一、准备环境
此次部署既要满足测试功能,又要能够对生产环境下的架构有清楚认识,决定先部署一台单节点的最小化 graylog,然后再扩展加入集群。
各组件版本选型分别是:elasticsearch-6.6.2、mongodb-4.0、graylog-3.0.0、openjdk1.8.0_181 等。
二、单节点部署
首先部署单节点最小化 graylog,部署步骤如下:
1.配置可通外网网络或搭建内部最新 yum 源(此处不做详细介绍)
2.关闭 selinux、iptable、firewalld 等防火墙
$ setenforce 0
#将SELINUX=enable修改成SELINUX=disabled,保存退出
$ vim /etc/selinux/config
$ systemctl stop firewalld
$ systemctl disable firewalld
3.系统优化
$ vim /etc/security/limits.conf
#加入以下内容
* soft nofile 655360
* hard nofile 655360
* soft nproc 655360
* hard nproc 655360
* soft memlock unlimited
* hard memlock unlimited
$ vim /etc/sysctl.conf
#加入以下内容
vm.max_map_count = 655360
$ source /etc/sysctl.conf
4.安装 jdk 以及 pwgen(用来生成密码校验码)
$ yum install java-1.8.0-openjdk-headless.x86_64
$ yum install epel-release
$ yum install pwgen
5.安装 mongodb
#新建mongodb的repo文件
$ vim /etc/yum.repos.d/mongodb-org-4.0.repo
#加入以下内容:
[mongodb-org-4.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc
$ yum install mongodb-org
$ systemctl daemon-reload
$ systemctl enable mongod.service
$ systemctl start mongod.service
6.安装 Elasticsearch
$ rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
# 新建Elasticsearch的repo文件
$ vim /etc/yum.repos.d/elasticsearch.repo
# 加入以下内容:
[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/oss-6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
$ yum install elasticsearch-oss
$ vim /etc/elasticsearch/elasticsearch.yml
# 修改elasticsearch配置文件,加入以下内容
cluster.name: graylog
action.auto_create_index: false
$ chkconfig --add elasticsearch
$ systemctl daemon-reload
$ systemctl enable elasticsearch.service
$ systemctl start elasticsearch.service
7.安装 graylog
$ rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-3.0-repository_latest.rpm
$ yum install graylog-server
$ vim /etc/graylog/server/server.conf
# 修改graylog配置文件,将password\_secret和root\_password\_sha2的值填上,password\_secret的值通过<pwgen -N 1 -s 96>命令生成,root\_password\_sha2的值通过< echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1>命令生成,填上后,保存退出。如:
password_secret = ESVfAErGXhpih8FLTncNP3tDAoz4V6Oz25PWdca8r4aqLJJNt8Yl5MRv5EGyJnjBDvUFSBgCaL8Ymm8D3s3Oub0j8Un5Zuvy
root_password_sha2 = fee074307074d18c93ebeb597aed4dfcc87d856864afb2d4216183ccc65687c2
# 修改http\_bind\_address的值,以方便访问
http_bind_address = 0.0.0.0:9000
$ chkconfig --add graylog-server
$ systemctl daemon-reload
$ systemctl enable graylog-server.service
$ systemctl start graylog-server.service
8.测试 graylog
打开浏览器访问 graylog 服务器地址,如:http://localhost:9000
添加 input 测试收集是否正常,system→inputs→select input→Raw/Plaintext TCP→Launch new input,选择 Node,添加 Title,点击 Save 即可。
然后到节点上输入命令:
$ echo "Hello, Just Test!" | nc localhost 5555