Graylog

Graylog 是与 ELK 可以相提并论的一款集中式日志管理方案，支持数据收集、检索、可视化 
​
Graylog 架构
    - Graylog 负责接收来自各种设备和应用的日志，并为用户提供 Web 访问接口。
    - Elasticsearch 用于索引和保存 Graylog 接收到的日志。
    - MongoDB 负责保存 Graylog 自身的配置信息。
​

 

实操

安装Openjdk

- yum -y install java-1.8.0-openjdk-headless.x86_64
- java -version

 

安装Mongodb

- 配置Mongndb的yum源
    - vim /etc/yum.repos.d/mongodb-org-4-0.repo
        [mongodb-org-4.0]
        name=MongoDB Repository
        baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-        org/4.0/x86_64/
        gpgcheck=1
        enabled=1
        gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc
    - yum repolist
    
- 安装Mongdb并启动服务设置为开机自启动
    - yum -y install mongodb-org
    - systemctl enable mongod.service
    - systemctl start mongod.service
    - systemctl status mongod.service

 

安装Elasticsearch

- rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
- vim /etc/yum.repos.d/elasticsearch.repo
    [elasticsearch-6.x]
    name=Elasticsearch repository for 6.x packages
    baseurl=https://artifacts.elastic.co/packages/oss-6.x/yum
    gpgcheck=1
    gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
- yum repolist 
- yum -y install elasticsearch-oss
- vim /etc/elasticsearch/elasticsearch.yml
     cluster.name: graylog
     action.auto_create_index: false
- systemctl enable elasticsearch.service
- systemctl start elasticsearch.service
- systemctl status elasticsearch.service
​

 

安装Graylog

- rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-3.0-repository_latest.rpm
- yum -y install graylog-server
- yum -y install epel-release
- yum -y install pwgen
- pwgen -N 1 -s 96
    # 注意上一条命令执行之后会有一个字符串的密码出来（1）
- echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '
' | sha256sum | cut -d" " -f1
    # 注意上一条命令执行之后会有一个字符串的密码出来（2）
- vim /etc/graylog/server/server.conf
    password_secret = # 注意上一条命令执行之后会有一个字符串的密码出来（1）
    root_username = admin
    root_password_sha2 = # 注意上一条命令执行之后会有一个字符串的密码出来（2）
    root_timezone = Asia/Shanghai
    http_bind_address = 127.0.0.1:9000
    http_publish_uri = http://自己的IP:9000/
    http_enable_cors = true
    http_enable_gzip = true
    http_enable_tls = false
    elasticsearch_hosts = http://127.0.0.1:9200
    
- systemctl enable graylog-server.service
- systemctl start graylog-server.service
- systemctl status graylog-server.service
​

 

使用Nginx做反向代理

- yum -y install nginx
- echo '' > /etc/nginx/nginx.conf
- vim /etc/nginx/nginx.conf
    user nobody;
worker_processes 4;
events {
    worker_connections  1024;
}
http {
    include mime.types;
    default_type application/octet-stream;
    client_max_body_size 100m;
    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';
    sendfile on;
    keepalive_timeout 65;
    gzip  on;
    gzip_min_length 256;
    gzip_buffers 16 8k;
    gzip_comp_level 6;
    gzip_vary on;
    gzip_types
        text/xml application/xml application/atom+xml application/rss+xml application/xhtml+xml image/svg+xml
        text/javascript application/javascript application/x-javascript
        text/x-json application/json application/x-web-app-manifest+json
        text/css text/plain text/x-component
        font/opentype application/x-font-ttf application/vnd.ms-fontobject
        image/x-icon;
    include /etc/nginx/conf.d/*.conf;
}
[root@dev-of-runfa-33 ~]# vim /etc/nginx/conf.d/www.conf
server
{
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;
    server_name 自己主机的IP;
​
    location /graylog/
    {
      proxy_set_header Host $http_host;
      proxy_set_header X-Forwarded-Host $host;
      proxy_set_header X-Forwarded-Server $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Graylog-Server-URL http://$server_name/graylog/;
      rewrite ^/graylog/(.*)$ /$1 break;
      proxy_pass http://127.0.0.1:9000;
    }
}
​
- systemctl enable nginx
- systemctl start nginx
- systemctl status nginx

 

测试

# 主页 ： http://自己主机的IP/graylog
# REST API 主页: http://自己主机的IPgraylog/api