Graylog 安装

环境

操作系统:Centos 7.6.1810(Core)
IP: 10.17.0.3

[root@localhost ~]# cat /etc/redhat-release 
 CentOS Linux release 7.6.1810 (Core)

修改时区

[root@localhost ~]# mv /etc/localtime /etc/localtime.bak
[root@localhost ~]# cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

安装jdk

[root@localhost ~]#yum install java-1.8.0-openjdk-headless.x86_64

安装pwgen

[root@localhost ~] yum install pwgen

安装mongodb

[root@localhost ~]# vim /etc/yum.repos.d/mongodb-org.repo
[mongodb-org-4.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc
[root@localhost ~]#yum install mongodb-org
[root@localhost ~]#systemctl daemon-reload
[root@localhost ~]#systemctl enable mongod.service
[root@localhost ~]#systemctl start mongod.service

安装Elasticsearch

[root@localhost ~]# vim /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/oss-6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
[root@localhost ~]# yum install elasticsearch-oss
[root@localhost ~]# vim /etc/elasticsearch/elasticsearch.yml 
cluster.name: graylog
action.auto_create_index: false  //其他保持默认即可
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]#systemctl enable elasticsearch.service
[root@localhost ~]#systemctl start elasticsearch.service

安装Graylog

[root@localhost ~]#rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-3.0-        repository_latest.rpm
[root@localhost ~]#yum install graylog-server
[root@localhost ~]# pwgen -N 1 -s 96   //设置password_secret
CFLVuFcTyGI9peEJZ2HNyXyu66KyUQkEPZPwR1fxgFla13uvrNwObTrcSWEvo4Lr3Coaj13ynmzRXNYZgvKMODvWD26JMUet
[root@localhost ~]# echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1  //设置root_passwd_sha
Enter Password: ××××  //输入密码,该密码为web登录的密码
 88ffde508d4b842f60b83571499cbf2c94bf3b3e2417151d85bbb6b8733b9647
//配置Graylog
[root@localhost ~]# vim /etc/graylog/server/server.conf
//第55行
password_secret = CFLVuFcTyGI9peEJZ2HNyXyu66KyUQkEPZPwR1fxgFla13uvrNwObTrcSW    Evo4Lr3Coaj13ynmzRXNYZgvKMODvWD26JMUet
//第66行
root_password_sha2 = 88ffde508d4b842f60b83571499cbf2c94bf3b3e2417151d85bbb6b    8733b9647
//第74行 时区
root_timezone = Asia/Shanghai
//第103行
http_bind_address = 10.17.0.3:9000
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl enable graylog-server 
Created symlink from /etc/systemd/system/multi-user.target.wants/graylog-server.service to /usr/lib/systemd/system/graylog-server.service.
[root@localhost ~]# systemctl start graylog-server

配置防火墙

[root@localhost ~]# firewall-cmd --add-port=9000/tcp --permanent
success
//因为1000以下端口在linux中为特权端口,不能直接使用,而514又是网络设备日志的syslog的默认端口,所以这里做下转发
[root@localhost ~]# firewall-cmd --add-forward-port=port=514:proto=tcp:toport=1514 --permanent
success  
[root@localhost ~]# firewall-cmd --add-forward-port=port=514:proto=udp:toport=1514 --permanent
success
[root@localhost ~]# firewall-cmd --reload
success

至此,已经安装完毕,登录http://ip:9000即可访问,账号admin

posted @ 2019-07-09 15:54  leafgood  阅读(1228)  评论(0编辑  收藏  举报