轻量级日志统一收集工具GrayLog安装配置详解官网安装:
安装:
服务端安装:http://docs.graylog.org/en/2.3/pages/installation/os/centos.html
客户端安装:http://docs.graylog.org/en/2.3/pages/collector_sidecar.html#centos
参考网站:
https://www.linuxidc.com/Linux/2019-05/158735.htm
服务启动:
systemctl start graylog-server
systemctl start elasticsearch
systemctl start mongod
Graylog是一款优秀的日志收集分析软件,区别于ELK,它更加简洁,高效,部署使用更加简单。官方网址https://www.graylog.org/,安装手册参考http://docs.graylog.org/en/3.0/pages/installation.html
一、安装部署
graylog采用单机部署,,采用最小化部署,架构如下
组件介绍 :
· Graylog提供 graylog 对外接口 ,Web界面
· Elasticsearch 日志文件的持久化存储和检索,
· MongoDB 只是存储一些 Graylog 的配置
安装前准备,采用虚拟机,操作系统CentOS7 ,内存4G,硬盘100G,安装之前需要关闭selinux,清空iptables规则和关闭防火墙
setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g"/etc/selinux/config
iptables -F
service iptables save
systemctl disabled firewalld
systemctl stop firewalld
1.1先决条件
以最小的服务器设置为基础将需要这些额外的包:
yum installjava-1.8.0-openjdk-headless.x86_64-y #安装java软件包
yum install epel-release -y #安装epel软件仓库
yum install pwgen -y #安装pwgen生成密
1.2 安装mongodb
首先创建软件仓库文件/etc/yum.repos.d/mongodb-org.repo使用以下内容添加存储库文件
touch /etc/yum.repos.d/mongodb-org.repo
cat /etc/yum.repos.d/mongodb-org.repo
[mongodb-org-4.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc
配置完成后,可以通过yum安装最新版本的MongoDB
yum install mongodb-org -y
然后配置MongoDB作为服务开机启动:
systemctl enable mongod.service
systemctl start mongod.service
1.3安装Elasticsearch
首先安装Elastic GPG密钥,然后添加包含以下内容的存储库文件中,graylog3.0采用的是elasticsearch6.x版本
rpm --importhttps://artifacts.elastic.co/GPG-KEY-elasticsearch
touch/etc/yum.repos.d/elasticsearch.repo
cat << EOF>/etc/yum.repos.d/elasticsearch.repo
[elasticsearch-6.x]
name=Elasticsearch repository for 6.xpackages
baseurl=https://artifacts.elastic.co/packages/oss-6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF
随后安装最新版本。
yum install elasticsearch-oss
修改elasticsearch的配置文件,/etc/elasticsearch/elasticsearch.yml,将cluster.name修改为graylog,然后在配置文件中最后一样添加 action.auto_create_index: false
vim /etc/elasticsearch/elasticsearch.yml
在16后行修改cluster.name
最后一行添加action.auto_create_index: false
修改配置后,可以启动Elasticsearch:
systemctl enable elasticsearch.service
systemctl restart elasticsearch.service
1.4安装graylog
现在使用以下命令安装Graylog存储库配置和Graylog本身:
rpm -Uvhhttps://packages.graylog2.org/repo/packages/graylog-3.0-repository_latest.rpm
yum install graylog-server
安装完成后,首先需要生成password_secret密码
pwgen -N 1 -s 96
生成root_password_sha2密码 (Web登录密码)
echo -n "Enter Password:" && head -1 </dev/stdin | tr -d '\n' |sha256sum | cut -d" " -f1
然后将生成的password_secret密码和root_password_sha2密码字符串,添加到配置文件/etc/graylog/server/server.conf中,分别在55行和66行
然后修改web登陆接口,在104行,按照如下配置,默认端口9000,可以修改
##安装Graylog,有rpm包,安装就方便多了,包名称补全按照实际情况做
[root@graylog ~]# yum localinstall graylog-server-4.0.5-1.noarch.rpm
##修改Graylog配置文件
[root@graylog ~]# vi /etc/graylog/server/server.conf
## passworde_secret可以通过命令:pwgen -N 1 -s 96 来随机生成,根据实际情况填写
password_secret =6Z06fZHU2DwuOf9X8fhnvphCd3OM7oqwLECRRcejvjpieSvVtwu08yHYHIKDi56bAxRvtCOZ3xKKiBqyt00XYCgVa0oETB0L
## admin用户生成密码,请记住你的密码,请根据实际情况填写编码并记录正常不加密的密码,配置文件中填写加密后的字符串(密码生成命令:echo -n 123123 | sha256sum)
root_password_sha2= e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
## 时区写现在的就行(亚洲/上海)
root_timezone = Asia/Shanghai
## elasticsearch 相关配置
## 单机本地配置,则填写本地127地址即可,默认9200端口不改,如果es需要对外,需要填写本地的IP地址
elasticsearch_hosts = http://127.0.0.1:9200
elasticsearch_shards =1
elasticsearch_replicas = 0
## mongodb 连接配置,单机本机mongodb,没有设置验证
mongodb_uri = mongodb://localhost/graylog
## 电子邮件smtp,设置为自己的邮箱smtp服务,enabled=true为开启邮箱发送功能
transport_email_enabled = true
## 开启smtp功能的邮箱,一般都是官方的地址,不同服务商端口号可能不同,示例是网易邮箱,端口465
transport_email_hostname = smtp.163.com
transport_email_port = 465
transport_email_use_auth = true
transport_email_use_tls = false
transport_email_use_ssl = true
## auth_username为发送邮件的邮箱,根据实际情况填写
transport_email_auth_username = 发件人@163.com
## 这个是开启smtp功能后给的验证密码,并不是你本身登录的密码
transport_email_auth_password = FJSLKJSJGFLKSJG
transport_email_subject_prefix = [graylog]
transport_email_from_email = 发件人@163.com
## 配置地址,服务端本机ip+port
http_bind_address = 192.168.3.134:9000
##若需要则手动添加java路径,启动没有报错则不要配置,一般都不出错
[root@graylog ~]# vi /etc/sysconfig/graylog-server
JAVA=/usr/bin/java(根据实际情况修改)
生效的环境配置文件:
[root@node15053 server]# cat server.conf | grep -vE '^$|^#'
is_master = true
node_id_file = /etc/graylog/server/node-id
password_secret = UOd4Gau3Qx0IDST6IcVqzHctFAs72BYzDSqx82vca5Tp9dXAm3tj8NXxIlw6xNixOgrKogz3ty9JO5l22aFUd1iC5FSkiJU5
root_password_sha2 =a7059e41dc34f32074efda9e100509aa0cd3b1ea8848a8e9a83fccb5958a5fe9
root_timezone = Asia/Shanghai
bin_dir = /usr/share/graylog-server/bin
data_dir = /var/lib/graylog-server
plugin_dir = /usr/share/graylog-server/plugin
http_bind_address = 0.0.0.0:9000
elasticsearch_hosts = http://localhost:9200
rotation_strategy = count
elasticsearch_max_docs_per_index = 20000000
elasticsearch_max_number_of_indices = 20
retention_strategy = delete
elasticsearch_shards = 1
elasticsearch_replicas = 0
elasticsearch_index_prefix = graylog
allow_leading_wildcard_searches = false
allow_highlighting = false
elasticsearch_analyzer = standard
output_batch_size = 500
output_flush_interval = 1
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30
processbuffer_processors = 5
outputbuffer_processors = 3
processor_wait_strategy = blocking
ring_size = 65536
inputbuffer_ring_size = 65536
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking
message_journal_enabled = true
message_journal_dir = /var/lib/graylog-server/journal
lb_recognition_period_seconds = 3
mongodb_uri = mongodb://localhost/graylog
mongodb_max_connections = 1000
mongodb_threads_allowed_to_block_multiplier = 5
proxied_requests_thread_pool_size = 32
##启动服务
[root@graylog ~]# systemctl enable graylog-server
[root@graylog ~]# systemctl start graylog-server
完成修改后保存,然后启动graylog
添加端口:
firewall-cmd --add-port=9000/tcp--permanent
firewall-cmd --add-port=5044/tcp--permanent
firewall-cmd --reload
然后可以使用浏览器登陆 http://ip:9000
默认管理员用户名admin,密码为root_password_sha2配置设定的密码123456
目前graylog没有中文版
