基于CentOS7环境搭建Graylog日志系统

2023-12-13 03:05:20

? ? ? ? 我配置的Graylog是4版本的,因为更高级的版本没有针对centos

CentOS installationicon-default.png?t=N7T8https://go2docs.graylog.org/4-x/downloading_and_installing_graylog/centos_installation.html? ? ? ? 官方文档挺详细,但有的地方可能会出问题

1. 安装MongoDB

Install MongoDB Community Edition on Red Hat or CentOS — MongoDB Manualicon-default.png?t=N7T8https://www.mongodb.com/docs/v4.4/tutorial/install-mongodb-on-red-hat/#install-mongodb-community-edition

  • 兜兜转转发现很多东西还是官网的文档写的好

?1.1 创建一个yum配置文件

vi /etc/yum.repos.d/mongodb-org-4.4.repo

? ? ? ? 添加内容

[mongodb-org-4.4]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/7/mongodb-org/4.4/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.4.asc

1.2 安装MongoDB

?sudo yum install -y mongodb-org

1.31 解决SELinux组织MongoDB访问的问题

1.3.1 安装checkpolicy

sudo yum install checkpolicy

1.3.1 配置mongodb_cgroup_memory策略

cat > mongodb_cgroup_memory.te <<EOF
module mongodb_cgroup_memory 1.0;

require {
? ? ? type cgroup_t;
? ? ? type mongod_t;
? ? ? class dir search;
? ? ? class file { getattr open read };
}

#============= mongod_t ==============
allow mongod_t cgroup_t:dir search;
allow mongod_t cgroup_t:file { getattr open read };
EOF

?1.3.2 运行mongodb_cgroup_memory策略

checkmodule -M -m -o mongodb_cgroup_memory.mod mongodb_cgroup_memory.te
semodule_package -o mongodb_cgroup_memory.pp -m mongodb_cgroup_memory.mod
sudo semodule -i mongodb_cgroup_memory.pp

1.3.3 配置mongodb_proc_net策略

cat > mongodb_proc_net.te <<EOF
module mongodb_proc_net 1.0;

require {
? ? type cgroup_t;
? ? type configfs_t;
? ? type file_type;
? ? type mongod_t;
? ? type proc_net_t;
? ? type sysctl_fs_t;
? ? type var_lib_nfs_t;

? ? class dir { search getattr };
? ? class file { getattr open read };
}

#============= mongod_t ==============
allow mongod_t cgroup_t:dir { search getattr } ;
allow mongod_t cgroup_t:file { getattr open read };
allow mongod_t configfs_t:dir getattr;
allow mongod_t file_type:dir { getattr search };
allow mongod_t file_type:file getattr;
allow mongod_t proc_net_t:file { open read };
allow mongod_t sysctl_fs_t:dir search;
allow mongod_t var_lib_nfs_t:dir search;
EOF

1.3.4 运行mongodb_proc_net策略

checkmodule -M -m -o mongodb_proc_net.mod mongodb_proc_net.te
semodule_package -o mongodb_proc_net.pp -m mongodb_proc_net.mod
sudo semodule -i mongodb_proc_net.pp

1.4 运行MongoDB

#运行MongoDB

sudo systemctl start mongod

#查看MongoDB状态

sudo systemctl status mongod

2. 安装Elasticsearch

2.1 安装Elastic GPG密钥

rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

touch /etc/yum.repos.d/elasticsearch.repo

2.2 创建一个yum配置文件

vi?/etc/yum.repos.d/elasticsearch.repo

? ? ? ? 添加内容,graylog官方文档说是es不能超过7.10的版本

[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/oss-7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

?2.3 安装ES

sudo yum install elasticsearch-oss

2.4 修改配置文件

vim /etc/elasticsearch/elasticsearch.yml

cluster.name: graylog
#最后一行新增
action.auto_create_index: false?

2.5 启动ES?

sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service
sudo systemctl --type=service --state=active | grep elasticsearch

2.6 修改es的jvm内存配置

vim /etc/elasticsearch/jvm.options

? ? ? ? 感觉连接多个项目,2g应该够用?

初始化内存
-Xms2g
最小内存
-Xmx2g?

3. 安装Graylog

sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-4.0-repository_latest.rpm

?sudo yum install graylog-server

3.1 安装epel

yum install epel-release

3.2 安装pwgen

yum install pwgen

3.3 生成password_secret密码

pwgen -N 1 -s 96

3.4?生成root_password_sha2密码

echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1

?3.5 修改配置文件

Overviewicon-default.png?t=N7T8https://go2docs.graylog.org/4-x/setting_up_graylog/web_interface.htm

vim /etc/graylog/server/server.conf

password_secret = xxxxx
Web登录时所需要使用的密码
root_password_sha2 = xxxx?
?
时区
root_timezone = Asia/Shanghai
ip地址,固定这样设置
http_bind_address = 0.0.0.0:9000
?
# 配置外网地址,就是能让其他电脑访问的地址
http_publish_uri = http://graylog.example.com/
?
配的单节点es,分片设置为 1
elasticsearch_shards = 1
elasticsearch_replicas = 0
查询结果高亮
allow_highlighting = true
?
邮件预警配置,hostname是邮件官方的服务器地址,搜一下就能找到
transport_email_enabled = true
transport_email_hostname = smtp.exmail.qq.com
transport_email_port = 465
transport_email_use_auth = true
transport_email_auth_username = your_email.com
transport_email_auth_password = your_password
transport_email_subject_prefix = [graylog]
transport_email_from_email = your_email.com
transport_email_use_tls = false
transport_email_use_ssl = true

3.6 启动Graylog?

sudo systemctl daemon-reload
sudo systemctl enable graylog-server.service
sudo systemctl start graylog-server.service
sudo systemctl --type=service --state=active | grep graylog

????????查看graylog日志

tail -50f ?/var/log/graylog-server/server.log

? ? ? ? 查看系统日志?

tail -50f /var/log/messages

? ? ? ? 查看graylog状态

sudo systemctl status graylog-server.service

文章来源:https://blog.csdn.net/LB_bei/article/details/134784340
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。