Graylog

Graylog

#Graylog 是与 ELK 可以相提并论的一款集中式日志管理方案，支持数据收集、检索、可视化 
​
#Graylog 架构
 - Graylog 负责接收来自各种设备和应用的日志，并为用户提供 Web 访问接口。
 - Elasticsearch 用于索引和保存 Graylog 接收到的日志。
 - MongoDB 负责保存 Graylog 自身的配置信息。
​

 

实操

安装Openjdk

- yum -y install java-1.8.0-openjdk-headless.x86_64
- java -version

 

安装Mongodb

- 配置Mongndb的yum源
    - vim /etc/yum.repos.d/mongodb-org-4-0.repo
  [mongodb-org-4.0]
  name=MongoDB Repository
  baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-  org/4.0/x86_64/
  gpgcheck=1
  enabled=1
  gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc
 - yum repolist
 
- 安装Mongdb并启动服务设置为开机自启动
 - yum -y install mongodb-org
    - systemctl enable mongod.service
 - systemctl start mongod.service
 - systemctl status mongod.service

 

安装Elasticsearch

- rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
- vim /etc/yum.repos.d/elasticsearch.repo
 [elasticsearch-6.x]
 name=Elasticsearch repository for 6.x packages
 baseurl=https://artifacts.elastic.co/packages/oss-6.x/yum
 gpgcheck=1
 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
- yum repolist 
- yum -y install elasticsearch-oss
- vim /etc/elasticsearch/elasticsearch.yml
 cluster.name: graylog
 action.auto_create_index: false
- systemctl enable elasticsearch.service
- systemctl start elasticsearch.service
- systemctl status elasticsearch.service
​

 

安装Graylog

- rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-3.0-repository_latest.rpm
- yum -y install graylog-server
- yum -y install epel-release
- yum -y install pwgen
- pwgen -N 1 -s 96
 # 注意上一条命令执行之后会有一个字符串的密码出来（1）
- echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
 # 注意上一条命令执行之后会有一个字符串的密码出来（2）
- vim /etc/graylog/server/server.conf
 password_secret = # 注意上一条命令执行之后会有一个字符串的密码出来（1）
   root_username = admin
   root_password_sha2 = # 注意上一条命令执行之后会有一个字符串的密码出来（2）
 root_timezone = Asia/Shanghai
 http_bind_address = 127.0.0.1:9000
 http_publish_uri = http://自己的IP:9000/
 http_enable_cors = true
 http_enable_gzip = true
 http_enable_tls = false
 elasticsearch_hosts = http://127.0.0.1:9200
 
- systemctl enable graylog-server.service
- systemctl start graylog-server.service
- systemctl status graylog-server.service
​

 

使用Nginx做反向代理

- yum -y install nginx
- echo '' > /etc/nginx/nginx.conf
- vim /etc/nginx/nginx.conf
 user nobody;
worker_processes 4;
events {
   worker_connections  1024;
}
http {
   include mime.types;
   default_type application/octet-stream;
   client_max_body_size 100m;
   log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';
   sendfile on;
   keepalive_timeout 65;
   gzip on;
   gzip_min_length 256;
   gzip_buffers 16 8k;
   gzip_comp_level 6;
   gzip_vary on;
   gzip_types
       text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml
       text/javascript application/javascript application/x-javascript
       text/x-json application/json application/x-web-app-manifest+json
       text/css text/plain text/x-component
       font/opentype application/x-font-ttf application/vnd.ms-fontobject
       image/x-icon;
   include /etc/nginx/conf.d/*.conf;
}
[root@dev-of-runfa-33 ~]# vim /etc/nginx/conf.d/www.conf
server
{
   listen 80 default_server;
   listen [::]:80 default_server ipv6only=on;
   server_name 自己主机的IP;
​
   location /graylog/
   {
     proxy_set_header Host $http_host;
     proxy_set_header X-Forwarded-Host $host;
     proxy_set_header X-Forwarded-Server $host;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Graylog-Server-URL http://$server_name/graylog/;
     rewrite ^/graylog/(.*)$ /$1 break;
     proxy_pass http://127.0.0.1:9000;
   }
}
​
- systemctl enable nginx
- systemctl start nginx
- systemctl status nginx

 

测试

# 主页 ： http://自己主机的IP/graylog
# REST API 主页: http://自己主机的IPgraylog/api