graylog2 server 安装指南

2021年09月16日 阅读数:2
这篇文章主要向大家介绍graylog2 server 安装指南,主要内容包括基础应用、实用技巧、原理机制等方面,希望对大家有所帮助。

系统信息java

操做系统版本: CentOS 7 x86_64 最小化安装node

ip地址: 192.168.103.1linux

初始化操做系统web

[root@localhost ~]# hostnamectl set-hostname graylog2server.shensuping.com    ##设置FQDN主机名
[root@localhost ~]# systemctl restart systemd-hostnamed

[root@localhost ~]# hostnamectl status
Static hostname: graylog2server.shensuping.com
Icon name: computer-vm
Chassis: vm
Machine ID: a18933dbe7b94f5f9ec5f894eca9d9c6
Boot ID: 209ffd917b7f4515a545b62589286679
Virtualization: vmware
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-514.el7.x86_64
Architecture: x86-64

[root@localhost ~]# reboot

[root@graylog2server ~]# sed -i 's/^SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config  ##关闭SELINUX

[root@graylog2server ~]# sed -i 's/#UseDNS yes/UseDNS no/g' /etc/ssh/sshd_config  ##优化SSH链接速度

[root@graylog2server ~]# cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime  ##设置时区

[root@graylog2server ~]# yum install wget vim net-tools ntp* -y   ##安装一些工具软件

[root@graylog2server ~]# ntpdate ntp.fudan.edu.cn

[root@graylog2server ~]# systemctl start ntpd

[root@graylog2server ~]# systemctl enable ntpd

[root@graylog2server ~]# cat >> /etc/security/limits.conf  <<EOF
* soft nofile 65536 
* hard nofile 65536
EOF

[root@graylog2server ~]# cat >> /etc/sysctl.conf <<EOF
vm.max_map_count=262144
EOF

[root@graylog2server ~]# yum update -y

[root@graylog2server ~]# systemctl stop firewalld

[root@graylog2server ~]# reboot

安装graylog2 servermongodb

[root@graylog2server ~]# cat  >  /etc/yum.repos.d/mongodb.repo <<EOF
[mongodb]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/\$releasever/mongodb-org/3.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.2.asc
EOF

[root@graylog2server ~]# yum install mongodb-org -y  ##安装mongodb

[root@graylog2server ~]# service mongod start  ##启动mongodb

[root@graylog2server ~]# chkconfig mongod on  ##设置开机启动

[root@graylog2server ~]# wget -c https://mirror.its.sfu.ca/mirror/CentOS-Third-Party/NSG/common/x86_64/jdk-8u66-linux-x64.rpm  ##下载JDK

[root@graylog2server ~]# rpm -Uvh jdk-8u66-linux-x64.rpm  ##安装JDK

[root@graylog2server ~]# java -version  ##查看JDK安装是否完成
java version "1.8.0_66"
Java(TM) SE Runtime Environment (build 1.8.0_66-b17)
Java HotSpot(TM) 64-Bit Server VM (build 25.66-b17, mixed mode)

[root@graylog2server ~]#  cat >  /etc/yum.repos.d/elasticsearch.repo <<EOF
[elasticsearch]
name=Elasticsearch repository
baseurl=https://packages.elastic.co/elasticsearch/2.x/centos
gpgcheck=1
gpgkey=https://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1
EOF

[root@graylog2server ~]# yum install elasticsearch -y  ##安装elasticsearch 

[root@graylog2server ~]# systemctl daemon-reload  ##启动elasticsearch 

[root@graylog2server ~]# systemctl enable elasticsearch  ##设置elasticsearch开机启动

[root@graylog2server ~]# cp /etc/elasticsearch/elasticsearch.yml /etc/elasticsearch/elasticsearch.yml.bak

[root@graylog2server ~]# cat  > /etc/elasticsearch/elasticsearch.yml <<EOF
cluster.name: graylog
network.host: 0.0.0.0
http.port: 9200
node.master: true
node.data: true
bootstrap.mlockall: true
discovery.zen.ping.multicast.enabled: false
discovery.zen.ping.unicasts.hosts: ["127.0.0.1"]
EOF

[root@graylog2server ~]# systemctl restart elasticsearch  ##重启elasticsearch 

[root@graylog2server ~]# netstat -tupan|grep :9200  ##测试elasticsearch进程是否启动
tcp6 0 0 :::9200 :::* LISTEN 10616/java

[root@graylog2server ~]# curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'  ##测试elasticsearch
{
"cluster_name" : "graylog",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"active_primary_shards" : 0,
"active_shards" : 0,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}

[root@graylog2server ~]# wget -c https://packages.graylog2.org/repo/packages/graylog-2.2-repository_latest.rpm ##下载graylog2 repo仓库

[root@graylog2server ~]# rpm -Uvh graylog-2.2-repository_latest.rpm

[root@graylog2server ~]# yum install graylog-server -y

[root@graylog2server ~]# yum install epel-release -y

[root@graylog2server ~]# yum install pwgen -y

[root@graylog2server ~]# pwgen -N 1 -s 96  ##生成随即密码
Z2LoxxeFvWoAPbMF0sIlYWhHH06leW6bfUAeImqhUe86Wzq8p4HDZAyKTQpaedvBuCoKYjaQAGQTj93R33sREiSIVt1sTRg0

[root@graylog2server ~]# echo -n admin | sha256sum   ##生成管理员密码
8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918 -

[root@graylog2server ~]# cp /etc/graylog/server/server.conf /etc/graylog/server/server.conf.bak

[root@graylog2server ~]# cat > /etc/graylog/server/server.conf <<EOF
is_master = true
node_id_file = /etc/graylog/server/node-id
password_secret = Z2LoxxeFvWoAPbMF0sIlYWhHH06leW6bfUAeImqhUe86Wzq8p4HDZAyKTQpaedvBuCoKYjaQAGQTj93R33sREiSIVt1sTRg0
root_password_sha2 = 8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
root_timezone = PRC
plugin_dir = /usr/share/graylog-server/plugin
rest_listen_uri = http://192.168.103.1:9000/api/
web_listen_uri = http://192.168.103.1:9000/
rotation_strategy = count
elasticsearch_max_docs_per_index = 20000000
elasticsearch_max_number_of_indices = 20
retention_strategy = delete
elasticsearch_shards = 4
elasticsearch_replicas = 0
elasticsearch_index_prefix = graylog
allow_leading_wildcard_searches = false
allow_highlighting = false
elasticsearch_analyzer = standard
output_batch_size = 500
output_flush_interval = 1
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30
processbuffer_processors = 5
outputbuffer_processors = 3
processor_wait_strategy = blocking
ring_size = 65536
inputbuffer_ring_size = 65536
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking
message_journal_enabled = true
message_journal_dir = /var/lib/graylog-server/journal
lb_recognition_period_seconds = 3
mongodb_uri = mongodb://localhost/graylog
mongodb_max_connections = 1000
mongodb_threads_allowed_to_block_multiplier = 5
content_packs_dir = /usr/share/graylog-server/contentpacks
content_packs_auto_load = grok-patterns.json
proxied_requests_thread_pool_size = 32
EOF

[root@graylog2server ~]# systemctl daemon-reload

[root@graylog2server ~]# systemctl restart graylog-server  ##重启graylog-server

[root@graylog2server ~]# systemctl enable graylog-server  ##设置graylog-server开机启动

访问测试(graylog server启动较慢,请等待几分钟)json

图片描述

图片描述

本文出自个人原创博客,版权全部bootstrap