Gtaylog 日誌
rule "json message"
when
has_field("json_regex")
then
set_fields(to_map(parse_json(regex_replace(to_string($message.json_regex), to_string($message.message), "$1"))));
set_field("source", $message.Source);
remove_field("Source");
set_field("timestamp", parse_date(to_string($message.Timestamp), "yyyy-MM-dd'T'HH:mm:ssZ"));
remove_field("Timestamp");
end
- 依賴
• OracleJDK/OpenJDK >= 8
• ElasticSearch >= 5.x <= 6.x
• MongoDB >= 2.4 推薦 3.x
- 軟件下載
DEB:https://packages.graylog2.org/repo/packages/graylog-3.2-repository_latest.deb
RPM:https://packages.graylog2.org/repo/packages/graylog-3.2-repository_latest.rpm
yum install -y java-1.8.0-openjdk-headless graylog-server
- Nginx 反向代理
# /etc/nginx/sites-enabled/graylog
——————————————————————————————————————————————————————————————
server {
listen 80;
server_name graylog.example.com;
# 使用頂級 location
location / {
proxy_pass http://192.168.10:9000;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 瀏覽器優先使用 X-Graylog-Server-URL 頭部作爲公網API地址
proxy_set_header X-Graylog-Server-URL http://$server_name/;
}
# 使用二級 location
location /graylog/ {
proxy_pass http://192.168.10:9000;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 瀏覽器優先使用 X-Graylog-Server-URL 頭部作爲公網API地址
proxy_set_header X-Graylog-Server-URL http://$server_name/graylog/;
rewrite ^/graylog/(.*)$ /$1 break;
}
}
——————————————————————————————————————————————————————————————
# /etc/graylog/server/server.conf
——————————————————————————————————————————————————————————————
trusted_proxies = 192.168.70.1, 10.0.0.0/24
——————————————————————————————————————————————————————————————
- collector-sidecar
Sidecar version Graylog server version
0.0.9 2.1.x
0.1.x 2.2.x,2.3.x,2.4.x
1.x.x 3.x.x
sudo rpm -i collector-sidecar-0.1.6-1.x86_64.rpm
sudo graylog-collector-sidecar -service install
sudo systemctl start collector-sidecar
# 下載 nxlog:https://nxlog.org/products/nxlog-community-edition/download
$ sudo chkconfig --del nxlog
$ sudo gpasswd -a nxlog root
$ sudo chown -R nxlog.nxlog /var/spool/collector-sidecar/nxlog
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.