小豆浆 Graylog日志平台搭建及使用超详细攻略(小白攻略) www.xdoujiang.com

  • A+
所属分类:linux实战
Graylog是一个开源的日志管理系统 java语言编写
一会按照这个顺序安装 一共五个部分
1、jdk-8u151-linux-x64 java环境
2、Elasticsearch 存储所有的日志,它的性能依赖内存和硬盘IO。
3、MongoDB 存储数据。
4、Graylog 这个服务负责接收和处理日志/消息,并且和其他组件沟通。
5、Web接口(Graylog内置) 用户接口。
一、基础信息及安装jdk(也可以参考https://www.xdoujiang.com/?p=25358)
1、都是java的东西 需要内存有点多
我这里准备的虚拟机是4G内存
root@192.168.4.73:~# free -m
total used free shared buff/cache available
Mem: 3774 1564 1987 8 223 1968
Swap: 0 0 0
2、三台机器时间都核对下
ntpdate stdtime.gov.hk
3、三台机器IP
192.168.4.73 服务端
192.168.4.77 客户端
192.168.4.89 客户端
4、主机名修改(三台机器一起修改了)
root@192.168.4.73:~# hostnamectl set-hostname Graylog192168473
root@192.168.4.77:~# hostnamectl set-hostname web1192168477
root@192.168.4.89:~# hostnamectl set-hostname web2192168489
5、版本和内核
root@192.168.4.73:~# cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
6、epel selinux iptables
1)iptables
firewalld.service
selinux disabled
root@192.168.4.73:~# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
2)selinux
root@192.168.4.73:~# getenforce
Disabled
3)base和epel源
root@192.168.4.73:~# cat /etc/yum.repos.d/base.repo
[base]
name=CentOS-Base
baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-7
[updates]
name=CentOS-Updates
baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=http://mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-7
[extras]
name=CentOS-Extras
baseurl=http://mirrors.ustc.edu.cn/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=http://mirrors.ustc.edu.cn/centos/RPM-GPG-KEY-CentOS-7
[epel]
name=Extra Packages
baseurl=http://mirrors.ustc.edu.cn/epel/7Server/$basearch
gpgcheck=1
gpgkey=http://mirrors.ustc.edu.cn/epel/RPM-GPG-KEY-EPEL-7
7、下载jdk(jdk-8u151-linux-x64.rpm)
http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html
root@192.168.4.73:~# wget --no-cookies --no-check-certificate --header "Cookie: gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/8u151-b12/e758a0de34e24606bca991d704f6dcbf/jdk-8u151-linux-x64.rpm"
8、安装
root@192.168.4.73:~# rpm -ivh jdk-8u151-linux-x64.rpm
Preparing... ################################# [100%]
Updating / installing...
1:jdk1.8-2000:1.8.0_151-fcs ################################# [100%]
Unpacking JAR files...
tools.jar...
plugin.jar...
javaws.jar...
deploy.jar...
rt.jar...
jsse.jar...
charsets.jar...
localedata.jar...
9、配置环境变量
root@192.168.4.73:~# tail -n 4 /etc/profile
JAVA_HOME=/usr/java/jdk1.8.0_92
PATH=$JAVA_HOME/bin:$JAVA_HOME/jre/bin:$PATH
CLASSPATH=.:/usr/java/jdk1.8.0_92/lib:/usr/java/jdk1.8.0_92/jre/lib:$CLASSPATH
export JAVA_HOME PATH CLASSPATH
10、使配置生效
root@192.168.4.73:~# source /etc/profile
11、验证
root@192.168.4.73:~# java -version
java version "1.8.0_151"
Java(TM) SE Runtime Environment (build 1.8.0_151-b12)
Java HotSpot(TM) 64-Bit Server VM (build 25.151-b12, mixed mode)
root@192.168.4.73:~# javac -version
javac 1.8.0_151
二、安装elasticsearch-5.6.1.rpm
1、导入key
root@192.168.4.73:~# rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
2、下载包
root@192.168.4.73:~# wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.6.1.rpm
3、安装
root@192.168.4.73:~# rpm -ivh elasticsearch-5.6.1.rpm
4、修改配置文件
root@192.168.4.73:~# cd /etc/elasticsearch/
root@192.168.4.73:elasticsearch# ll
total 20
-rw-rw---- 1 root elasticsearch 2854 Sep 15 03:24 elasticsearch.yml
-rw-rw---- 1 root elasticsearch 3064 Sep 15 03:24 jvm.options
-rw-rw---- 1 root elasticsearch 4456 Sep 15 03:24 log4j2.properties
drwxr-x--- 2 root elasticsearch 4096 Sep 15 03:24 scripts
root@192.168.4.73:elasticsearch# cp elasticsearch.yml elasticsearch.yml.bak
root@192.168.4.73:elasticsearch# vim elasticsearch.yml
只修改了一行配置
cluster.name: graylog
5、启动服务并设置开机启动
root@192.168.4.73:elasticsearch# systemctl start elasticsearch.service
root@192.168.4.73:elasticsearch# systemctl enable elasticsearch.service
Created symlink from /etc/systemd/system/multi-user.target.wants/elasticsearch.service to /usr/lib/systemd/system/elasticsearch.service.
6、看下相关日志
root@192.168.4.73:elasticsearch# journalctl --unit elasticsearch
-- Logs begin at Fri 2018-01-05 22:06:23 CST, end at Fri 2018-01-05 14:33:30 CST. --
Jan 05 14:33:14 graylog192168473 systemd[1]: Starting Elasticsearch...
Jan 05 14:33:14 graylog192168473 systemd[1]: Started Elasticsearch.
再来看下相关日志、进程、端口
相关日志也可以看/var/log/elasticsearch/elasticsearch.log
root@192.168.4.73:elasticsearch# cat /var/log/elasticsearch/graylog.log
[2018-01-05T14:33:44,667][INFO ][o.e.n.Node ] [] initializing ...
[2018-01-05T14:33:44,940][INFO ][o.e.e.NodeEnvironment ] [XFaJlRG] using [1] data paths, mounts [[/ (rootfs)]], net usable_space [24.5gb], net total_space [28.7gb], spins? [unknown], types [rootfs]
[2018-01-05T14:33:44,940][INFO ][o.e.e.NodeEnvironment ] [XFaJlRG] heap size [1.9gb], compressed ordinary object pointers [true]
[2018-01-05T14:33:44,941][INFO ][o.e.n.Node ] node name [XFaJlRG] derived from node ID [XFaJlRGmTWu00Ixqrr2Fkw]; set [node.name] to override
[2018-01-05T14:33:44,941][INFO ][o.e.n.Node ] version[5.6.1], pid[10997], build[667b497/2017-09-14T19:22:05.189Z], OS[Linux/3.10.0-693.el7.x86_64/amd64], JVM[Oracle Corporation/Java HotSpot(TM) 64-Bit Server VM/1.8.0_151/25.151-b12]
[2018-01-05T14:33:44,941][INFO ][o.e.n.Node ] JVM arguments [-Xms2g, -Xmx2g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -Djdk.io.permissionsUseCanonicalPath=true, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Dlog4j.skipJansi=true, -XX:+HeapDumpOnOutOfMemoryError, -Des.path.home=/usr/share/elasticsearch]
[2018-01-05T14:33:47,397][INFO ][o.e.p.PluginsService ] [XFaJlRG] loaded module [aggs-matrix-stats]
[2018-01-05T14:33:47,397][INFO ][o.e.p.PluginsService ] [XFaJlRG] loaded module [ingest-common]
[2018-01-05T14:33:47,397][INFO ][o.e.p.PluginsService ] [XFaJlRG] loaded module [lang-expression]
[2018-01-05T14:33:47,397][INFO ][o.e.p.PluginsService ] [XFaJlRG] loaded module [lang-groovy]
[2018-01-05T14:33:47,397][INFO ][o.e.p.PluginsService ] [XFaJlRG] loaded module [lang-mustache]
[2018-01-05T14:33:47,397][INFO ][o.e.p.PluginsService ] [XFaJlRG] loaded module [lang-painless]
[2018-01-05T14:33:47,397][INFO ][o.e.p.PluginsService ] [XFaJlRG] loaded module [parent-join]
[2018-01-05T14:33:47,397][INFO ][o.e.p.PluginsService ] [XFaJlRG] loaded module [percolator]
[2018-01-05T14:33:47,397][INFO ][o.e.p.PluginsService ] [XFaJlRG] loaded module [reindex]
[2018-01-05T14:33:47,397][INFO ][o.e.p.PluginsService ] [XFaJlRG] loaded module [transport-netty3]
[2018-01-05T14:33:47,397][INFO ][o.e.p.PluginsService ] [XFaJlRG] loaded module [transport-netty4]
[2018-01-05T14:33:47,398][INFO ][o.e.p.PluginsService ] [XFaJlRG] no plugins loaded
[2018-01-05T14:33:50,962][INFO ][o.e.d.DiscoveryModule ] [XFaJlRG] using discovery type [zen]
[2018-01-05T14:33:51,948][INFO ][o.e.n.Node ] initialized
[2018-01-05T14:33:51,948][INFO ][o.e.n.Node ] [XFaJlRG] starting ...
[2018-01-05T14:33:52,365][INFO ][o.e.t.TransportService ] [XFaJlRG] publish_address {127.0.0.1:9300}, bound_addresses {[::1]:9300}, {127.0.0.1:9300}
[2018-01-05T14:33:55,514][INFO ][o.e.c.s.ClusterService ] [XFaJlRG] new_master {XFaJlRG}{XFaJlRGmTWu00Ixqrr2Fkw}{DNGfOECJS-izUQIXOVZp-w}{127.0.0.1}{127.0.0.1:9300}, reason: zen-disco-elected-as-master ([0] nodes joined)
[2018-01-05T14:33:55,611][INFO ][o.e.h.n.Netty4HttpServerTransport] [XFaJlRG] publish_address {127.0.0.1:9200}, bound_addresses {[::1]:9200}, {127.0.0.1:9200}
[2018-01-05T14:33:55,623][INFO ][o.e.n.Node ] [XFaJlRG] started
[2018-01-05T14:33:55,635][INFO ][o.e.g.GatewayService ] [XFaJlRG] recovered [0] indices into cluster_state
进程
root@192.168.4.73:elasticsearch# jps -l
10997 org.elasticsearch.bootstrap.Elasticsearch
11096 sun.tools.jps.Jps
端口
root@192.168.4.73:elasticsearch# netstat -tupnl|grep java
tcp6 0 0 127.0.0.1:9200 :::* LISTEN 10997/java
tcp6 0 0 ::1:9200 :::* LISTEN 10997/java
tcp6 0 0 127.0.0.1:9300 :::* LISTEN 10997/java
tcp6 0 0 ::1:9300 :::* LISTEN 10997/java
7、命令行测试下看看
root@192.168.4.73:elasticsearch# curl -X GET http://127.0.0.1:9200
{
"name" : "XFaJlRG",
"cluster_name" : "graylog",
"cluster_uuid" : "xpAowpDjTIOGpGTsg1mpEQ",
"version" : {
"number" : "5.6.1",
"build_hash" : "667b497",
"build_date" : "2017-09-14T19:22:05.189Z",
"build_snapshot" : false,
"lucene_version" : "6.6.1"
},
"tagline" : "You Know, for Search"
}
8、也可以查看下健康状态
root@192.168.4.73:elasticsearch# curl -X GET http://127.0.0.1:9200/_cluster/health\?pretty
{
"cluster_name" : "graylog",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"active_primary_shards" : 0,
"active_shards" : 0,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}
三、安装数据库MongoDB(也可以参考https://www.xdoujiang.com/?p=846)
1、安装mongodb-server(mongodb-server-2.6.12-4.el7.x86_64.rpm )
root@192.168.4.73:~# yum -y install mongodb-server mongodb
2、启动并设置开机启动
root@192.168.4.73:~# systemctl start mongod
root@192.168.4.73:~# systemctl enable mongod
Created symlink from /etc/systemd/system/multi-user.target.wants/mongod.service to /usr/lib/systemd/system/mongod.service.
3、看下进程和端口
root@192.168.4.73:~# netstat -tupnl|grep mon
tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN 11166/mongod
root@192.168.4.73:~# ps -ef|grep mong
mongodb 11166 1 5 14:36 ? 00:00:10 /usr/bin/mongod --quiet -f /etc/mongod.conf run
4、测试(可选)
root@192.168.4.73:~# mongod
mongod --help for help and startup options
2018-01-04T16:35:22.047+0800 [initandlisten] MongoDB starting : pid=11294 port=27017 dbpath=/data/db 64-bit host=localhost.localdomain
2018-01-04T16:35:22.047+0800 [initandlisten] db version v2.6.12
2018-01-04T16:35:22.047+0800 [initandlisten] git version: nogitversion
2018-01-04T16:35:22.047+0800 [initandlisten] OpenSSL version: OpenSSL 1.0.1e-fips 11 Feb 2013
2018-01-04T16:35:22.047+0800 [initandlisten] build info: Linux buildvm-16.phx2.fedoraproject.org 4.8.12-300.fc25.x86_64 #1 SMP Fri Dec 2 17:52:11 UTC 2016 x86_64 BOOST_LIB_VERSION=1_53
2018-01-04T16:35:22.047+0800 [initandlisten] allocator: tcmalloc
2018-01-04T16:35:22.047+0800 [initandlisten] options: {}
2018-01-04T16:35:22.047+0800 [initandlisten] exception in initAndListen: 10296
*********************************************************************
ERROR: dbpath (/data/db) does not exist.
Create this directory or give existing directory in --dbpath.
See http://dochub.mongodb.org/core/startingandstoppingmongo
*********************************************************************
, terminating
2018-01-04T16:35:22.047+0800 [initandlisten] dbexit:
2018-01-04T16:35:22.047+0800 [initandlisten] shutdown: going to close listening sockets...
2018-01-04T16:35:22.047+0800 [initandlisten] shutdown: going to flush diaglog...
2018-01-04T16:35:22.047+0800 [initandlisten] shutdown: going to close sockets...
2018-01-04T16:35:22.047+0800 [initandlisten] shutdown: waiting for fs preallocator...
2018-01-04T16:35:22.047+0800 [initandlisten] shutdown: lock for final commit...
2018-01-04T16:35:22.047+0800 [initandlisten] shutdown: final commit...
2018-01-04T16:35:22.048+0800 [initandlisten] shutdown: closing all files...
2018-01-04T16:35:22.048+0800 [initandlisten] closeAllFiles() finished
2018-01-04T16:35:22.048+0800 [initandlisten] dbexit: really exiting now
5、登录及插入数据测试(可选)
root@192.168.4.73:~# mongo
MongoDB shell version: 2.6.12
connecting to: test
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
http://docs.mongodb.org/
Questions? Try the support group
http://groups.google.com/group/mongodb-user
Server has startup warnings:
2018-01-04T16:32:36.357+0800 [initandlisten]
2018-01-04T16:32:36.357+0800 [initandlisten] ** WARNING: Readahead for /var/lib/mongodb is set to 4096KB
2018-01-04T16:32:36.357+0800 [initandlisten] ** We suggest setting it to 256KB (512 sectors) or less
2018-01-04T16:32:36.357+0800 [initandlisten] ** http://dochub.mongodb.org/core/readahead
> show dbs
admin (empty)
local 0.078GB
> use local
switched to db local
> db.test.insert({'a':'b'})
WriteResult({ "nInserted" : 1 })
> exit
bye
6、相关日志
root@192.168.4.73:~# cat /var/log/mongodb/mongod.log
2018-01-05T14:36:30.173+0800 [initandlisten] MongoDB starting : pid=11166 port=27017 dbpath=/var/lib/mongodb 64-bit host=graylog192168473
2018-01-05T14:36:30.173+0800 [initandlisten] db version v2.6.12
2018-01-05T14:36:30.173+0800 [initandlisten] git version: nogitversion
2018-01-05T14:36:30.173+0800 [initandlisten] OpenSSL version: OpenSSL 1.0.1e-fips 11 Feb 2013
2018-01-05T14:36:30.173+0800 [initandlisten] build info: Linux buildvm-16.phx2.fedoraproject.org 4.8.12-300.fc25.x86_64 #1 SMP Fri Dec 2 17:52:11 UTC 2016 x86_64 BOOST_LIB_VERSION=1_53
2018-01-05T14:36:30.173+0800 [initandlisten] allocator: tcmalloc
2018-01-05T14:36:30.173+0800 [initandlisten] options: { command: [ "run" ], config: "/etc/mongod.conf", net: { bindIp: "127.0.0.1", unixDomainSocket: { pathPrefix: "/var/run/mongodb" } }, processManagement: { fork: true, pidFilePath: "/var/run/mongodb/mongod.pid" }, storage: { dbPath: "/var/lib/mongodb" }, systemLog: { destination: "file", path: "/var/log/mongodb/mongod.log", quiet: true } }
2018-01-05T14:36:30.173+0800 [initandlisten]
2018-01-05T14:36:30.173+0800 [initandlisten] ** WARNING: Readahead for /var/lib/mongodb is set to 4096KB
2018-01-05T14:36:30.173+0800 [initandlisten] ** We suggest setting it to 256KB (512 sectors) or less
2018-01-05T14:36:30.173+0800 [initandlisten] ** http://dochub.mongodb.org/core/readahead
2018-01-05T14:36:30.185+0800 [initandlisten] journal dir=/var/lib/mongodb/journal
2018-01-05T14:36:30.185+0800 [initandlisten] recover : no journal files present, no recovery needed
2018-01-05T14:36:30.383+0800 [initandlisten] preallocateIsFaster=true 2.68
2018-01-05T14:36:30.649+0800 [initandlisten] preallocateIsFaster=true 3.78
2018-01-05T14:36:31.856+0800 [initandlisten] preallocateIsFaster=true 2.08
2018-01-05T14:36:31.856+0800 [initandlisten] preallocating a journal file /var/lib/mongodb/journal/prealloc.0
2018-01-05T14:36:34.656+0800 [initandlisten] File Preallocator Progress: 241172480/1073741824 22%
2018-01-05T14:37:00.906+0800 [initandlisten] File Preallocator Progress: 513802240/1073741824 47%
2018-01-05T14:37:03.006+0800 [initandlisten] File Preallocator Progress: 639631360/1073741824 59%
2018-01-05T14:37:06.198+0800 [initandlisten] File Preallocator Progress: 870318080/1073741824 81%
2018-01-05T14:37:40.766+0800 [initandlisten] File Preallocator Progress: 891289600/1073741824 83%
2018-01-05T14:37:41.679+0800 [DataFileSync] flushing mmaps took 11503ms for 0 files
2018-01-05T14:37:43.558+0800 [initandlisten] File Preallocator Progress: 954204160/1073741824 88%
2018-01-05T14:37:46.193+0800 [initandlisten] preallocating a journal file /var/lib/mongodb/journal/prealloc.1
2018-01-05T14:37:49.596+0800 [initandlisten] File Preallocator Progress: 293601280/1073741824 27%
2018-01-05T14:37:52.053+0800 [initandlisten] File Preallocator Progress: 608174080/1073741824 56%
2018-01-05T14:38:18.200+0800 [initandlisten] File Preallocator Progress: 629145600/1073741824 58%
2018-01-05T14:38:21.007+0800 [initandlisten] File Preallocator Progress: 954204160/1073741824 88%
2018-01-05T14:38:48.092+0800 [initandlisten] File Preallocator Progress: 1006632960/1073741824 93%
2018-01-05T14:38:51.222+0800 [initandlisten] preallocating a journal file /var/lib/mongodb/journal/prealloc.2
2018-01-05T14:38:54.117+0800 [initandlisten] File Preallocator Progress: 178257920/1073741824 16%
2018-01-05T14:38:57.184+0800 [initandlisten] File Preallocator Progress: 492830720/1073741824 45%
2018-01-05T14:39:00.041+0800 [initandlisten] File Preallocator Progress: 608174080/1073741824 56%
2018-01-05T14:39:03.125+0800 [initandlisten] File Preallocator Progress: 817889280/1073741824 76%
2018-01-05T14:39:06.015+0800 [initandlisten] File Preallocator Progress: 954204160/1073741824 88%
2018-01-05T14:39:09.388+0800 [initandlisten] allocating new ns file /var/lib/mongodb/local.ns, filling with zeroes...
2018-01-05T14:39:09.872+0800 [FileAllocator] allocating new datafile /var/lib/mongodb/local.0, filling with zeroes...
2018-01-05T14:39:09.873+0800 [FileAllocator] creating directory /var/lib/mongodb/_tmp
2018-01-05T14:39:09.877+0800 [FileAllocator] done allocating datafile /var/lib/mongodb/local.0, size: 64MB, took 0.002 secs
2018-01-05T14:39:09.888+0800 [initandlisten] build index on: local.startup_log properties: { v: 1, key: { _id: 1 }, name: "_id_", ns: "local.startup_log" }
2018-01-05T14:39:09.888+0800 [initandlisten] added index to empty collection
2018-01-05T14:39:09.921+0800 [initandlisten] command local.$cmd command: create { create: "startup_log", size: 10485760, capped: true } ntoreturn:1 keyUpdates:0 numYields:0 reslen:37 500ms
2018-01-05T14:39:09.922+0800 [initandlisten] waiting for connections on port 27017
四、安装Graylog Server(graylog-server-2.3.2-1.noarch.rpm)
1、下载仓库包
root@192.168.4.73:~# wget https://packages.graylog2.org/repo/packages/graylog-2.3-repository_latest.rpm
2、安装仓库
root@192.168.4.73:~# rpm -ivh graylog-2.3-repository_latest.rpm
3、看下仓库信息
root@192.168.4.73:yum.repos.d# cat graylog.repo
[graylog]
name=graylog
baseurl=https://packages.graylog2.org/repo/el/stable/2.3/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-graylog
4、把rpm下载下来需要用到的命令yumdownloader
root@192.168.4.73:~# yum install yum-utils -y
5、下载rpm包
root@192.168.4.73:~# yumdownloader graylog-server
6、安装rpm包
root@192.168.4.73:~# rpm -ivh graylog-server-2.3.2-1.noarch.rpm
warning: graylog-server-2.3.2-1.noarch.rpm: Header V3 RSA/SHA1 Signature, key ID b1606f22: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:graylog-server-2.3.2-1 ################################# [100%]
################################################################################
Graylog does NOT start automatically!
Please run the following commands if you want to start Graylog automatically on system boot:
sudo systemctl enable graylog-server.service
sudo systemctl start graylog-server.service
################################################################################
7、安装pwgen命令
先查找下
root@192.168.4.73:~# yum provides "*/pwgen"
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
epel/x86_64/filelists_db | 10 MB 00:00:01
graylog/x86_64/filelists_db | 4.0 kB 00:00:00
pwgen-2.07-1.el7.x86_64 : Automatic password generation
Repo : epel
Matched from:
Filename : /usr/bin/pwgen
安装
root@192.168.4.73:~# yum -y install pwgen
8、生成密码
参数介绍
-N, --num-passwords=num
Generate num passwords. This defaults to a screenful if passwords are printed by columns, and one password.
-s, --secure
Generate completely random, hard-to-memorize passwords.
These should only be used for machine passwords,
since otherwise it's almost guaranteed that users will simply
write the password on a piece of paper taped to the monitor...
配置里有说明
# Generate one by using for example: pwgen -N 1 -s 96
root@192.168.4.73:~# pwgen -N 1 -s 96
N6E3M6wNSulyPS91EZaGGwFaXJvVmyrmrcHBrEBwSzCm6T7i86NapHnKtq8b6Dh2cLQByME338HThmzj7J5z1kOCCxWGt9d2
9、生成页面登录密码 我这里设置密码是redhat
root@192.168.4.73:~# echo -n redhat|sha256sum
7d3b5c83009fadf734c06eeecd7fbe256c69f71c8ba0429e4d7ad5f54b2e4097
10、修改配置
root@192.168.4.73:~# cd /etc/graylog/server/
root@192.168.4.73:server# ll
total 36
-rw-r--r-- 1 root root 2159 Oct 20 00:57 log4j2.xml
-rw-r--r-- 1 root root 37 Jan 5 14:40 node-id
-rw-r--r-- 1 root root 26841 Oct 20 00:57 server.conf
root@192.168.4.73:server# pwd
/etc/graylog/server
root@192.168.4.73:server# cp server.conf server.conf.bak
root@192.168.4.73:server# vim server.conf
password_secret = N6E3M6wNSulyPS91EZaGGwFaXJvVmyrmrcHBrEBwSzCm6T7i86NapHnKtq8b6Dh2cLQByME338HThmzj7J5z1kOCCxWGt9d2
root_password_sha2 = 7d3b5c83009fadf734c06eeecd7fbe256c69f71c8ba0429e4d7ad5f54b2e4097
root_timezone = Asia/Shanghai
rest_listen_uri = http://192.168.4.73:9000/api/
web_listen_uri = http://192.168.4.73:9000/
我这里就修改了5个地方
11、启动服务并设置开机启动
root@192.168.4.73:server# systemctl start graylog-server.service
root@192.168.4.73:server# systemctl enable graylog-server.service
Created symlink from /etc/systemd/system/multi-user.target.wants/graylog-server.service to /usr/lib/systemd/system/graylog-server.service.
12、看下日志
root@192.168.4.73:server# journalctl --unit graylog-server
-- Logs begin at Fri 2018-01-05 22:44:28 CST, end at Fri 2018-01-05 22:44:53 CST. --
Jan 05 22:44:40 graylog192168473 systemd[1]: Started Graylog server.
Jan 05 22:44:40 graylog192168473 systemd[1]: Starting Graylog server...
13、看到端口有了 进程也有了
端口
root@192.168.4.73:~# netstat -tupnl|grep java
tcp6 0 0 127.0.0.1:9200 :::* LISTEN 1208/java
tcp6 0 0 ::1:9200 :::* LISTEN 1208/java
tcp6 0 0 127.0.0.1:9300 :::* LISTEN 1208/java
tcp6 0 0 ::1:9300 :::* LISTEN 1208/java
tcp6 0 0 192.168.4.73:9000 :::* LISTEN 1236/java
相关进程
root@192.168.4.73:~# jps -l
1236 /usr/share/graylog-server/graylog.jar
1208 org.elasticsearch.bootstrap.Elasticsearch
1849 sun.tools.jps.Jps
14、看下相关日志
root@192.168.4.73:~# cd /var/log/graylog-server/
root@192.168.4.73:graylog-server# ll
total 20
-rw-r--r-- 1 graylog graylog 17398 Jan 5 2018 server.log
root@192.168.4.73:graylog-server# tail -20f server.log
2018-01-05T22:45:36.280+08:00 INFO [JerseyService] Enabling CORS for HTTP endpoint
2018-01-05T22:45:37.490+08:00 INFO [connection] Opened connection [connectionId{localValue:12, serverValue:12}] to localhost:27017
2018-01-05T22:45:37.491+08:00 INFO [connection] Opened connection [connectionId{localValue:11, serverValue:11}] to localhost:27017
2018-01-05T22:45:44.822+08:00 INFO [MongoIndexSet] Did not find a deflector alias. Setting one up now.
2018-01-05T22:45:44.854+08:00 INFO [MongoIndexSet] There is no index target to point to. Creating one now.
2018-01-05T22:45:44.889+08:00 INFO [MongoIndexSet] Cycling from to .
2018-01-05T22:45:44.889+08:00 INFO [MongoIndexSet] Creating target index .
2018-01-05T22:45:45.606+08:00 INFO [Indices] Successfully created index template graylog-internal
2018-01-05T22:45:46.643+08:00 INFO [MongoIndexSet] Waiting for allocation of index .
2018-01-05T22:45:46.680+08:00 INFO [MongoIndexSet] Index has been successfully allocated.
2018-01-05T22:45:46.681+08:00 INFO [MongoIndexSet] Pointing index alias to new index .
2018-01-05T22:45:46.731+08:00 INFO [MongoIndexSet] Successfully pointed index alias to index .
2018-01-05T22:45:56.920+08:00 INFO [NetworkListener] Started listener bound to [192.168.4.73:9000]
2018-01-05T22:45:56.921+08:00 INFO [HttpServer] [HttpServer] Started.
2018-01-05T22:45:56.922+08:00 INFO [JerseyService] Started REST API at <http://192.168.4.73:9000/api/>
2018-01-05T22:45:56.922+08:00 INFO [JerseyService] Started Web Interface at <http://192.168.4.73:9000/>
2018-01-05T22:45:56.925+08:00 INFO [ServiceManagerListener] Services are healthy
2018-01-05T22:45:56.926+08:00 INFO [ServerBootstrap] Services started, startup times in ms: {BufferSynchronizerService [RUNNING]=76, OutputSetupService [RUNNING]=76, KafkaJournal [RUNNING]=112, InputSetupService [RUNNING]=272, StreamCacheService [RUNNING]=516, JournalReader [RUNNING]=517, LookupTableService [RUNNING]=517, PeriodicalsService [RUNNING]=524, ConfigurationEtagService [RUNNING]=534, JerseyService [RUNNING]=22232}
2018-01-05T22:45:56.927+08:00 INFO [InputSetupService] Triggering launching persisted inputs, node transitioned from Uninitialized [LB:DEAD] to Running [LB:ALIVE]
2018-01-05T22:45:56.929+08:00 INFO [ServerBootstrap] Graylog server up and running.
15、打开页面看看效果
http://192.168.4.73:9000/
小豆浆 Graylog日志平台搭建及使用超详细攻略(小白攻略) www.xdoujiang.com 小豆浆 Graylog日志平台搭建及使用超详细攻略(小白攻略) www.xdoujiang.com
五、添加一个需收集日志的服务器
服务端配置
1、小豆浆 Graylog日志平台搭建及使用超详细攻略(小白攻略) www.xdoujiang.com 小豆浆 Graylog日志平台搭建及使用超详细攻略(小白攻略) www.xdoujiang.com
system-Inputs-syslog UDP-launch new input
2、查看监听端口 这里就是刚才设置的8514端口
root@192.168.4.73:graylog-server# netstat -tupnl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1157/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1405/master
tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN 1429/mongod
tcp6 0 0 127.0.0.1:9200 :::* LISTEN 1208/java
tcp6 0 0 ::1:9200 :::* LISTEN 1208/java
tcp6 0 0 127.0.0.1:9300 :::* LISTEN 1208/java
tcp6 0 0 ::1:9300 :::* LISTEN 1208/java
tcp6 0 0 :::22 :::* LISTEN 1157/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1405/master
tcp6 0 0 192.168.4.73:9000 :::* LISTEN 1236/java
udp 0 0 0.0.0.0:7955 0.0.0.0:* 978/dhclient
udp 0 0 0.0.0.0:68 0.0.0.0:* 978/dhclient
udp6 0 0 :::2144 :::* 978/dhclient
udp6 0 0 :::8514 :::* 1236/java
2018-01-05T14:50:08.848+08:00 INFO [connection] Opened connection [connectionId{localValue:15, serverValue:15}] to localhost:27017
2018-01-05T14:50:08.849+08:00 INFO [connection] Opened connection [connectionId{localValue:13, serverValue:13}] to localhost:27017
2018-01-05T14:50:08.852+08:00 INFO [connection] Opened connection [connectionId{localValue:14, serverValue:14}] to localhost:27017
2018-01-05T14:50:08.875+08:00 INFO [InputStateListener] Input [Syslog UDP/5a4f202037b1a404d47252eb] is now STARTING
2018-01-05T14:50:08.947+08:00 WARN [NettyTransport] receiveBufferSize (SO_RCVBUF) for input SyslogUDPInput{title=192.168.4.73 Graylog logs, type=org.graylog2.inputs.syslog.udp.SyslogUDPInput, nodeId=dae54f38-0b22-48f8-822b-3636d4f99d8f} should be 262144 but is 212992.
2018-01-05T14:50:08.951+08:00 INFO [InputStateListener] Input [Syslog UDP/5a4f202037b1a404d47252eb] is now RUNNING
客户端配置 这里客户端IP是192.168.4.77
3、查看下rsyslog版本
root@192.168.4.77:~# rsyslogd -version
rsyslogd 8.24.0, compiled with:
PLATFORM: x86_64-redhat-linux-gnu
PLATFORM (lsb_release -d):
FEATURE_REGEXP: Yes
GSSAPI Kerberos 5 support: Yes
FEATURE_DEBUG (debug build, slow code): No
32bit Atomic operations supported: Yes
64bit Atomic operations supported: Yes
memory allocator: system default
Runtime Instrumentation (slow code): No
uuid support: Yes
Number of Bits in RainerScript integers: 64
See http://www.rsyslog.com for more information.
4、创建graylog.conf 并填入以下信息 二台客户端
root@192.168.4.77:~# tail -n 1 /etc/rsyslog.d/graylog.conf
*.* @192.168.4.73:8514;RSYSLOG_SyslogProtocol23Format
root@192.168.4.89:~# tail -n 1 /etc/rsyslog.d/graylog.conf
*.* @192.168.4.73:8514;RSYSLOG_SyslogProtocol23Format
5、重启服务
root@192.168.4.77:~# systemctl restart rsyslog
root@192.168.4.89:~# systemctl restart rsyslog
6、返回页面看下效果小豆浆 Graylog日志平台搭建及使用超详细攻略(小白攻略) www.xdoujiang.com 小豆浆 Graylog日志平台搭建及使用超详细攻略(小白攻略) www.xdoujiang.com
参考
https://www.elastic.co/guide/en/elasticsearch/reference/current/rpm.html
http://docs.graylog.org/en/latest/pages/installation.html
https://mp.weixin.qq.com/s/6VOWL656zsbQZKUKQu2r6A
  • 我的微信
  • 这是我的微信扫一扫
  • weinxin
  • 我的微信公众号
  • 我的微信公众号扫一扫
  • weinxin

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: