2021-11-19T05:36:01+00:00 192.168.0.1 gopkg[1452]: Log Entry #52
2021-11-19T05:36:02+00:00 192.168.0.1 gopkg[1452]: Log Entry #53
2021-11-19T05:36:03+00:00 192.168.0.1 gopkg[1452]: Log Entry #54
2021-11-19T05:36:04+00:00 192.168.0.1 gopkg[1452]: Log Entry #55
2021-11-19T05:36:05+00:00 192.168.0.1 gopkg[1452]: Log Entry #56

虽然这可行，但更简单的解决方案是在 go 代码中切换回使用 syslog 日志记录，并将记录器指向另一个容器，而不是通过日志记录驱动程序进行。