graylog安装
官网:http://docs.graylog.org/en/2.4/pages/installation/os/centos.html
Prerequisites
Taking a minimal server setup as base will need this additional packages:
$ sudo yum install java-1.8.0-openjdk-headless.x86_64
If you want to use pwgen
later on you need to Setup EPEL on your system with sudo yum install epel-release
and install the package with sudo yum install pwgen
.
MongoDB
Installing MongoDB on CentOS should follow the tutorial for RHEL and CentOS from the MongoDB documentation. First add the repository file /etc/yum.repos.d/mongodb-org-3.6.repo
with the following contents:
[mongodb-org-3.6]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.6/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.6.asc
After that, install the latest release of MongoDB with sudo yum install -y mongodb-org
.
Additionally, run these last steps to start MongoDB during the operating system’s boot and start it right away:
$ sudo chkconfig --add mongod
$ sudo systemctl daemon-reload
$ sudo systemctl enable mongod.service
$ sudo systemctl start mongod.service
查看是否启动成功:
查找/var/log/mongodb/mongod.log 的末尾是否为: [initandlisten] waiting for connections on port <port>
Elasticsearch
Graylog 2.4.x should be used with Elasticsearch 5.x, please follow the installation instructions from the Elasticsearch installation guide.
First install the Elastic GPG key with rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
then add the repository file /etc/yum.repos.d/elasticsearch.repo
with the following contents:
[elasticsearch-5.x]
name=Elasticsearch repository for 5.x packages
baseurl=https://artifacts.elastic.co/packages/5.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
followed by the installation of the latest release with sudo yum install elasticsearch
.
Make sure to modify the Elasticsearch configuration file (/etc/elasticsearch/elasticsearch.yml
) and set the cluster name to graylog
additionally you need to uncomment (remove the # as first character) the line:
cluster.name: graylog
After you have modified the configuration, you can start Elasticsearch:
$ sudo chkconfig --add elasticsearch
$ sudo systemctl daemon-reload
$ sudo systemctl enable elasticsearch.service
$ sudo systemctl restart elasticsearch.service
Graylog
Now install the Graylog repository configuration and Graylog itself with the following commands:
$ sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-2.4-repository_latest.rpm
$ sudo yum install graylog-server
Follow the instructions in your /etc/graylog/server/server.conf
and add password_secret
and root_password_sha2
. These settings are mandatory and without them, Graylog will not start!
password_secret
的长度不得小于16个字符,可以使用 命令: pwgen -N 1 -s 96 生成其值
You need to use the following command to create your root_password_sha2
:
echo -n yourpassword | sha256sum
To be able to connect to Graylog you should set rest_listen_uri
and web_listen_uri
to the public host name or a public IP address of the machine you can connect to. More information about these settings can be found in Configuring the web interface.
Note
If you’re operating a single-node setup and would like to use HTTPS for the Graylog web interface and the Graylog REST API, it’s possible to use NGINX or Apache as a reverse proxy.
The last step is to enable Graylog during the operating system’s startup:
$ sudo chkconfig --add graylog-server
$ sudo systemctl daemon-reload
$ sudo systemctl enable graylog-server.service
$ sudo systemctl start graylog-server.service
SELinux information
Hint
We assume that you have policycoreutils-python
installed to manage SELinux.
If you’re using SELinux on your system, you need to take care of the following settings:
-
Allow the web server to access the network:
sudo setsebool -P httpd_can_network_connect 1
- If the policy above does not comply with your security policy, you can also allow access to each port individually:
-
- Graylog REST API and web interface:
sudo semanage port -a -t http_port_t -p tcp 9000
- Elasticsearch (only if the HTTP API is being used):
sudo semanage port -a -t http_port_t -p tcp 9200
- Graylog REST API and web interface:
-
Allow using MongoDB’s default port (27017/tcp):
sudo semanage port -a -t mongod_port_t -p tcp 27017
If you run a single server environment with NGINX or Apache proxy, enabling the Graylog REST API is enough. All other rules are only required in a multi-node setup. Having SELinux disabled during installation and enabling it later, requires you to manually check the policies for MongoDB, Elasticsearch and Graylog.
访问地址:http://192.168.43.200:9000
用户名密码:admin/123456