1、安装Centos7
自行安装操作系统。
Centos7升级内核:
[root@localhost ~]# rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
[root@localhost ~]# rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
查看目前最新内核版本情况:
[root@localhost ~]# yum --disablerepo=“*” --enablerepo=“elrepo-kernel” list available
升级请先查询下安装的Centos7是不是最新内核,是最新的以下步骤就不用操作:
[root@localhost ~]# uname -r
安装最新内核:
[root@localhost ~]# yum --enablerepo=elrepo-kernel install kernel-ml
查看内核启动顺序:
[root@localhost ~]# awk -F’ ‘$1=="menuentry " {print i++ " : " $2}’ /etc/grub2.cfg
设置启动最新内核:
[root@localhost ~]# grub2-set-default 0
重启系统:
[root@localhost ~]# reboot
验证一下是否为最新内核:
[root@localhost ~]# uname -r
更新系统:
[root@localhost ~]# yum update -y
2、安装JAVA环境
安装java-1.8:
[root@localhost ~]# yum install java-1.8.0-openjdk-headless.x86_64 -y
验证版本:
[root@localhost ~]# java -version
3、安装数据库MONGODB
新增数据库MONGODB源:
[root@localhost ~]# vi /etc/yum.repos.d/mongodb-org.repo
把以下数据粘贴到/etc/yum.repos.d/mongodb-org.repo文件中:
[mongodb-org-4.2]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.2.asc
输入命令核对:
[root@localhost ~]# cat /etc/yum.repos.d/mongodb-org.repo
安装数据库MongoDB:
[root@localhost ~]# yum install mongodb-org -y
启动数据库并加入开机启动:
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl enable mongod.service
[root@localhost ~]# systemctl start mongod.service
查看是否启动成功:
[root@localhost ~]# systemctl --type=service --state=active | grep mongod
4、安装ELASTICSEARCH
[root@localhost ~]# rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
新增数据源:
[root@localhost ~]# vi /etc/yum.repos.d/elasticsearch.repo
把以下数据粘贴到/etc/yum.repos.d/elasticsearch.repo文件中:
[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/oss-7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
输入命令核对:
[root@localhost ~]# cat /etc/yum.repos.d/elasticsearch.repo
安装elasticsearch:
[root@localhost ~]# yum install elasticsearch-oss -y
修改配置:
sudo tee -a /etc/elasticsearch/elasticsearch.yml > /dev/null <<EOT
cluster.name: graylog
action.auto_create_index: false
EOT
配置开机启动:
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl enable elasticsearch.service
[root@localhost ~]# systemctl restart elasticsearch.service
查看启动是否成功:
[root@localhost ~]# systemctl --type=service --state=active | grep elasticsearch
5、安装graylog
[root@localhost ~]# rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-4.2-repository_latest.rpm
[root@localhost ~]# yum install graylog-server -y
安装依赖:
[root@localhost ~]# yum install epel-release -y
安装pwgen:
[root@localhost ~]# yum install pwgen -y
生成password_secret秘钥:
[root@localhost ~]# pwgen -N 1 -s 512
每人的秘钥都不相同,仅供参考
tLdAuIOWjpytOINtHUKjNhI3V6NUjE8XeiktcaUOOO1SXl4JrFwflBvsrCzoqTqdeAjYpioj5stGv70wE13Nmkyu9qtOi6gI3qJ0P3Ebpsh4MmtJbbB1iSDd5Q9Agq7DxsZUlvghLq5r2Sn6jdzvOIHeRVLQgOme9jmStDRGSZvSZE3JMDUuAcEGfANNbGadDT5jnekplGPEcGY3vCkzv3jmW0Ap4PJxIDffiRPmImyJorWlMZbHZPMufay58huFraiwi0dlS4MBfozxfbGgxvpW2H0UflpGKbjt63ZUOumMICD8NyGvo7omBRusIfRpy5xFGcGGhRtMiv6qsXhu0UlqjE2fjZul1XwYBLg8nnqQaIebA2USZoN6cmCAYri47MNXginKGAwW75XOXqma1rHQvvqfa2e9HlhMzl7J2KAzX4DQlL9Z41rhqpmXON1KGty5qxqaA9VGtMlSJNK0NySfKQzmUSOdSrUxObcWcCq1cI2NOGK5YoOh8amhhfvq
生成root_password_sha2秘钥(graylog网站登录密码):
[root@localhost ~]# echo -n “Enter Password: " && head -1 </dev/stdin | tr -d ‘\n’ | sha256sum | cut -d” " -f1
Enter Password: Admin@123
每人的秘钥都不相同,仅供参考
e86f78a8a3caf0b60d8e74e5942aa6d86dc150cd3c03338aef25b7d2d7e3acc7
修改graylog配置文件:
[root@localhost ~]# vi /etc/graylog/server/server.conf
修改访问策略:
修改为任何主机可以访问:
http_bind_address = 0.0.0.0:9000
主机地址为服务器ip:
根据自己服务器IP配置,以下为参考
http_publish_uri = http://172.16.1.40:9000/
修改password_secret:
password_secret = tLdAuIOWjpytOINtHUKjNhI3V6NUjE8XeiktcaUOOO1SXl4JrFwflBvsrCzoqTqdeAjYpioj5stGv70wE13Nmkyu9qtOi6gI3qJ0P3Ebpsh4MmtJbbB1iSDd5Q9Agq7DxsZUlvghLq5r2Sn6jdzvOIHeRVLQgOme9jmStDRGSZvSZE3JMDUuAcEGfANNbGadDT5jnekplGPEcGY3vCkzv3jmW0Ap4PJxIDffiRPmImyJorWlMZbHZPMufay58huFraiwi0dlS4MBfozxfbGgxvpW2H0UflpGKbjt63ZUOumMICD8NyGvo7omBRusIfRpy5xFGcGGhRtMiv6qsXhu0UlqjE2fjZul1XwYBLg8nnqQaIebA2USZoN6cmCAYri47MNXginKGAwW75XOXqma1rHQvvqfa2e9HlhMzl7J2KAzX4DQlL9Z41rhqpmXON1KGty5qxqaA9VGtMlSJNK0NySfKQzmUSOdSrUxObcWcCq1cI2NOGK5YoOh8amhhfvq
修改root_password_sha2:
root_password_sha2 = e86f78a8a3caf0b60d8e74e5942aa6d86dc150cd3c03338aef25b7d2d7e3acc7
修改时区root_timezone:
root_timezone = Asia/Shanghai
关闭Selinux:
[root@localhost ~]# setenforce 0
[root@localhost ~]# vi /etc/selinux/config
修改SELINUX=enforcing,为SELINUX=disabled,如图所示:
启动graylog并设置为开机启动:
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl enable graylog-server.service
[root@localhost ~]# systemctl start graylog-server.service
查看是否启动成功:
[root@localhost ~]# systemctl --type=service --state=active | grep graylog
6、防火墙配置
开放graylog网站的9000端口
[root@localhost ~]# firewall-cmd --zone=public --add-port=9000/tcp --permanent
[root@localhost ~]# firewall-cmd --reload
Centos7系统做内部端口转换:
因为某些原因,不允许使用udp512端口,所以做一个地址转换,修改为1512端口。
[root@localhost ~]# vi /etc/firewalld/zones/public.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="ssh"/>
<service name="dhcpv6-client"/>
<forward-port to-port="1514" protocol="udp" port="514"/>
<port protocol="tcp" port="9000"/>
</zone>
验证一下:
[root@localhost ~]# firewall-cmd --reload
[root@localhost ~]# cat /etc/firewalld/zones/public.xml
[root@localhost ~]# firewall-cmd --list-all
7、graylog采集日志
浏览器输入http://172.16.1.40:9000/打开网站:
输入账号:admin
输入密码:Admin@123
教程密码在配置root_password_sha2时,设置的Admin@123
登录成功后,看图操作:
8、华为交换机配置
[SW]info-center loghost 172.16.1.40
[SW]interface Vlanif200
[SW-Vlanif200] ip address 172.16.1.254 255.255.255.0
然后就可以看到日志了:
9、下期内容
graylog的详细操作教程,可实现的效果如下图所示: