将原始日志事件流经 Vector 的消息队列,在保证没有元数据丢失的前提下,实现每秒万级日志事件的实时分析与存储优化,将 Caddy 捕获的结构化 HTTP 请求元数据 JSON 日志流导入至 OpenObserve 的日志分析平台,构建具备实时语义分析能力的可观测性数据平面。
services:
vector:
container_name: vector
image: timberio/vector:nightly-2025-07-22-debian
restart: unless-stopped
hostname: vector
volumes:
- $PWD/vector/config:/etc/vector/
- $PWD/vector/data:/var/lib/vector/
- /var/run/docker.sock:/var/run/docker.sock
- /opt/stacks/caddy/log/:/var/log/caddy/
networks:
- default
openobserve:
container_name: openobserve
image: openobserve/openobserve:latest
restart: unless-stopped
hostname: openobserve
ports:
- 5080:5080
networks:
- default
environment:
- ZO_DATA_DIR=/data
- ZO_ROOT_USER_EMAIL=${ROOT_EMAIL}
- ZO_ROOT_USER_PASSWORD=${ROOT_PASSWORD}
volumes:
- openobserve_vol:/data
networks:
default:
name: caddy_default
external: true
volumes:
openobserve_vol:
name: openobserve_data
data_dir: "/var/lib/vector"
sources:
caddy:
# type: docker_logs
# include_containers:
# - "caddy"
type: file
include:
- "/var/log/caddy/abitacc.com.log"
- "/var/log/caddy/blog.abitacc.com.log"
- "/var/log/caddy/doc.abitacc.com.log"
- "/var/log/caddy/dockge.abitacc.com.log"
- "/var/log/caddy/git.abitacc.com.log"
- "/var/log/caddy/passwd.abitacc.com.log"
- "/var/log/caddy/user.abitacc.com.log"
- "/var/log/caddy/wiki.abitacc.com.log"
read_from: end
transforms:
parse:
type: remap
inputs:
- caddy
source: |
. = parse_json!(.message)
extract_fields:
type: remap
inputs:
- parse
source: |
. = {
"ts": .ts,
"client_ip": .request.client_ip,
"proto": .request.proto,
"remote_ip": .request.remote_ip,
"remote_port": .request.remote_port,
"method": .request.method,
"host": .request.host,
"tls_server_name": .request.tls.server_name,
"uri": .request.uri,
"status": .status,
"duration": .duration,
"user_agent": get!(.request.headers, ["User-Agent", 0]),
"from": get!(.request.headers, ["From", 0]),
"referer": get!(.request.headers, ["Referer", 0])
}
if is_null(.tls_server_name) {
del(.tls_server_name)
}
if is_null(.user_agent) {
del(.user_agent)
}
if is_null(.from) {
del(.from)
}
if is_null(.referer) {
del(.referer)
}
sinks:
openobserve:
type: http
inputs:
- extract_fields
uri: "https://logs.abitacc.com/api/default/default/_json"
method: post
auth:
strategy: basic
user: "xxxxx"
password: "xxxxx"
compression: gzip
encoding:
codec: json
timestamp_format: rfc3339
healthcheck:
enabled: false注意:xxxxx替换成自己的用户名和密码
下面以blog.abitacc.com域名为例,其他域名与此类似。
blog.abitacc.com {
reverse_proxy {env.PVE_VM_IP}:7080
log {
output file /var/log/caddy/blog.abitacc.com.log {
roll_size 10MiB
roll_keep 2
}
format json
}
}注意:在全局里面设置log,只输出caddy本身的日志,不会输出各个域名HTTP访问的日志信息