Centos7 YUM 安装 Graylog
惯例
什么是 Graylog?
Graylog 是与 ELK 可以相提并论的一款集中式日志管理方案,支持数据收集、检索、可视化 Dashboard
Graylog 架构
Graylog 负责接收来自各种设备和应用的日志,并为用户提供 Web 访问接口。
Elasticsearch 用于索引和保存 Graylog 接收到的日志。
MongoDB 负责保存 Graylog 自身的配置信息。
开始部署
安装 Openjdk
[root@dev-of-runfa-33 ~]# yum -y install java-1.8.0-openjdk-headless.x86_64
安装 Mongodb
[root@dev-of-runfa-33 ~]# vim /etc/yum.repos.d/mongodb-org.repo
[mongodb-org-4.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc
[root@dev-of-runfa-33 ~]# yum -y install mongodb-org
[root@dev-of-runfa-33 ~]# systemctl start mongod.service
[root@dev-of-runfa-33 ~]# systemctl enable mongod.service
[root@dev-of-runfa-33 ~]# systemctl status mongod.service
● mongod.service - MongoDB Database Server
Loaded: loaded (/usr/lib/systemd/system/mongod.service; enabled; vendor preset: disabled)
Active: active (running) since 三 2019-06-26 14:59:02 CST; 10s ago
Docs: https://docs.mongodb.org/manual
Main PID: 6551 (mongod)
CGroup: /system.slice/mongod.service
└─6551 /usr/bin/mongod -f /etc/mongod.conf
6月 26 14:59:00 dev-of-runfa-33 systemd[1]: Starting MongoDB Database Server...
6月 26 14:59:00 dev-of-runfa-33 mongod[6548]: about to fork child process, waiting until server is ready for connections.
6月 26 14:59:00 dev-of-runfa-33 mongod[6548]: forked process: 6551
6月 26 14:59:02 dev-of-runfa-33 systemd[1]: Started MongoDB Database Server.
安装 Elasticsearch
[root@dev-of-runfa-33 ~]# rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
[root@dev-of-runfa-33 ~]# vim /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/oss-6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
[root@dev-of-runfa-33 ~]# yum -y install elasticsearch-oss
[root@dev-of-runfa-33 ~]# vim /etc/elasticsearch/elasticsearch.yml
cluster.name: graylog
action.auto_create_index: false
[root@dev-of-runfa-33 ~]# systemctl start elasticsearch.service
[root@dev-of-runfa-33 ~]# systemctl enable elasticsearch.service
[root@dev-of-runfa-33 ~]# systemctl status elasticsearch.service
● elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
Active: active (running) since 三 2019-06-26 15:12:56 CST; 1s ago
Docs: http://www.elastic.co
Main PID: 7038 (java)
Tasks: 14
Memory: 1.0G
CGroup: /system.slice/elasticsearch.service
└─7038 /bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Des.networkaddress.cache.ttl=60 -Des.networkaddress...
6月 26 15:12:56 dev-of-runfa-33 systemd[1]: Started Elasticsearch.
安装 Graylog
[root@dev-of-runfa-33 ~]# rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-3.0-repository_latest.rpm
获取https://packages.graylog2.org/repo/packages/graylog-3.0-repository_latest.rpm
准备中... ################################# [100%]
正在升级/安装...
1:graylog-3.0-repository-1-6 ################################# [100%]
[root@dev-of-runfa-33 ~]# yum -y install graylog-server
[root@dev-of-runfa-33 ~]# yum -y install epel-release
[root@dev-of-runfa-33 ~]# yum -y install pwgen
[root@dev-of-runfa-33 ~]# pwgen -N 1 -s 96
pbWIN1WhL2ykoKnnnQzbZlKQbipI0IkFpUcV5gWPYZm79MFXdeKsJDjWKViBQxjA8CSAu2GIcmKJiQoPFWi6cWraMQuK2rpA
[root@dev-of-runfa-33 ~]# echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
Enter Password: itsupport.0
3830cd9a249f1f69bdd57c783d12fc569a3e11f2bd2418fa406dcb76a5215e1a
[root@dev-of-runfa-33 ~]# vim /etc/graylog/server/server.conf
password_secret = pbWIN1WhL2ykoKnnnQzbZlKQbipI0IkFpUcV5gWPYZm79MFXdeKsJDjWKViBQxjA8CSAu2GIcmKJiQoPFWi6cWraMQuK2rpA
root_username = admin
root_password_sha2 = 3830cd9a249f1f69bdd57c783d12fc569a3e11f2bd2418fa406dcb76a5215e1a
root_timezone = Asia/Shanghai
http_bind_address = 127.0.0.1:9000
http_publish_uri = http://10.18.193.33:9000/
http_enable_cors = true
http_enable_gzip = true
http_enable_tls = false
elasticsearch_hosts = http://127.0.0.1:9200
[root@dev-of-runfa-33 ~]# systemctl enable graylog-server.service
[root@dev-of-runfa-33 ~]# systemctl start graylog-server.service
[root@dev-of-runfa-33 ~]# systemctl status graylog-server.service
● graylog-server.service - Graylog server
Loaded: loaded (/usr/lib/systemd/system/graylog-server.service; enabled; vendor preset: disabled)
Active: active (running) since 三 2019-06-26 16:15:30 CST; 4s ago
Docs: http://docs.graylog.org/
Main PID: 25822 (graylog-server)
Tasks: 15
Memory: 93.0M
CGroup: /system.slice/graylog-server.service
├─25822 /bin/sh /usr/share/graylog-server/bin/graylog-server
└─25823 /usr/bin/java -Xms1g -Xmx1g -XX:NewRatio=1 -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-O...
6月 26 16:15:30 dev-of-runfa-33 systemd[1]: Started Graylog server.
使用 nginx 做反向代理
[root@dev-of-runfa-33 ~]# yum -y install nginx
[root@dev-of-runfa-33 ~]# echo '' > /etc/nginx/nginx.conf
[root@dev-of-runfa-33 ~]# vim /etc/nginx/nginx.conf
user nobody;
worker_processes 4;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
client_max_body_size 100m;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
sendfile on;
keepalive_timeout 65;
gzip on;
gzip_min_length 256;
gzip_buffers 16 8k;
gzip_comp_level 6;
gzip_vary on;
gzip_types
text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml
text/javascript application/javascript application/x-javascript
text/x-json application/json application/x-web-app-manifest+json
text/css text/plain text/x-component
font/opentype application/x-font-ttf application/vnd.ms-fontobject
image/x-icon;
include /etc/nginx/conf.d/*.conf;
}
[root@dev-of-runfa-33 ~]# vim /etc/nginx/conf.d/www.conf
server
{
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name 10.18.193.33;
location /graylog/
{
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL http://$server_name/graylog/;
rewrite ^/graylog/(.*)$ /$1 break;
proxy_pass http://127.0.0.1:9000;
}
}
[root@dev-of-runfa-33 ~]# systemctl enable nginx.service
[root@dev-of-runfa-33 ~]# systemctl start nginx.service
[root@dev-of-runfa-33 ~]# systemctl status nginx.service
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: active (running) since 三 2019-06-26 16:24:20 CST; 7s ago
Process: 26335 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
Process: 26332 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
Process: 26330 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
Main PID: 26337 (nginx)
Tasks: 5
Memory: 3.3M
CGroup: /system.slice/nginx.service
├─26337 nginx: master process /usr/sbin/nginx
├─26338 nginx: worker process
├─26339 nginx: worker process
├─26340 nginx: worker process
└─26341 nginx: worker process
6月 26 16:24:20 dev-of-runfa-33 systemd[1]: Starting The nginx HTTP and reverse proxy server...
6月 26 16:24:20 dev-of-runfa-33 nginx[26332]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
6月 26 16:24:20 dev-of-runfa-33 nginx[26332]: nginx: configuration file /etc/nginx/nginx.conf test is successful
6月 26 16:24:20 dev-of-runfa-33 systemd[1]: Started The nginx HTTP and reverse proxy server.
测试
主页:http://10.18.193.33/graylog/
REST API 地址:http://10.18.193.33/graylog/api/
本文链接:
/archives/graylog_01
版权声明:
本站所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来自
Linux 小白鼠!
觉得文章不错,打赏一点吧,1分也是爱~
打赏
微信
支付宝
微信
支付宝