graylog安装
1.先决条件
yum install java-1.8.0-openjdk-headless.x86_64 -y #安装java软件包
yum install epel-release -y #安装epel软件仓库
yum install pwgen -y #安装pwgen生成密码
2.安装mongodb
touch /etc/yum.repos.d/mongodb-org.repo
使用以下内容添加存储库文件
touch /etc/yum.repos.d/mongodb-org.repo
cat << EOF >/etc/yum.repos.d/mongodb-org.repo
[mongodb-org-4.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/RedHat/$releasever/mongodb-org/4.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc
EOF
Centos8
[mongodb-org-4.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/7/mongodb-org/4.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc
yum makecache
yum install mongodb-org -y
systemctl daemon-reload
systemctl enable mongod.service
systemctl start mongod.service
3.安装Elasticsearch
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
touch /etc/yum.repos.d/elasticsearch.repo
cat << EOF >/etc/yum.repos.d/elasticsearch.repo
[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/oss-6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF
yum makecache
yum install elasticsearch-oss -y (比较慢,直接网站下载rpm包,https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-oss-6.8.5.rpm)
vim /etc/elasticsearch/elasticsearch.yml
修改cluster.name改为graylog
最后一行添加action.auto_create_index: false
systemctl daemon-reload
systemctl enable elasticsearch.service
systemctl restart elasticsearch.service
4.安装graylog
rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-3.1-repository_latest.rpm
yum install graylog-server -y
安装完成后,首先生成password_secret密码
pwgen -N 1 -s 96
生成root_password_sha2密码 (后续Web登录时所需要使用的密码)
echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '
' | sha256sum | cut -d" " -f1
将生成的password_secret密码和root_password_sha2密码字符串,添加到配置文件/etc/graylog/server/server.conf中,分别在55行和66行
修改web登陆接口,在104行,按照如下配置,默认端口9000,可以修改
http_bind_address = 0.0.0.0:9000
修改时区
root_timezone = Asia/Shanghai
启动graylog
systemctl daemon-reload
systemctl enable graylog-server.service
systemctl start graylog-server.service
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
1514 syslog tcp/udp
12201 gelf tcp/udp
5044 sidecar