新版graylog2安装过程
Graylog是一个开源的 log 收容器,背后的储存是搭配 mongodb,而搜寻引擎则由 elasticsearch 提供。以前版本主要有两个部分集合而成 server 与 web interface,网上搜到的教程也大都如此,而且安装过程似乎都很复杂似的,新版的graylog已经将二部分合二为一了,安装过程非常简单,而且方便集群的部署和维护。以下是安装过程,系统是centos。
#yum -y install java-1.8.0-openjdk-headless.x86_64
=============disable selinux and firewall=============
#systemctl stop firewalld.service
#systemctl disable firewalld.service
# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: disabled
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
#setenforce 0
#vim /etc/sysconfig/selinux
SELINUX=disable
========================================= install MongoDB===================
# vi /etc/yum.repos.d/mongodb-org-3.2.repo
[mongodb-org-3.2]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.2.asc
# yum -y install mongodb-org
#sudo chkconfig --add mongod
#sudo systemctl daemon-reload
#sudo systemctl enable mongod.service
#sudo systemctl start mongod.service
===================================Install Elasticsearch ===========================================
# rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch
# vi /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-2.x]
name=Elasticsearch repository for 2.x packages
baseurl=https://packages.elastic.co/elasticsearch/2.x/centos
gpgcheck=1
gpgkey=https://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1
# yum -y install elasticsearch
# vi /etc/elasticsearch/elasticsearch.yml
cluster.name: graylog2
#chkconfig --add elasticsearch
#systemctl daemon-reload
#systemctl enable elasticsearch.service
#systemctl restart elasticsearch.service
# curl -X GET http://localhost:9200
{
"status" : 200,
"name" : "Silver Fox",
"cluster_name" : "graylog2"
},
"tagline" : "You Know, for Search"
}
========================================== install graylog2 =============================
#rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-2.0-repository_latest.rpm
#yum install graylog-server
# vi /etc/graylog/server/server.conf
password_secret = 0b4e7a0e5fe84ad35fb5f95b9ceeac790b4e7a0e5fe84ad35fb5f95b9ceeac79 //123456
root_password_sha2 =ed02457b5c41d964dbd2f2a609d63fe1bb7528dbe55e1abf5b52c249cd735797 //aaaaaa
web_listen_uri = http://0.0.0.0:9000/
rest_listen_uri = http://0.0.0.0:12900/
rest_transport_uri = http://192.168.1.135:12900/
elasticsearch_shards = 1
elasticsearch_replicas = 0
mongodb_useauth = false
#sudo chkconfig --add graylog-server
#systemctl daemon-reload
#systemctl enable graylog-server.service
#systemctl start graylog-server.service
========================================test==================================================
[root@graylog test]# netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN 2246/mongod
tcp 0 0 0.0.0.0:28010 0.0.0.0:* LISTEN 7595/./mongod
tcp 0 0 0.0.0.0:28011 0.0.0.0:* LISTEN 9352/./mongod
tcp 0 0 0.0.0.0:28012 0.0.0.0:* LISTEN 9443/./mongod
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 2348/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 993/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 982/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2192/master
tcp6 0 0 :::9000 :::* LISTEN 1010/java
tcp6 0 0 :::1514 :::* LISTEN 1010/java
tcp6 0 0 :::12202 :::* LISTEN 1010/java
tcp6 0 0 :::22222 :::* LISTEN 1010/java
tcp6 0 0 127.0.0.1:9200 :::* LISTEN 1013/java
tcp6 0 0 ::1:9200 :::* LISTEN 1013/java
tcp6 0 0 127.0.0.1:9300 :::* LISTEN 1013/java
tcp6 0 0 ::1:9300 :::* LISTEN 1013/java
tcp6 0 0 :::22 :::* LISTEN 993/sshd
tcp6 0 0 ::1:631 :::* LISTEN 982/cupsd
tcp6 0 0 ::1:25 :::* LISTEN 2192/master
tcp6 0 0 :::12900 :::* LISTEN 1010/java
tcp6 0 0 127.0.0.1:9350 :::* LISTEN 1010/java
tcp6 0 0 ::1:9350 :::* LISTEN 1010/java
tcp6 0 0 :::11111 :::* LISTEN 1010/java
[root@graylog test]#