基于异常检测Docker容器的监控系统研究

Research on Monitoring System of Docker Container Based on Anomaly Detection

Docker容器监控系统在系统运维层面保障容器的安全。为解决当前容器监控系统存在部署过程复杂、异常检测精确度低、资源消耗量大和监控潜在黑洞等问题,采用Prometheus+、Sysdig和Weave scope等组件,构建支持可视化交互的综合型监控系统框架。该系统不仅可以快速准确定位异常来源、易于部署和资源消耗量低,还可以采用多种执行方式。依照监控组件资源使用量和组件执行模式,设计实验并对该系统进行研究。实验结果显示,Prometheus+磁盘故障检出率高并且可以长期存储数据,Sysdig在异常检测的误检率低并且耗费资源少,Weave Scope的异常检出率低,但是它可以同时监控多个容器。实验结果验证了该系统的有效性,其不仅可以全面地实时监控Docker容器内的各个节点,还可以解决多容器联合监控的问题。同时,系统从根本上降低了Docker容器整体的安全风险。

Docker container monitoring system ensures the security of containers at the level of system operation and maintenance.In order to solve the problems of the current container monitoring system,such as complex deployment process,low accuracy of anomaly detection,large resource consumption,and monitoring potential black holes,a comprehensive monitoring system framework supporting visual interaction is constructed by using Prometheus+,Sysdig and Weave scope.This system can not only locate the source of anomaly quickly and accurately,but also can be deployed easily with low resource consumption.According to the monitoring component resource usage and component execution mode,the experiment is designed and the system is studied.The experimental results show that Prometheus+disk exists a high fault detection rate and stores data for a long time.Sysdig has the features both low false detection rate and low resource consumption in anomaly detection.The abnormal detection rate of Weave Scope is even low,but it can monitor multiple containers concurrently.Experimental results verify the effectiveness of the system.Then,it is not only comprehensively monitor each node in Docker container in real time,but also solve the problem of joint monitoring of multiple containers.At the same time,this system fundamentally reduces the overall security risk of Docker container.