Initial

.gitignore

@@ -0,0 +1,2 @@
+
+.DS_Store

docker-compose.yml

@@ -0,0 +1,31 @@
+version: "3"
+volumes:
+  esdata:
+services:
+  fluentd: 
+    build: ./fluentd
+    links: # Sends incoming logs to the elasticsearch container.
+      - elasticsearch
+    depends_on:
+      - elasticsearch
+    ports: # Exposes the port 24224 on both TCP and UDP protocol for log aggregation
+      - 24224:24224
+      - 24224:24224/udp
+  elasticsearch:
+    image: elasticsearch:7.17.0
+    expose: # Exposes the default port 9200
+      - 9200
+    environment:
+      - discovery.type=single-node # Runs as a single-node
+    volumes: # Stores elasticsearch data locally on the esdata Docker volume
+      - esdata:/usr/share/elasticsearch/data
+  kibana:
+    image: kibana:7.17.0
+    links: # Links kibana service to the elasticsearch container
+      - elasticsearch
+    depends_on:
+      - elasticsearch
+    ports: # Runs kibana service on default port 5601
+      - 5601:5601
+    environment: # Defined host configuration
+      - ELASTICSEARCH_HOSTS=http://elasticsearch:9200

fluentd/Dockerfile

@@ -0,0 +1,24 @@
+# image based on fluentd v1.14-1
+FROM fluentd:v1.14-1
+# Use root account to use apk
+USER root
+# Install the required version of faraday
+RUN gem uninstall -I faraday
+RUN gem install faraday -v 2.8.1
+# Install dependencies and gems
+RUN apk --no-cache --update add \
+    sudo \
+    build-base \
+    ruby-dev \
+  && gem uninstall -I elasticsearch \
+  && gem install elasticsearch -v 7.17.0 \
+  && gem install fluent-plugin-elasticsearch \
+  && gem sources --clear-all \
+  && apk del build-base ruby-dev \
+  && rm -rf /tmp/* /var/tmp/* /usr/lib/ruby/gems/*/cache/*.gem
+# Copy fluentd configuration from host image
+COPY ./conf/fluent.conf /fluentd/etc/
+# Copy binary start file
+COPY entrypoint.sh /bin/
+RUN chmod +x /bin/entrypoint.sh
+USER fluent

fluentd/conf/fluent.conf

@@ -0,0 +1,28 @@
+# bind fluentd on IP 0.0.0.0
+# port 24224
+<source>
+  @type forward
+  port 24224
+  bind 0.0.0.0
+</source>
+# sendlog to the elasticsearch
+# the host must match to the elasticsearch
+# container service
+<match *.**>
+  @type copy
+  <store>
+    @type elasticsearch
+    host elasticsearch
+    port 9200
+    logstash_format true
+    logstash_prefix fluentd
+    logstash_dateformat %Y%m%d
+    include_tag_key true
+    type_name access_log
+    tag_key @log_name
+    flush_interval 20s
+  </store>
+  <store>
+    @type stdout
+  </store>
+</match>

fluentd/entrypoint.sh

@@ -0,0 +1,22 @@
+#!/bin/sh
+# Source vars if file exists
+DEFAULT=/etc/default/fluentd
+if [ -r $DEFAULT ]; then
+    set -o allexport
+    . $DEFAULT
+    set +o allexport
+fi
+# If the user has supplied only arguments, append them to `fluentd` command
+if [ "${1#-}" != "$1" ]; then
+    set -- fluentd "$@"
+fi
+# If the user does not supply a config file or plugins, use the default
+if [ "$1" = "fluentd" ]; then
+    if ! echo $@ | grep -e ' \-c' -e ' \-\-config' ; then
+      set -- "$@" --config /fluentd/etc/${FLUENTD_CONF}
+    fi
+    if ! echo $@ | grep -e ' \-p' -e ' \-\-plugin' ; then
+      set -- "$@" --plugin /fluentd/plugins
+    fi
+fi
+exec "$@"