Docker is essentially meant to run a single process inside container, however one might run across a scenario where it is required to run multiple processes in the same container.
What is Filebeat?
Filebeat (written in Go) is an open source log forwarding solution from Elastic Search. It is based on the lumberjack protocol, has a low memory footprint and can send logs to both Logstash and Elastic Search. A high level view would be, you could specify a log folder, Elastic Search end point and log format and Filebeat would send your logs to Elastic Search.
If you looking for how to configure Filebeat with Elastic Search, I would recommend to follow the Elastic Search documentation.
If you are more keen to learn about Beats offering from Elastic Search, refer to the following link: https://www.elastic.co/products/beats
I was working on creating a docker container for a dot net core service and had to send the logs from the container to Elastic Search and Filebeat seemed to be a good solution. The idea was to keep the dot net core service and Filebeat within the same container so that everything from the dot net service to the log forwarder was self contained. I created a custom Dockerfile to run multiple processes in the same container.
COPY pub/ /app/
I want to run a linux container and hence start with an aspnet core base image and copy the published code from “pub” directory to “app” directory inside the container.
The above port is being exposed from the container.
WORKDIR /usr/local/filebeatRUN curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.2.4-amd64.debRUN
dpkg -i filebeat-6.2.4-amd64.debCOPY filebeat.yml /etc/filebeat/filebeat.yml
I change my work directory, where I am downloading filebeat packages. Once filebeat is installed, I copy over local filebeat file to the default path of filebeat.yml inside the container. My local copy of filebeat has the Elastic Search endpoint and log folder where the dot net service is writing logs.
Multiple process in the same container?
“supervisord” is a process manager which can used to run multiple processes in the same container. It has to be embedded in your Dockerfile and you need to setup the supervisord config file, specifying how you want to run your processes.
RUN apt-get update && apt-get install -y supervisorCOPY supervisord.conf /etc/supervisor/conf.d/supervisord.confENTRYPOINT [“/usr/bin/supervisord”, “-c”, “/etc/supervisor/conf.d/supervisord.conf”]
I install supervisor inside my container and copy over the config file into the default path of supervisord. Finally I am specifying the entry point of my Dockerfile.
The entire Dockerfile can be found here:
Read Below for the supervisord config:
command=/usr/share/filebeat/bin/filebeat -e -c /etc/filebeat/filebeat.yml
childlogdir is the key here, as all processes managed by supervisor, will write their logs in this directory. For each process (defined by ) you need to specify the command to start the process. (Special mention to the github user for this part :))
Now build your docker image and start the container.
As you can see above, the two processes defined in our supervisord config is started with process ids.
And thats it you now have a single container running dot net core service and Filebeat.
Filebeat vs. Logstash - The Evolution of a Log Shipper | Logz.io
Anyone using ELK for logging should be raising an eyebrow right now. How can these two tools even be compared to start…