はじめに
SyslogのViewerを作るために紆余曲折した以下の記事を手順書の様にまとめたものです。
サーバはUbuntu24.04を利用しています。
システムの構成
SyslogをWebUIで閲覧する仕組みを作ります。
rsyslogで受け取り、fluentdに渡し、lokiに溜め、grafanaで表示します。
各アプリのバージョン
構築時のバージョンです。(2024/12頃)
| アプリケーション | 確認コマンド | バージョン |
|---|---|---|
| rsyslog | rsyslogd -v |
8.2312.0 |
| fluentd | fluentd --version |
1.18.0 |
| grafana | grafana-server -v |
11.4.0 |
| loki | loki --version |
3.3.1 |
| nginx | nginx -version |
1.26.2 |
構築手順
ネットワークカーネルパラメータの最適化
vi/etc/security/limits.conf
root soft nofile 65535 root hard nofile 65535 * soft nofile 65536 * hard nofile 65536
vi /etc/sysctl.conf
net.core.somaxconn = 1024 net.core.netdev_max_backlog = 5000 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 net.ipv4.tcp_wmem = 4096 12582912 16777216 net.ipv4.tcp_rmem = 4096 12582912 16777216 net.ipv4.tcp_max_syn_backlog = 8096 net.ipv4.tcp_slow_start_after_idle = 0 net.ipv4.tcp_tw_reuse = 1 net.ipv4.ip_local_port_range = 10240 65535 # If forward uses port 24224, reserve that port number for use as an ephemeral port. # If another port, e.g., monitor_agent uses port 24220, add a comma-separated list of port numbers. # net.ipv4.ip_local_reserved_ports = 24220,24224 net.ipv4.ip_local_reserved_ports = 24224
vi /etc/sysctl.d/10-link-restrictions.conf
fs.protected_hardlinks = 1 fs.protected_symlinks = 1
fluentd設定
インストール手順
curl -x http://10.24.1.10:8080/ -o fluent-apt-source.deb https://packages.treasuredata.com/lts/5/ubuntu/noble/pool/contrib/f/fluent-lts-apt-source/fluent-lts-apt-source_2023.7.29-1_all.deb apt install -y ./fluent-apt-source.deb apt update -y apt install -y fluent-package
apt update -y apt install g++ make fluent-gem install fluent-plugin-grafana-loki -p http://10.24.1.10:8080/ fluent-gem install fluent-plugin-td -p http://10.24.1.10:8080/ fluent-gem install oj -p http://10.24.1.10:8080/ ln -s /var/lib/gems/3.2.0/gems/fluent-plugin-loki-0.3.0/lib/fluent/plugin/out_loki.rb /etc/fluent/plugin/out_loki.rb ln -s /var/lib/gems/3.2.0/gems/fluent-plugin-td-1.2.0/lib/fluent/plugin/out_tdlog.rb /etc/fluent/plugin/out_tdlog.rb ln -s /var/lib/gems/3.2.0/gems/fluent-plugin-td-1.2.0/lib/fluent/plugin/td_plugin_version.rb /etc/fluent/plugin/td_plugin_version.rb
Configの追加
vi /etc/fluent/fluent.conf
<match syslog.**> @type loki @id syslog_out endpoint_url "http://127.0.0.1:3100" labels {"app":"syslog"} </match> <source> @id syslog_in @type syslog tag "syslog" port 5514 bind "0.0.0.0" <transport tcp> </transport> <parse> message_format rfc5424 </parse> </source>
rsyslog設定
# vi /etc/rsyslog.d/10-client.conf
###### MODULES ###### # provides UDP syslog reception module(load="imudp") input(type="imudp" port="514") ###### TEMPLATE ###### template(name="ClientLog" type="string" string="@@127.0.0.1:5140" ) ###### RULES ###### if ( $fromhost-ip == "10.24.2.30" ) then { *.* action(type="omfile" DynaFile="ClientLog") stop }
Grafana loki設定
インストール前事前準備
apt install -y apt-transport-https software-properties-common wget
GPGキーのインポート
mkdir -p /etc/apt/keyrings/ wget -q -O - https://apt.grafana.com/gpg.key | gpg --dearmor | sudo tee /etc/apt/keyrings/grafana.gpg > /dev/null
安定リリース用のリポジトリを追加
echo "deb [signed-by=/etc/apt/keyrings/grafana.gpg] https://apt.grafana.com stable main" | sudo tee -a /etc/apt/sources.list.d/grafana.list
パッケージリストの更新とインストール
apt update apt install grafana loki promtail
lokiのバグ対応(enabled: trueをコメント化)
vi /etc/loki/config.yml
pattern_ingester:
enabled: true
metric_aggregation:
+ # enabled: true
loki_address: localhost:3100
nginx設定
依存パッケージ
apt update apt install curl gnupg2 ca-certificates lsb-release ubuntu-keyring
GPGキーのインポート
curl -x http://10.24.1.10:8080/ https://nginx.org/keys/nginx_signing.key | gpg --dearmor \ | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/nul
リポジトリの追加と優先設定
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \ http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \ | sudo tee /etc/apt/sources.list.d/nginx.list echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \ | sudo tee /etc/apt/preferences.d/99nginx
インストール
apt update apt install nginx
自己証明書の準備
mkdir /etc/certificate cd /etc/certificate openssl genpkey -out web-server.key -algorithm RSA -pkeyopt rsa_keygen_bits:2048 openssl req -new -key web-server.key -out web-server.csr openssl x509 -in web-server.csr -out web-server.crt -req -signkey web-server.key -days 365
SSL有効化とGrafanaのProxy
vi /etc/nginx/conf.d/ssl.conf
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream grafana {
server localhost:3000;
}
server {
listen 443 ssl;
server_name localhost;
location / {
proxy_set_header Host $host;
proxy_pass http://grafana;
}
# Proxy Grafana Live WebSocket connections.
location /api/live/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_pass http://grafana;
}
ssl_certificate /etc/certificate/web-server.crt;
ssl_certificate_key /etc/certificate/web-server.key;
ssl_session_tickets off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
}
各アプリケーションの自動起動化
systemctl enable rsyslog systemctl enable fluentd systemctl enable grafana-server systemctl enable loki systemctl enable nginx
再起動
reboot now
さいごに
まとめ終わりです。
次回は実際にsyslogを飛ばしてGrafanaでログを閲覧したいと思います。
