安装Graylog(非docker版)

  1. yum安装(方法一)
  • 安装yum仓库
    rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-4.2-repository_latest.rpm
  • 安装Graylog
    yum install graylog-server graylog-enterprise-plugins graylog-integrations-plugins graylog-enterprise-integrations-plugins -y
  1. tar安装(方法二)

  • 下载tar包

    wget https://downloads.graylog.org/releases/graylog/graylog-4.3.3.tgz

  • 解压tar

    tar -xvzf graylog-4.3.3.tgz

  • 移动到usr目录

    mv graylog-4.3.3 /usr/local/graylog

  • 生成配置文件
    cd /usr/local/graylog

    cp graylog.conf.example /etc/graylog/server/server.conf

  • 安装pwgen

    yum install epel-release
yum install pwgen -y

修改配置文件

  • 生成服务密码
    echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1image.png
  • 修改默认密码
    复制刚刚生成的密码并替换配置文件中的密码
    vim /etc/graylog/server/server.conf
    root_password_sha2 = ab198809a34f7c04fe2f01d08ba6bd83887147c6912e6f4124f92654c1eadcf5
  • 修改默认用户名
    root_username = demo

  • 生成token
    pwgen -N 1 -s 96

    image.png

  • 修改token

    password_secret = ejdOgrGv986ZuEBw80gdFDKCp2HFl4LUO8ChlLttRyg1Z7rYJFoAbncJQdTS04e4gFHhiQqO7DxjnZVHEqhl544v80URjjVv

  • 设置elasticsearch地址

    elasticsearch_hosts = http://192.168.3.27:9200

  • 设置MongoDB地址

    mongodb_uri = mongodb://192.168.3.27:27017/graylog

  • 设置外部访问以及监听地址

    http_external_uri = http://192.168.3.27:9000/
http_publish_uri = http://192.168.3.27:9000/
http_bind_address = 0.0.0.0:9000

  • 设置时区

    root_timezone = Asia/Shanghai

## 启动服务

1.针对方法一:

* 重载systemd
  `systemctl daemon-reload`
* 启动并设置开机自启

systemctl start graylog-server
systemctl enable graylog-server


* web访问
  
  `http://192.168.3.27:9000`
* 端口放行
  
  `firewall-cmd --permanent --zone=public --add-port=9000/tcp --permanent`

2. 针对方法二:
   * 修改rc.local文件
     `vim /etc/rc.d/rc.local`
   * 注释
     `#touch /var/lock/subsys/local`
   * 新增
     `/usr/local/graylog/bin/graylogctl start`
   * 提权
     `chmod +x /etc/rc.d/rc.local`

---

## 安装Graylog (docker版)

* 创建文件夹
  `mkdir graylog`
* 编写docker-compose.yml文件

cd graylog
vim docker-compose.yml


文件内容:

version: '3'
services:

  # Graylog: https://hub.docker.com/r/graylog/graylog/
  graylog:
    image: graylog/graylog:4.2
    environment:
      # CHANGE ME (must be at least 16 characters)!
      - GRAYLOG_PASSWORD_SECRET=somepasswordpepper
      # Password:
      - GRAYLOG_ROOT_PASSWORD_SHA2=ab198809a34f7c04fe2f01d08ba6bd83887147c6912e6f4124f92654c1eadcf5
      - GRAYLOG_HTTP_EXTERNAL_URI=http://192.168.3.27:9000/
      - GRAYLOG_ROOT_USERNAME=admin
      - GRAYLOG_ELASTICSEARCH_HOSTS=http://192.168.3.27:9200
      - GRAYLOG_MONGODB_URI=mongodb://192.168.3.27:27017/graylog
    entrypoint: /usr/bin/tini -- wait-for-it elasticsearch:9200 --  /docker-entrypoint.sh
    networks:
      - graylog
    restart: always
    ports:
      # Graylog web interface and REST API
      - 9000:9000
      # Syslog TCP
      - 1514:1514
      # Syslog UDP
      - 1514:1514/udp
      # GELF TCP
      - 12201:12201
      # GELF UDP
      - 12201:12201/udp

networks:

  graylog:
    driver: bridge

关于docker和docker-compose的安装在之前的文章有介绍。
* 启动docker

`docker-compose up -d`
最后修改:2023 年 06 月 13 日
© 允许规范转载
如果觉得我的文章对你有用,请随意赞赏