您好,登錄后才能下訂單哦!
1、操作系統安裝CentOS installation------省略
cat /etc/os-release ####配置主機的版本
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
關閉selinux
vim /etc/sysconfig/selinux
SELINUX=disable
2、java、數據庫和Elasticsearch安裝
1. java安裝
$ sudo yum install java-1.8.0-openjdk-headless.x86_64
安裝完后查看java版本
[root@Graylog ~]# java -version
openjdk version "1.8.0_161"
OpenJDK Runtime Environment (build 1.8.0_161-b14)
OpenJDK 64-Bit Server VM (build 25.161-b14, mixed mode)
2. MongoDB安裝
Vi /etc/yum.repos.d/mongodb-org-3.6.repo 進入編輯模式以后,增加以下配置:
[mongodb-org-3.6]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.6/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.6.asc
保存配置,退出以后
yum install -y mongodb-org.
$ sudo chkconfig --add mongod
$ sudo systemctl daemon-reload
$ sudo systemctl enable mongod.service
$ sudo systemctl start mongod.service
3.Elasticsearch
Graylog 2.4.x 必須使用Elasticsearch 5.x,
安裝Elastic GPG key
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
vi /etc/yum.repos.d/elasticsearch.repo ####增加以下配置
[elasticsearch-5.x]
name=Elasticsearch repository for 5.x packages
baseurl=https://artifacts.elastic.co/packages/5.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
yum install elasticsearch ####安裝elasticsearch
vi /etc/elasticsearch/elasticsearch.yml #####進入elasticsearch 配置文件,配置cluster.name,該cluster.name的名稱要和graylog一致
cluster.name: graylog2
$ sudo chkconfig --add elasticsearch
$ sudo systemctl daemon-reload
$ sudo systemctl enable elasticsearch.service
$ sudo systemctl restart elasticsearch.service
Graylog
$ sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-2.4-repository_latest.rpm
$ sudo yum install graylog-server #####安裝graylog-server
pwgen -N 1 -s 96 ################獲取password_secret
echo -n yourpassword | shasum -a 256 ##############獲取root_password_sha2
vi /etc/graylog/server/server.conf
password_secret=uz8DP8HFBJtNtwySQdNxhjlU4PfqSbSKjnRk4MHXlfFdJKfsHmyekzMkkJ7CNoSnUGpGqD8P0euzy41rHsR39yKUZoSX0OAG
root_password_sha2=e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951
?elasticsearch_index_prefix = graylog2? ########和?elasticsearch配置的名稱要一致
web_listen_uri = http://0.0.0.0:9000/
rest_listen_uri = http://0.0.0.0:9000/api/
elasticsearch_shards = 1
elasticsearch_replicas = 0
mongodb_useauth = false
$ sudo chkconfig --add graylog-server
$ sudo systemctl daemon-reload
$ sudo systemctl enable graylog-server.service
$ sudo systemctl start graylog-server.service
4、收集網絡設備
Graylog收集網絡設備日志
Centos7默認運行了rsyslog
vi /etc/rsyslog.conf
$ModLoad imudp ##############將原有的注釋#去掉
$UDPServerRun 514 ##############將原有的注釋#去掉
. @127.0.0.1:1514 轉發給graylog
systemctl restart rsyslog.service ##########重啟rsyslog服務
訪問http:x.x.x.x:9000 用戶名admin 密碼yourpassword
配置input端口為1514,Linux下非root用戶無法使用1024以下端口的解決方法,因此盡量使用1024以上的端口。
1) 創建test的dashboard
2) 搜索關鍵字
3) 保存到dashboard中
4) 打開dashhboards
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。