Graylog 安装
环境
操作系统:Centos 7.6.1810(Core)
IP: 10.17.0.3
[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 7.6.1810 (Core)
修改时区
[root@localhost ~]# mv /etc/localtime /etc/localtime.bak
[root@localhost ~]# cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
安装jdk
[root@localhost ~]#yum install java-1.8.0-openjdk-headless.x86_64
安装pwgen
[root@localhost ~] yum install pwgen
安装mongodb
[root@localhost ~]# vim /etc/yum.repos.d/mongodb-org.repo
[mongodb-org-4.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc
[root@localhost ~]#yum install mongodb-org
[root@localhost ~]#systemctl daemon-reload
[root@localhost ~]#systemctl enable mongod.service
[root@localhost ~]#systemctl start mongod.service
安装Elasticsearch
[root@localhost ~]# vim /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/oss-6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
[root@localhost ~]# yum install elasticsearch-oss
[root@localhost ~]# vim /etc/elasticsearch/elasticsearch.yml
cluster.name: graylog
action.auto_create_index: false //其他保持默认即可
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]#systemctl enable elasticsearch.service
[root@localhost ~]#systemctl start elasticsearch.service
安装Graylog
[root@localhost ~]#rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-3.0- repository_latest.rpm
[root@localhost ~]#yum install graylog-server
[root@localhost ~]# pwgen -N 1 -s 96 //设置password_secret
CFLVuFcTyGI9peEJZ2HNyXyu66KyUQkEPZPwR1fxgFla13uvrNwObTrcSWEvo4Lr3Coaj13ynmzRXNYZgvKMODvWD26JMUet
[root@localhost ~]# echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1 //设置root_passwd_sha
Enter Password: ×××× //输入密码,该密码为web登录的密码
88ffde508d4b842f60b83571499cbf2c94bf3b3e2417151d85bbb6b8733b9647
//配置Graylog
[root@localhost ~]# vim /etc/graylog/server/server.conf
//第55行
password_secret = CFLVuFcTyGI9peEJZ2HNyXyu66KyUQkEPZPwR1fxgFla13uvrNwObTrcSW Evo4Lr3Coaj13ynmzRXNYZgvKMODvWD26JMUet
//第66行
root_password_sha2 = 88ffde508d4b842f60b83571499cbf2c94bf3b3e2417151d85bbb6b 8733b9647
//第74行 时区
root_timezone = Asia/Shanghai
//第103行
http_bind_address = 10.17.0.3:9000
[root@localhost ~]# systemctl daemon-reload
[root@localhost ~]# systemctl enable graylog-server
Created symlink from /etc/systemd/system/multi-user.target.wants/graylog-server.service to /usr/lib/systemd/system/graylog-server.service.
[root@localhost ~]# systemctl start graylog-server
配置防火墙
[root@localhost ~]# firewall-cmd --add-port=9000/tcp --permanent
success
//因为1000以下端口在linux中为特权端口,不能直接使用,而514又是网络设备日志的syslog的默认端口,所以这里做下转发
[root@localhost ~]# firewall-cmd --add-forward-port=port=514:proto=tcp:toport=1514 --permanent
success
[root@localhost ~]# firewall-cmd --add-forward-port=port=514:proto=udp:toport=1514 --permanent
success
[root@localhost ~]# firewall-cmd --reload
success
至此,已经安装完毕,登录http://ip:9000即可访问,账号admin