安裝graylog:原作地址:https://blog.csdn.net/weixin_41004350/article/details/87253316
公司有數據分析的需求,所有現在將graylog集成到系統中。用 graylog 來收集 和分析日誌。 學習時間較短,只是淺顯的使用了部分功能,記錄 下來 共同進步。
1.安裝 jdk -1.8 詳見《centos7.2 安裝 JDK-1.8》
2.安裝 mangodb
$ vim /etc/yum.repos.d/mongodb-org-3.6.repo
----------------------------------------------------------------
[mongodb-org-4.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc
# 安裝
$ yum install -y mongodb-org
# 啓動
$ systemctl enable mongod
$ systemctl start mongod
3. 安裝 elasticsearch
$ rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
# graylog3.0 使用的elasticsearch不低於5.6.13版本,我這裏用的最新版6.x
$ vim /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
# 安裝
$ yum install elasticsearch
# 修改配置,設置JAVA_HOME
vim /etc/sysconfig/elasticsearch
----------------------------------------------------------------
JAVA_HOME=/usr/local/jdk1.8.0_191 # 填上自己的java_home路徑
----------------------------------------------------------------
# 啓動
$ systemctl enable elasticsearch
$ systemctl start elasticsearch
4.安裝Groylog
-
$ rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-3.0-repository_latest.rpm
-
$ yum install graylog-server -y
-
# 修改配置, password_secret和root_password_sha2是必須的,不設置則無法啓動,設置方法如下:
-
# 修改配置
vim /etc/graylog/server/server.conf
---------------------------------------------------------------------------------
# passworde_secret可以通過命令:pwgen -N 1 -s 96 來隨機生成,下面就是我隨機生成的
password_secret = 6Z06fZHU2DwuOf9X8fhnvphCd3OM7oqwLECRRcejvjpieSvVtwu08yHYHIKDi56bAxRvtCOZ3xKKiBqyt00XYCgVa0oETB0L
# admin用戶密碼生成命令:echo -n yourpassword | sha256sum
# 生成後,請記住你的 YourPassword
root_password_sha2 = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
# admin用戶郵箱
root_email = "[email protected]"
# 時區
root_timezone = Asia/Shanghai
# elasticsearch 相關配置
elasticsearch_hosts = http://127.0.0.1:9200
elasticsearch_shards =1
elasticsearch_replicas = 0
# mongodb 連接配置,這裏直接本機起的mongodb,沒有設置驗證
mongodb_uri = mongodb://localhost/graylog
# 電子郵件smtp,設置爲自己的郵箱smtp服務
transport_email_enabled = true
transport_email_hostname = smtp.exmail.qq.com
transport_email_port = 465
transport_email_use_auth = true
transport_email_use_tls = false
transport_email_use_ssl = true
transport_email_auth_username = [email protected]
transport_email_auth_password = 123456
transport_email_subject_prefix = [graylog]
transport_email_from_email = [email protected]
transport_email_web_interface_url = http://graylog.example.com
# 網絡訪問相關,重要,graylog3比2.x版本簡潔了很多網絡配置,只需配置http_bind_address即可。
http_bind_address = 0.0.0.0:9000
# 配置外網地址,我這裏用了域名+nginx做反向代理,所以外網地址如下。沒有的話就直接就用外網ip+port,如:http://外網ip:9000/
http_publish_uri = http://graylog.example.com/
# http_external_uri = http://graylog.example.com/ 單節點的話,此配置不需要配置,默認使用http_publish_uri
---------------------------------------------------------------------------------
# 啓動需要手動設置Java路徑
vim /etc/sysconfig/graylog-server
---------------------------------------------------------------------------------
JAVA=/usr/local/jdk1.8.0_191/bin/java
---------------------------------------------------------------------------------
# 啓動服務
$ systemctl enable graylog-server
$ systemctl start graylog-server
———————————————— -
訪問: 按照上面配置,直接配置成外網ip地址,那麼直接訪問 http://外網ip:9000,就可以進入web登陸頁面