1.windows的graylog客户端服务状态,监听5044和9000端口,关闭或者放行5044
2.服务端,检查如下服务状态
sudo systemctl status nginx.service
sudo systemctl status mongod.service
sudo systemctl status elasticsearch.service
sudo systemctl status graylog-server.service
3.设置admin密码
安装graylog仓库
rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-2.1-repository_latest.rpm
yum install graylog-server
安装epel仓库和pwgen软件
rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
yum install -y pwgen (后面生成密码使用)
生成password_secret密码
pwgen -N 1 -s 96
生成root_password_sha2密码
echo -n 123456 | sha256sum
修改/etc/graylog/server/server.conf配置文件,将上面生成的密码写入到对应的变量
password_secret =
root_password_sha2 =
root_timezone = Asia/Shanghai
rest_listen_uri = http://0.0.0.0:9000/api/
web_listen_uri = http://0.0.0.0:9000/
allow_highlighting = true (运行查询结果高亮)
elasticsearch_shards = 1 (当前只安装了一个elasticsearch)
elasticsearch_index_prefix = graylog