Centos7 YUM 安装 Graylog

惯例

什么是 Graylog?
Graylog 是与 ELK 可以相提并论的一款集中式日志管理方案,支持数据收集、检索、可视化 Dashboard


Graylog 架构

Graylog 负责接收来自各种设备和应用的日志,并为用户提供 Web 访问接口。
Elasticsearch 用于索引和保存 Graylog 接收到的日志。
MongoDB 负责保存 Graylog 自身的配置信息。

10923-r2mn9b35cze.png


开始部署

安装 Openjdk

[[email protected] ~]# yum -y install java-1.8.0-openjdk-headless.x86_64

安装 Mongodb

[[email protected]f-runfa-33 ~]# vim /etc/yum.repos.d/mongodb-org.repo
[mongodb-org-4.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc
[[email protected] ~]# yum -y install mongodb-org
[[email protected] ~]# systemctl start mongod.service 
[[email protected] ~]# systemctl enable mongod.service 
[[email protected] ~]# systemctl status mongod.service 
● mongod.service - MongoDB Database Server
   Loaded: loaded (/usr/lib/systemd/system/mongod.service; enabled; vendor preset: disabled)
   Active: active (running) since 三 2019-06-26 14:59:02 CST; 10s ago
     Docs: https://docs.mongodb.org/manual
 Main PID: 6551 (mongod)
   CGroup: /system.slice/mongod.service
           └─6551 /usr/bin/mongod -f /etc/mongod.conf

6月 26 14:59:00 dev-of-runfa-33 systemd[1]: Starting MongoDB Database Server...
6月 26 14:59:00 dev-of-runfa-33 mongod[6548]: about to fork child process, waiting until server is ready for connections.
6月 26 14:59:00 dev-of-runfa-33 mongod[6548]: forked process: 6551
6月 26 14:59:02 dev-of-runfa-33 systemd[1]: Started MongoDB Database Server.

安装 Elasticsearch

[[email protected] ~]# rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
[[email protected] ~]# vim /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/oss-6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
[[email protected] ~]# yum -y install elasticsearch-oss
[[email protected] ~]# vim /etc/elasticsearch/elasticsearch.yml
cluster.name: graylog
action.auto_create_index: false
[[email protected] ~]# systemctl start elasticsearch.service
[[email protected] ~]# systemctl enable elasticsearch.service
[[email protected] ~]# systemctl status elasticsearch.service
● elasticsearch.service - Elasticsearch
   Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
   Active: active (running) since 三 2019-06-26 15:12:56 CST; 1s ago
     Docs: http://www.elastic.co
 Main PID: 7038 (java)
    Tasks: 14
   Memory: 1.0G
   CGroup: /system.slice/elasticsearch.service
           └─7038 /bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Des.networkaddress.cache.ttl=60 -Des.networkaddress...

6月 26 15:12:56 dev-of-runfa-33 systemd[1]: Started Elasticsearch.

安装 Graylog

[[email protected] ~]# rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-3.0-repository_latest.rpm
获取https://packages.graylog2.org/repo/packages/graylog-3.0-repository_latest.rpm
准备中...                          ################################# [100%]
正在升级/安装...
   1:graylog-3.0-repository-1-6       ################################# [100%]
[[email protected] ~]# yum -y install graylog-server
[[email protected] ~]# yum -y install epel-release
[[email protected] ~]# yum -y install pwgen
[[email protected] ~]# pwgen -N 1 -s 96
pbWIN1WhL2ykoKnnnQzbZlKQbipI0IkFpUcV5gWPYZm79MFXdeKsJDjWKViBQxjA8CSAu2GIcmKJiQoPFWi6cWraMQuK2rpA
[[email protected] ~]# echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
Enter Password: itsupport.0
3830cd9a249f1f69bdd57c783d12fc569a3e11f2bd2418fa406dcb76a5215e1a
[[email protected] ~]# vim /etc/graylog/server/server.conf
password_secret = pbWIN1WhL2ykoKnnnQzbZlKQbipI0IkFpUcV5gWPYZm79MFXdeKsJDjWKViBQxjA8CSAu2GIcmKJiQoPFWi6cWraMQuK2rpA
root_username = admin
root_password_sha2 = 3830cd9a249f1f69bdd57c783d12fc569a3e11f2bd2418fa406dcb76a5215e1a
root_timezone = Asia/Shanghai
http_bind_address = 127.0.0.1:9000
http_publish_uri = http://10.18.193.33:9000/
http_enable_cors = true
http_enable_gzip = true
http_enable_tls = false
elasticsearch_hosts = http://127.0.0.1:9200
[[email protected] ~]# systemctl enable graylog-server.service
[[email protected] ~]# systemctl start graylog-server.service
[[email protected] ~]# systemctl status graylog-server.service
● graylog-server.service - Graylog server
   Loaded: loaded (/usr/lib/systemd/system/graylog-server.service; enabled; vendor preset: disabled)
   Active: active (running) since 三 2019-06-26 16:15:30 CST; 4s ago
     Docs: http://docs.graylog.org/
 Main PID: 25822 (graylog-server)
    Tasks: 15
   Memory: 93.0M
   CGroup: /system.slice/graylog-server.service
           ├─25822 /bin/sh /usr/share/graylog-server/bin/graylog-server
           └─25823 /usr/bin/java -Xms1g -Xmx1g -XX:NewRatio=1 -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-O...

6月 26 16:15:30 dev-of-runfa-33 systemd[1]: Started Graylog server.

使用 nginx 做反向代理

[[email protected] ~]# yum -y install nginx
[[email protected] ~]# echo '' > /etc/nginx/nginx.conf
[[email protected] ~]# vim /etc/nginx/nginx.conf
user nobody;
worker_processes 4;
events {
    worker_connections  1024;
}
http {
    include mime.types;
    default_type application/octet-stream;
    client_max_body_size 100m;
    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';
    sendfile on;
    keepalive_timeout 65;
    gzip  on;
    gzip_min_length 256;
    gzip_buffers 16 8k;
    gzip_comp_level 6;
    gzip_vary on;
    gzip_types
        text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml
        text/javascript application/javascript application/x-javascript
        text/x-json application/json application/x-web-app-manifest+json
        text/css text/plain text/x-component
        font/opentype application/x-font-ttf application/vnd.ms-fontobject
        image/x-icon;
    include /etc/nginx/conf.d/*.conf;
}
[[email protected] ~]# vim /etc/nginx/conf.d/www.conf
server
{
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;
    server_name 10.18.193.33;

    location /graylog/
    {
      proxy_set_header Host $http_host;
      proxy_set_header X-Forwarded-Host $host;
      proxy_set_header X-Forwarded-Server $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Graylog-Server-URL http://$server_name/graylog/;
      rewrite ^/graylog/(.*)$ /$1 break;
      proxy_pass http://127.0.0.1:9000;
    }
}
[[email protected] ~]# systemctl enable nginx.service 
[[email protected] ~]# systemctl start nginx.service 
[[email protected] ~]# systemctl status nginx.service 
● nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Active: active (running) since 三 2019-06-26 16:24:20 CST; 7s ago
  Process: 26335 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
  Process: 26332 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
  Process: 26330 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
 Main PID: 26337 (nginx)
    Tasks: 5
   Memory: 3.3M
   CGroup: /system.slice/nginx.service
           ├─26337 nginx: master process /usr/sbin/nginx
           ├─26338 nginx: worker process
           ├─26339 nginx: worker process
           ├─26340 nginx: worker process
           └─26341 nginx: worker process

6月 26 16:24:20 dev-of-runfa-33 systemd[1]: Starting The nginx HTTP and reverse proxy server...
6月 26 16:24:20 dev-of-runfa-33 nginx[26332]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
6月 26 16:24:20 dev-of-runfa-33 nginx[26332]: nginx: configuration file /etc/nginx/nginx.conf test is successful
6月 26 16:24:20 dev-of-runfa-33 systemd[1]: Started The nginx HTTP and reverse proxy server.

测试

主页:http://10.18.193.33/graylog/
REST API 地址:http://10.18.193.33/graylog/api/

01247-c9hcw30djq.png


linuxgraylogyum

我来吐槽

*

*