GrayLog安装
前期准备
系统设置
关闭selinux
设置防火墙规则
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5044 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 9000 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 9200 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 9300 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 9350 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 27017 -j ACCEPT
安装JDK、pwgen
sudo yum install -y java-1.8.0-openjdk-headless.x86_64
sudo yum install -y epel-release
sudo yum install -y pwgen
安装步骤
安装mongodb3.2
添加mongodb源
vi /etc/yum.repos.d/mongodb-org-3.2.repo
[mongodb-org-3.2]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.2.asc
安装
sudo yum install mongodb-org
service mongod start
chkconfig mongod on
安装elasticsearch
添加elasticsearch源、安装
rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch
vi /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-2.x]
name=Elasticsearch repository for 2.x packages
baseurl=https://packages.elastic.co/elasticsearch/2.x/centos
gpgcheck=1
gpgkey=https://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1
sudo yum install elasticsearch
修改配置
vi /etc/elasticsearch/elasticsearch.yml
cluster.name: graylog #集群名
node.name: elasticsearch-node-1 #节点名称
path.data: /var/www/data/elasticsearch #数据存储路径
path.logs: /var/log/elasticsearch #日志文件路径
bootstrap.memory_lock: true #锁定内存,禁止与os交互。禁掉swap
network.host: 127.0.0.1 #监听地址
http.port: 9200 #监听端口
vi /etc/sysconfig/elasticsearch
ES_HEAP_SIZE=16g #设置内存,建议设置系统内存的一半
service elasticsearch start
chkconfig elasticsearch on
安装graylog-server
安装
sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-2.2-repository_latest.rpm
sudo yum install graylog-server
修改配置
pwgen -N 1 -s 96
zzzzzzzzzzzzzzzzzzzzzzzz
echo -n 123456 | sha256sum
xxxxxxxxxxxxxxxxxxxxxxxxxxxx
vi /etc/graylog/server/server.conf
password_secret = zzzzzzzzzzzzzzzzzzzzzzzz
root_password_sha2 = xxxxxxxxxxxxxxxxxxxxxxxxxxxx
rest_listen_uri = http://127.0.0.1:9000/api/ #必须制定本机IP不能用127.0.0.1因为会导致外部无法访问
web_listen_uri = http://127.0.0.1:9000/ #必须制定本机IP不能用127.0.0.1因为会导致外部无法访问
service graylog-server start
chkconfig graylog-server on
安装使用采集端collector-sidecar
CentOS
cd /tmp/
wget https://github.com/Graylog2/collector-sidecar/releases/download/0.1.3/collector-sidecar-0.1.3-1.i386.rpm
rpm -Uvh collector-sidecar-0.1.3-1.i386.rpm
graylog-collector-sidecar -service install
修改配置
server_url: http://x.x.x.x:9000/api/ #graylog-server服务器接口地址
update_interval: 10
tls_skip_verify: false
send_status: true
list_log_files:
node_id: skb_test_1 #客户标识ID
collector_id: file:/etc/graylog/collector-sidecar/collector-id
cache_path: /var/cache/graylog/collector-sidecar
log_path: /var/log/graylog/collector-sidecar
log_rotation_time: 86400
log_max_age: 604800
tags:
- linux #tag 自定义
backends:
# - name: nxlog
# enabled: false
# binary_path: /usr/bin/nxlog
# configuration_path: /etc/graylog/collector-sidecar/generated/nxlog.conf
- name: filebeat
enabled: true
binary_path: /usr/bin/filebeat
configuration_path: /etc/graylog/collector-sidecar/generated/filebeat.yml
centos7
systemctl start collector-sidecar
systemctl enable collector-sidecar
centos6
service collector-sidecar start
chkconfig collector-sidecar on
Windows
安装
启动
"C:\Program Files\graylog\collector-sidecar\graylog-collector-sidecar.exe" -service install
"C:\Program Files\graylog\collector-sidecar\graylog-collector-sidecar.exe" -service start
接受配置
system—collectors—configurations—Create Configuration—
继续添加input、output
centos
【Create Output:】没指出的默认就好
name:自定义
type:beats output
hosts:[‘x.x.x.x:5044’] 保证客户端能连通
【Create Input】没指出的默认就好
name:自定义
Forward to (Required):输出到你新建的output
Type:file input
Path to Logfile:你要监听的日志文件
Type of input file:自定义
【Configuration tags】
输入agent配置的tag、然后update tags
windows
和centos添加一样以外 还要添加WinLogBeats配置