Centos7 安装Graylog(三)安装Graylog

yaoyue 最后更新于 23 小时前 4 次阅读 717 字

AI 摘要

"深入探索Centos7下Graylog的安装奥秘,非Docker与Docker版本全解析,一步一脚印,打造你的日志分析利器。"

安装Graylog(非docker版)

  1. yum安装(方法一)
  • 安装yum仓库
    <code>rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-4.2-repository_latest.rpm</code>
  • 安装Graylog
    <code>yum install graylog-server graylog-enterprise-plugins graylog-integrations-plugins graylog-enterprise-integrations-plugins -y</code>
  1. tar安装(方法二)

  • 下载tar包

    <code>wget https://downloads.graylog.org/releases/graylog/graylog-4.3.3.tgz</code>

  • 解压tar

    <code>tar -xvzf graylog-4.3.3.tgz</code>

  • 移动到usr目录

    <code>mv graylog-4.3.3 /usr/local/graylog</code>

  • 生成配置文件
    <code>cd /usr/local/graylog</code>

    <code>cp graylog.conf.example /etc/graylog/server/server.conf</code>

  • 安装pwgen

    yum install epel-release
yum install pwgen -y

修改配置文件

  • 生成服务密码
    <code> echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1</code>image.png
  • 修改默认密码
    复制刚刚生成的密码并替换配置文件中的密码
    <code>vim /etc/graylog/server/server.conf</code>
    <code>root_password_sha2 = ab198809a34f7c04fe2f01d08ba6bd83887147c6912e6f4124f92654c1eadcf5</code>
  • 修改默认用户名
    <code>root_username = demo</code>

  • 生成token
    <code>pwgen -N 1 -s 96</code>

    image.png

  • 修改token

    <code>password_secret = ejdOgrGv986ZuEBw80gdFDKCp2HFl4LUO8ChlLttRyg1Z7rYJFoAbncJQdTS04e4gFHhiQqO7DxjnZVHEqhl544v80URjjVv</code>

  • 设置elasticsearch地址

    <code>elasticsearch_hosts = http://192.168.3.27:9200</code>

  • 设置MongoDB地址

    <code>mongodb_uri = mongodb://192.168.3.27:27017/graylog</code>

  • 设置外部访问以及监听地址

    http_external_uri = http://192.168.3.27:9000/
http_publish_uri = http://192.168.3.27:9000/
http_bind_address = 0.0.0.0:9000

  • 设置时区

    <code>root_timezone = Asia/Shanghai</code>

## 启动服务

1.针对方法一:

* 重载systemd
  &#x60;systemctl daemon-reload&#x60;
* 启动并设置开机自启

  &#x60;&#x60;&#x60;shell
  systemctl start graylog-server
  systemctl enable graylog-server

  • web访问

    <code>http://192.168.3.27:9000</code>

  • 端口放行

    <code>firewall-cmd --permanent --zone=public --add-port=9000/tcp --permanent</code>

  1. 针对方法二:
    • 修改rc.local文件
      <code>vim /etc/rc.d/rc.local</code>
    • 注释
      <code>#touch /var/lock/subsys/local</code>
    • 新增
      <code>/usr/local/graylog/bin/graylogctl start</code>
    • 提权
      <code>chmod +x /etc/rc.d/rc.local</code>

安装Graylog (docker版)

  • 创建文件夹
    <code>mkdir graylog</code>

  • 编写docker-compose.yml文件

    cd graylog
vim docker-compose.yml

    文件内容:

    version: '3'
services:
  # Graylog: https://hub.docker.com/r/graylog/graylog/
  graylog:
    image: graylog/graylog:4.2
    environment:
      # CHANGE ME (must be at least 16 characters)!
      - GRAYLOG_PASSWORD_SECRET=somepasswordpepper
      # Password:
      - GRAYLOG_ROOT_PASSWORD_SHA2=ab198809a34f7c04fe2f01d08ba6bd83887147c6912e6f4124f92654c1eadcf5
      - GRAYLOG_HTTP_EXTERNAL_URI=http://192.168.3.27:9000/
      - GRAYLOG_ROOT_USERNAME=admin
      - GRAYLOG_ELASTICSEARCH_HOSTS=http://192.168.3.27:9200
      - GRAYLOG_MONGODB_URI=mongodb://192.168.3.27:27017/graylog
    entrypoint: /usr/bin/tini -- wait-for-it elasticsearch:9200 --  /docker-entrypoint.sh
    networks:
      - graylog
    restart: always
    ports:
      # Graylog web interface and REST API
      - 9000:9000
      # Syslog TCP
      - 1514:1514
      # Syslog UDP
      - 1514:1514/udp
      # GELF TCP
      - 12201:12201
      # GELF UDP
      - 12201:12201/udp
networks:
  graylog:
    driver: bridge

    关于docker和docker-compose的安装在之前的文章有介绍。

  • 启动docker

    <code>docker-compose up -d</code>