是否可以配置我的 fail2ban jail.conf 来检查 docker 日志而不是将日志挂载到主机中。例如将日志路径设置为容器的日志路径。
jail .conf:
...
#example
[nginx-http-auth]
enabled = true
filter = nginx-http-auth
port = http,https
logpath = /var/lib/docker/containers/819564257d4*/*e0923e-json.log
...
但这并没有多大作用,因为 docker logs 命令和日志文件之间有一点区别:
# docker logs @nginx_container_name
2016/03/23 12:39:52 [error] 6#6: *350 upstream prematurely closed connection while reading response header from upstream, client: @ATTACKER_IP, server: @MY_DNS, request: "GET /Blog/wp-login.php HTTP/1.1", upstream: "http://172.17.0.3:8001/Blog/wp-login.php", host: "@MY_IP:80" @ATTACKER_IP - - [23/Mar/2016:12:39:52 +0000] "GET /Blog/wp-login.php HTTP/1.1" 502 173 "-" "Python-urllib/2.7"
# cat /var/lib/docker/containers/819564257d4*/*e0923e-json.log
{"log":"2016/03/23 12:39:52 [error] 6#6: *350 upstream prematurely closed connection while reading response header from upstream, client: @ATTACKER_IP, server: @MY_DNS, request: \"GET /Blog/wp-login.php HTTP/1.1\", upstream: \"http://172.17.0.3:8001/Blog/wp-login.php\", host: \"@MY_IP:80\"\n","stream":"stdout","time":"2016-03-23T12:39:52.219982304Z"} {"log":"@ATTACKER_IP - - [23/Mar/2016:12:39:52 +0000] \"GET /Blog/wp-login.php HTTP/1.1\" 502 173 \"-\" \"Python-urllib/2.7\"\n","stream":"stdout","time":"2016-03-23T12:39:52.421767592Z"}
我正在将日志文件安装到主机中,我知道这很愚蠢,所以我的问题是:
docker nginx 容器
我的主机的日志?
谢谢 !
最佳答案
您可以配置一个容器将日志发送到 syslog,参见 https://docs.docker.com/engine/admin/logging/overview/
关于logging - 如何让fail2ban读取json docker日志,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/36180792/