日志收集工具graylog部署与使用
本例子中演示为单机版部署
1、安装JDK1.8和pwgen
yum install -y java-1.8.0-openjdk-headless.x86_64
yum install -y pwgen //生成密钥会用2、安装MongoDB :
#配置mongo源,阿里云源,官方源太慢
cat > /etc/yum.repos.d/mongodb-org.repo <<EOF
[mongodb-org-4.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc
EOFyum安装mongodb
yum install -y mongodb-org
systemctl daemon-reload
systemctl enable mongod.service
systemctl start mongod.service
systemctl --type=service --state=active | grep mongod3、安装Elasticsearch:
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearchcat > /etc/yum.repos.d/elasticsearch.repo <<EOF
[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/oss-6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF#安装elasticsearch
yum -y install elasticsearch-oss修改Elasticsearch配置文件:
vi /etc/elasticsearch/elasticsearch.yml
#添加如下行
cluster.name: graylog
action.auto_create_index: false#重启elasticsearch
systemctl restart elasticsearch.service4、安装Graylog:
rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-3.2-repository_latest.rpm
yum install graylog-server -y5、修改Graylog相关配置文件:
vim /etc/graylog/server/server.conf使用pwgen生成password_secret密码:
pwgen -N 1 -s 96使用如下命令生成root_password_sha2密码字符串:
#注意:此密码要记住,后续登录页面需要此密码
echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1将生成的password_secret密码和root_password_sha2密码字符串 添加到配置文件并修改如下几项配置:
root_timezone = Asia/Shanghai //admin账号所在的时区
allow_highlighting = true //查询结果高亮,显示黄色
http_bind_address = 0.0.0.0:9000 //http绑定的IP和端口,要设置否则无法打开页面主要涉及几个参数,如图:
接下来启动graylog-server服务并设为开机自启动
systemctl daemon-reload
systemctl enable graylog-server.service
systemctl start graylog-server.service
systemctl --type=service --state=active | grep graylog6、web登录Graylog及使用Graylog :
http://192.168.120.128:3000
#用户名
admin
#密码,上面设置的
