安装graylog:原作地址:https://blog.csdn.net/weixin_41004350/article/details/87253316
公司有数据分析的需求,所有现在将graylog集成到系统中。用 graylog 来收集 和分析日志。 学习时间较短,只是浅显的使用了部分功能,记录 下来 共同进步。
1.安装 jdk -1.8 详见《centos7.2 安装 JDK-1.8》
2.安装 mangodb
$ vim /etc/yum.repos.d/mongodb-org-3.6.repo
----------------------------------------------------------------
[mongodb-org-4.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc
# 安装
$ yum install -y mongodb-org
# 启动
$ systemctl enable mongod
$ systemctl start mongod
3. 安装 elasticsearch
$ rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
# graylog3.0 使用的elasticsearch不低于5.6.13版本,我这里用的最新版6.x
$ vim /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
# 安装
$ yum install elasticsearch
# 修改配置,设置JAVA_HOME
vim /etc/sysconfig/elasticsearch
----------------------------------------------------------------
JAVA_HOME=/usr/local/jdk1.8.0_191 # 填上自己的java_home路径
----------------------------------------------------------------
# 启动
$ systemctl enable elasticsearch
$ systemctl start elasticsearch
4.安装Groylog
-
$ rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-3.0-repository_latest.rpm
-
$ yum install graylog-server -y
-
# 修改配置, password_secret和root_password_sha2是必须的,不设置则无法启动,设置方法如下:
-
# 修改配置
vim /etc/graylog/server/server.conf
---------------------------------------------------------------------------------
# passworde_secret可以通过命令:pwgen -N 1 -s 96 来随机生成,下面就是我随机生成的
password_secret = 6Z06fZHU2DwuOf9X8fhnvphCd3OM7oqwLECRRcejvjpieSvVtwu08yHYHIKDi56bAxRvtCOZ3xKKiBqyt00XYCgVa0oETB0L
# admin用户密码生成命令:echo -n yourpassword | sha256sum
# 生成后,请记住你的 YourPassword
root_password_sha2 = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
# admin用户邮箱
root_email = "root@example.com"
# 时区
root_timezone = Asia/Shanghai
# elasticsearch 相关配置
elasticsearch_hosts = http://127.0.0.1:9200
elasticsearch_shards =1
elasticsearch_replicas = 0
# mongodb 连接配置,这里直接本机起的mongodb,没有设置验证
mongodb_uri = mongodb://localhost/graylog
# 电子邮件smtp,设置为自己的邮箱smtp服务
transport_email_enabled = true
transport_email_hostname = smtp.exmail.qq.com
transport_email_port = 465
transport_email_use_auth = true
transport_email_use_tls = false
transport_email_use_ssl = true
transport_email_auth_username = root@example.com
transport_email_auth_password = 123456
transport_email_subject_prefix = [graylog]
transport_email_from_email = root@example.com
transport_email_web_interface_url = http://graylog.example.com
# 网络访问相关,重要,graylog3比2.x版本简洁了很多网络配置,只需配置http_bind_address即可。
http_bind_address = 0.0.0.0:9000
# 配置外网地址,我这里用了域名+nginx做反向代理,所以外网地址如下。没有的话就直接就用外网ip+port,如:http://外网ip:9000/
http_publish_uri = http://graylog.example.com/
# http_external_uri = http://graylog.example.com/ 单节点的话,此配置不需要配置,默认使用http_publish_uri
---------------------------------------------------------------------------------
# 启动需要手动设置Java路径
vim /etc/sysconfig/graylog-server
---------------------------------------------------------------------------------
JAVA=/usr/local/jdk1.8.0_191/bin/java
---------------------------------------------------------------------------------
# 启动服务
$ systemctl enable graylog-server
$ systemctl start graylog-server
———————————————— -
访问: 按照上面配置,直接配置成外网ip地址,那么直接访问 http://外网ip:9000,就可以进入web登陆页面