graylog

1.准备环境，安装mongodb

yum install epel-release -y
yum install pwgen -y
yum -y install java
vim /etc/profile

# JAVA配置
JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk
export JRE_HOME=${JAVA_HOME}/jre
export CLASSPATH=.:${JAVA_HOME}/lib:${JRE_HOME}/lib
export PATH=${JAVA_HOME}/bin:$PATH

source /etc/profile

java -version
which java

vim /etc/yum.repos.d/mongodb-org-3.6.repo

---

[mongodb-org-4.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc

　　

---

2.安装elasticsearch

yum install -y mongodb-org
systemctl enable mongod
systemctl start mongod
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

vim /etc/yum.repos.d/elasticsearch.repo

---

[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

　　

yum install elasticsearch
# 修改配置，设置JAVA_HOME
vim /etc/sysconfig/elasticsearch
----------------------------------------------------------------

# 填上自己的java_home路径,可以用which java获得路径

JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk   

# 启动elasticsearch
systemctl enable elasticsearch 
systemctl start elasticsearch

 

3.安装Groylog

rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-3.0-repository_latest.rpm
yum install graylog-server -y

修改配置， password_secret和root_password_sha2是必须的，不设置则无法启动，设置方法如下：

pwgen -N 1 -s 96
# passworde_secret可以通过命令：pwgen -N 1 -s 96 来随机生成
echo -n admin | sha256sum
# admin用户密码生成命令：echo -n admin | sha256sum
# 生成后，请记住你的 YourPassword
vim /etc/graylog/server/server.conf

 

修改/etc/graylog/server/server.conf配置如下

password_secret = 6Z06fZHU2DwuOf9X8fhnvphCd3OM7oqwLECRRcejvjpieSvVtwu08yHYHIKDi56bAxRvtCOZ3xKKiBqyt00XYCgVa0oETB0L
root_password_sha2 = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

# admin用户邮箱(可以不写)

root_email = "root@example.com"

# 时区（要写）
root_timezone = Asia/Shanghai

# elasticsearch 相关配置

elasticsearch_hosts = http://127.0.0.1:9200
elasticsearch_shards =1 
elasticsearch_replicas = 0

# mongodb 连接配置，这里直接本机起的mongodb，没有设置验证

mongodb_uri = mongodb://localhost/graylog

# 电子邮件smtp,设置为自己的邮箱smtp服务（这段可以不写）

transport_email_enabled = true
transport_email_hostname = smtp.exmail.qq.com
transport_email_port = 465
transport_email_use_auth = true
transport_email_use_tls = false
transport_email_use_ssl = true
transport_email_auth_username = root@example.com
transport_email_auth_password = 123456
transport_email_subject_prefix = [graylog]
transport_email_from_email = root@example.com
transport_email_web_interface_url = http://graylog.example.com

# 网络访问相关，重要，graylog3比2.x版本简洁了很多网络配置，只需配置http_bind_address即可。

http_bind_address = 0.0.0.0:9000

# 配置外网地址，我这里用了域名+nginx做反向代理，所以外网地址如下。没有的话就直接就用外网ip+port，如：http://外网ip:9000/

http_publish_uri = http://graylog.example.com/

# http_external_uri = http://graylog.example.com/ 单节点的话，此配置不需要配置，默认使用http_publish_uri

 

---------------------------------------------------------------------------------

# 启动需要手动设置Java路径

vim /etc/sysconfig/graylog-server
---------------------------------------------------------------------------------

JAVA=/usr/local/jdk1.8.0_191/bin/java
---------------------------------------------------------------------------------

# 启动服务

$ systemctl enable graylog-server
$ systemctl start graylog-server

 

---

参考文件：https://blog.csdn.net/weixin_41004350/article/details/87253316 

附言：本文相对于参考文件来说，整理了一下格式，只做了前半部分自己需要的地方。参考文件中有关于如何安装jdk环境的，测试了一下，直接下载没有影响到后面，当然可能是因为我只做前半部分。