1.官网地址 https://www.graylog.org/
安装文档连接 https://docs.graylog.org/en/4.0/pages/installation/operating_system_packages.html
jdk安装见另一篇文章
mongoDB安装
vim /etc/yum.repos.d/mongodb-org.repo
[mongodb-org-4.2]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.2.asc安装
sudo yum install mongodb-org
启动
sudo systemctl daemon-reload
sudo systemctl enable mongod.service
sudo systemctl start mongod.service
sudo systemctl --type=service --state=active | grep mongodes安装
首先安装Elastic GPG密钥,然后添加包含以下内容的存储库文件中,graylog4.1采用的是elasticsearch7.x版本
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
touch /etc/yum.repos.d/elasticsearch.repo
vim /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/oss-7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md随后安装最新版本
sudo yum install elasticsearch-oss修改elasticsearch的配置文件
vim /etc/elasticsearch/elasticsearch.yml
修改
cluster.name: gralog
最后一行新增
action.auto_create_index: false启动es
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service
sudo systemctl --type=service --state=active | grep elasticsearch修改elasticsearch的jvm配置,按实际物理机器可用分配内存配置
vim /etc/elasticsearch/jvm.options
初始化内存
-Xms1g
最小内存
-Xmx1ggraylog安装
sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-4.0-repository_latest.rpm最简单安装
sudo yum install graylog-server集成众多插件安装
sudo yum install graylog-server graylog-enterprise-plugins graylog-integrations-plugins graylog-enterprise-integrations-plugins安装epel软件仓库
yum install epel-release安装pwgen生成密码
yum install pwgen生成password_secret密码
[root@graylog mydata]# pwgen -N 1 -s 96
aSWvfG4xcs9Hvt9F5D8loE5bPWfuH3zhwHS2aSv0tpGC1BLRn87pj37sYQIxxyea8tFRlPLy0ce4jITy6Bq5RUO4BGVEBO4r生成root_password_sha2密码 (Web登录时所需要使用的密码)
[root@graylog mydata]# echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
Enter Password: Liudehua123
24889f9abcf227d18ed564ced121b17e58265cc5373e8bbb03fc72f2b64782c7修改配置文件
vim /etc/graylog/server/server.conf
password_secret = aSWvfG4xcs9Hvt9F5D8loE5bPWfuH3zhwHS2aSv0tpGC1BLRn87pj37sYQIxxyea8tFRlPLy0ce4jITy6Bq5RUO4BGVEBO4r
Web登录时所需要使用的密码
root_password_sha2 = 24889f9abcf227d18ed564ced121b17e58265cc5373e8bbb03fc72f2b64782c7
配置时区
root_timezone = Asia/Shanghai
绑定ip地址
http_bind_address = 0.0.0.0:9000
# 配置外网地址,我这里用了域名+nginx做反向代理,所以外网地址如下。没有的话就直接就用外网ip+port,如:http://外网ip:9000/
http_publish_uri = http://graylog.example.com/
# http_external_uri = http://graylog.example.com/ 单节点的话,此配置不需要配置,默认使用http_publish_uri
由于ES是单节点,修改分片设置为 1
elasticsearch_shards = 1
elasticsearch_replicas = 0
查询结果高亮
allow_highlighting = true
邮件预警配置
邮件预警配置
transport_email_enabled = true
transport_email_hostname = smtp.exmail.qq.com
transport_email_port = 465
transport_email_use_auth = true
transport_email_auth_username = [email protected]
transport_email_auth_password = xxxxx
transport_email_subject_prefix = [graylog]
transport_email_from_email = [email protected]
transport_email_use_tls = false
transport_email_use_ssl = true
可选http通知
transport_email_web_interface_url = http://graylog.example.com
其他可选配置
# elasticsearch 相关配置
elasticsearch_hosts = http://127.0.0.1:9200
elasticsearch_shards =1
elasticsearch_replicas = 0
# mongodb 连接配置,这里直接本机起的mongodb,没有设置验证
mongodb_uri = mongodb://localhost/graylog为java执行目录建立软连接
ln -s /usr/local/jdk1.8.0_191/bin/java /usr/bin/java或者
# 启动需要手动设置Java路径
vim /etc/sysconfig/graylog-server
---------------------------------------------------------------------------------
JAVA=/usr/local/jdk1.8.0_191/bin/java
---------------------------------------------------------------------------------日志目录
tail -50f /var/log/graylog-server/server.log
tail -50f /var/log/messages启动
sudo systemctl daemon-reload
sudo systemctl enable graylog-server.service
sudo systemctl start graylog-server.service
sudo systemctl --type=service --state=active | grep graylog