轻量级日志统一收集工具GrayLog安装配置详解

官网安装:

安装:

  服务端安装:http://docs.graylog.org/en/2.3/pages/installation/os/centos.html

   客户端安装:http://docs.graylog.org/en/2.3/pages/collector_sidecar.html#centos

参考网站:

https://www.linuxidc.com/Linux/2019-05/158735.htm

服务启动:

systemctl start graylog-server 

systemctl start elasticsearch

systemctl start mongod

Graylog是一款优秀的日志收集分析软件,区别于ELK,它更加简洁,高效,部署使用更加简单。官方网址https://www.graylog.org/,安装手册参考http://docs.graylog.org/en/3.0/pages/installation.html

一、安装部署

    graylog采用单机部署,,采用最小化部署,架构如下


组件介绍 

·        Graylog提供 graylog 对外接口 ,Web界面 

·        Elasticsearch 日志文件的持久化存储和检索, 

·        MongoDB 只是存储一些 Graylog 的配置

安装前准备,采用虚拟机,操作系统CentOS7 ,内存4G,硬盘100G,安装之前需要关闭selinux,清空iptables规则和关闭防火墙

setenforce 0

sed -i "s/SELINUX=enforcing/SELINUX=disabled/g"/etc/selinux/config

iptables -F

service iptables save

systemctl disabled firewalld

systemctl stop firewalld

1.1先决条件

以最小的服务器设置为基础将需要这些额外的包:

yum installjava-1.8.0-openjdk-headless.x86_64-y                 #安装java软件包

yum install epel-release  -y                              #安装epel软件仓库

yum install pwgen  -y                                   #安装pwgen生成密

1.2 安装mongodb

首先创建软件仓库文件/etc/yum.repos.d/mongodb-org.repo使用以下内容添加存储库文件

touch /etc/yum.repos.d/mongodb-org.repo

cat /etc/yum.repos.d/mongodb-org.repo

[mongodb-org-4.0] 

name=MongoDB Repository 

baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.0/x86_64/ 

gpgcheck=1 

enabled=1 

gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc

配置完成后,可以通过yum安装最新版本的MongoDB   

yum install mongodb-org -y

然后配置MongoDB作为服务开机启动:

systemctl enable mongod.service

systemctl start mongod.service

1.3安装Elasticsearch

    首先安装Elastic GPG密钥,然后添加包含以下内容的存储库文件中,graylog3.0采用的是elasticsearch6.x版本

rpm --importhttps://artifacts.elastic.co/GPG-KEY-elasticsearch

touch/etc/yum.repos.d/elasticsearch.repo

cat << EOF>/etc/yum.repos.d/elasticsearch.repo

[elasticsearch-6.x]

name=Elasticsearch repository for 6.xpackages

baseurl=https://artifacts.elastic.co/packages/oss-6.x/yum

gpgcheck=1

gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch

enabled=1

autorefresh=1

type=rpm-md

EOF

随后安装最新版本。

yum install elasticsearch-oss

修改elasticsearch的配置文件,/etc/elasticsearch/elasticsearch.yml,将cluster.name修改为graylog,然后在配置文件中最后一样添加  action.auto_create_index: false

vim /etc/elasticsearch/elasticsearch.yml

16后行修改cluster.name


最后一行添加action.auto_create_index: false


修改配置后,可以启动Elasticsearch

systemctl enable elasticsearch.service

systemctl restart elasticsearch.service

1.4安装graylog

现在使用以下命令安装Graylog存储库配置和Graylog本身:

rpm -Uvhhttps://packages.graylog2.org/repo/packages/graylog-3.0-repository_latest.rpm

yum install graylog-server

安装完成后,首先需要生成password_secret密码

 pwgen -N 1 -s 96

生成root_password_sha2密码 (Web登录密码)

 echo -n "Enter Password:" && head -1 </dev/stdin | tr -d &apos;\n&apos; |sha256sum | cut -d" " -f1

然后将生成的password_secret密码和root_password_sha2密码字符串,添加到配置文件/etc/graylog/server/server.conf中,分别在55行和66


然后修改web登陆接口,在104行,按照如下配置,默认端口9000,可以修改


##安装Graylog,有rpm包,安装就方便多了,包名称补全按照实际情况做

[root@graylog ~]# yum localinstall graylog-server-4.0.5-1.noarch.rpm

##修改Graylog配置文件

[root@graylog ~]# vi /etc/graylog/server/server.conf

    ## passworde_secret可以通过命令:pwgen -N 1 -s 96 来随机生成,根据实际情况填写

password_secret =6Z06fZHU2DwuOf9X8fhnvphCd3OM7oqwLECRRcejvjpieSvVtwu08yHYHIKDi56bAxRvtCOZ3xKKiBqyt00XYCgVa0oETB0L

    ## admin用户生成密码,请记住你的密码,请根据实际情况填写编码并记录正常不加密的密码,配置文件中填写加密后的字符串(密码生成命令:echo -n 123123 | sha256sum)

root_password_sha2= e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

 ## 时区写现在的就行(亚洲/上海)

root_timezone = Asia/Shanghai

 ## elasticsearch 相关配置

    ## 单机本地配置,则填写本地127地址即可,默认9200端口不改,如果es需要对外,需要填写本地的IP地址

elasticsearch_hosts = http://127.0.0.1:9200

elasticsearch_shards =1

elasticsearch_replicas = 0

    ## mongodb 连接配置,单机本机mongodb,没有设置验证

mongodb_uri = mongodb://localhost/graylog

    ## 电子邮件smtp,设置为自己的邮箱smtp服务,enabled=true为开启邮箱发送功能

transport_email_enabled = true

    ## 开启smtp功能的邮箱,一般都是官方的地址,不同服务商端口号可能不同,示例是网易邮箱,端口465

transport_email_hostname = smtp.163.com

transport_email_port = 465

transport_email_use_auth = true

transport_email_use_tls = false

transport_email_use_ssl = true

## auth_username为发送邮件的邮箱,根据实际情况填写

transport_email_auth_username = 发件人@163.com

## 这个是开启smtp功能后给的验证密码,并不是你本身登录的密码

transport_email_auth_password = FJSLKJSJGFLKSJG

transport_email_subject_prefix = [graylog]

transport_email_from_email = 发件人@163.com

## 配置地址,服务端本机ip+port

http_bind_address = 192.168.3.134:9000

 

##若需要则手动添加java路径,启动没有报错则不要配置,一般都不出错

[root@graylog ~]# vi /etc/sysconfig/graylog-server

JAVA=/usr/bin/java(根据实际情况修改)

 

生效的环境配置文件:

[root@node15053 server]# cat server.conf | grep -vE '^$|^#'

is_master = true

node_id_file = /etc/graylog/server/node-id

password_secret = UOd4Gau3Qx0IDST6IcVqzHctFAs72BYzDSqx82vca5Tp9dXAm3tj8NXxIlw6xNixOgrKogz3ty9JO5l22aFUd1iC5FSkiJU5

root_password_sha2 =a7059e41dc34f32074efda9e100509aa0cd3b1ea8848a8e9a83fccb5958a5fe9

root_timezone = Asia/Shanghai

bin_dir = /usr/share/graylog-server/bin

data_dir = /var/lib/graylog-server

plugin_dir = /usr/share/graylog-server/plugin

http_bind_address = 0.0.0.0:9000

elasticsearch_hosts = http://localhost:9200

rotation_strategy = count

elasticsearch_max_docs_per_index = 20000000

elasticsearch_max_number_of_indices = 20

retention_strategy = delete

elasticsearch_shards = 1

elasticsearch_replicas = 0

elasticsearch_index_prefix = graylog

allow_leading_wildcard_searches = false

allow_highlighting = false

elasticsearch_analyzer = standard

output_batch_size = 500

output_flush_interval = 1

output_fault_count_threshold = 5

output_fault_penalty_seconds = 30

processbuffer_processors = 5

outputbuffer_processors = 3

processor_wait_strategy = blocking

ring_size = 65536

inputbuffer_ring_size = 65536

inputbuffer_processors = 2

inputbuffer_wait_strategy = blocking

message_journal_enabled = true

message_journal_dir = /var/lib/graylog-server/journal

lb_recognition_period_seconds = 3

mongodb_uri = mongodb://localhost/graylog

mongodb_max_connections = 1000

mongodb_threads_allowed_to_block_multiplier = 5

proxied_requests_thread_pool_size = 32


##启动服务

[root@graylog ~]# systemctl enable graylog-server

[root@graylog ~]# systemctl start graylog-server

完成修改后保存,然后启动graylog

添加端口:

firewall-cmd --add-port=9000/tcp--permanent

firewall-cmd --add-port=5044/tcp--permanent

firewall-cmd --reload

 

然后可以使用浏览器登陆 http://ip:9000

默认管理员用户名admin,密码为root_password_sha2配置设定的密码123456


目前graylog没有中文版

分割线
打赏
YWSOS.COM 平台代运维解决方案
 评论
 发表评论
姓   名:

Powered by AKCMS