Graylog是一个开源的日志聚合、分析、审计、展现和预警工具。功能上和ELK类似,但又比ELK要简单,依靠着更加简洁,高效,部署使用简单的优势很快受到许多人的青睐
安装部署:
单机部署,最小化部署
从图上可以看到该服务包括Elasticsearch,MongoDB,Graylog三部分
▲ Graylog 提供 graylog 对外接口 ,Web界面,CPU
▲ Elasticsearch 日志文件的持久化存储和检索, IO
▲ MongoDB 只是存储一些 Graylog 的配置
前提
Some modern Linux distribution (Debian Linux, Ubuntu Linux, or CentOS recommended) [CentOS release 6.8 (Final)] Elasticsearch 2.3.5 or later [elasticsearch-5.6.9] MongoDB 2.4 or later (latest stable version is recommended) [graylog-2.4.4] Oracle Java SE 8 (OpenJDK 8 also works; latest stable update is recommended) [ mongodb-linux-x86_64-rhel62-3.6.5]
安装之前需要先关闭selinux,清空iptables规则和关闭防火墙
setforce 0 sed -i"s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config iptables -F service iptables save systemctl disabled firewalld systemctl stop firewalld
1)安装依赖包
yum install java-1.8.0-openjdk-headless.x86_64 #安装java软件包 yum install epel-release #安装epel软件仓库 yum install pwgen #安装pwgen生成密码
2)安装MongoDB
touch /etc/yum.repos.d/mongodb-org.repo cat << EOF >/etc/yum.repos.d/mongodb-org.repo [mongodb-org-4.0] name=MongoDB Repository baseurl=https://repo.mongodb.org/yum/RedHat/$releasever/mongodb-org/4.0/x86_64/ gpgcheck=1 enabled=1 gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc EOF
配置完成之后,进行安装
yum install mongodb-org
配置作为服务开机启动
chkconfig --add mongod systemctl daemon-reload sudo systemctl enable mongod.service systemctl start mongod.service
3)安装Elasticsearch
a)首先安装Elastic GPG密钥,然后添加包含以下内容的存储库文件中,graylog3.0采用的是elasticsearch6.x版本
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch touch /etc/yum.repos.d/elasticsearch.repo cat << EOF >/etc/yum.repos.d/elasticsearch.repo [elasticsearch-6.x] name=Elasticsearch repository for 6.x packages baseurl=https://artifacts.elastic.co/packages/oss-6.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md EOF
b)安装Elasticsearch
yum install elasticsearch-oss
c)修改配置文件
vim /etc/elasticsearch/elasticsearch.yml 1)在16行修改cluster.name改为graylog 2)最后一行添加action.auto_create_index: false
d)修改配置后, 启动服务
chkconfig --add elasticsearch systemctl daemon-reload systemctl enable elasticsearch.service systemctl restart elasticsearch.service
4.安装Graylog
a)现在使用以下命令安装Graylog存储库配置和Graylog本身:
rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-3.0-repository_latest.rpm yum install graylog-serve
b)安装完成后,首先生成password_secret密码
pwgen -N 1 -s 96
c)生成root_password_sha2密码 (后续Web登录时所需要使用的密码)
echo -n"Enter Password: " && head -1 </dev/stdin | tr -d ‘\n‘ | sha256sum | cut -d" " -f1
d)然后将生成的password_secret密码和root_password_sha2密码字符串,添加到配置文件/etc/graylog/server/server.conf中,分别在55行和66行
e)然后修改web登陆接口,在104行,按照如下配置,默认端口9000,可以修改
f)修改外部访问地址http_publish_uri,否则他会默认使用内网访问, 导致静态资源文件无法正常加载
g)完成修改后保存,然后启动graylog
chkconfig --add graylog-server systemctl daemon-reload systemctl enable graylog-server.service systemctl start graylog-server.service
然后可以使用浏览器登陆 http://ip:9000
默认管理员用户名:admin
密码:root_password_sha2配置设定的密码