Graylog building configuration details (centos7)

Keywords: yum ElasticSearch MongoDB Java

Graylog build configuration (centos7)

1, Basic environment

1. jdk environment required:

 [root@iz2zee3zwuvnmai605c99vz ~]# java -version
      openjdk version "1.8.0_171"
      OpenJDK Runtime Environment (build 1.8.0_171-b10)
      OpenJDK 64-Bit Server VM (build 25.171-b10, mixed mode)

  //If not, you need to install it. Here I use yum to install:
 [root@iz2zee3zwuvnmai605c99vz ~]#yum list java*  ###View available java version packages
 [root@cotroller ~]# yum -y install java-1.8.0*   ###Install java version 1.8
 [root@cotroller ~]# java -version                ###View java version
 openjdk version "1.8.0_171"
 OpenJDK Runtime Environment (build 1.8.0_171-b10)
 OpenJDK 64-Bit Server VM (build 25.171-b10, mixed mode)

2. If you want pwgen to be used later, you need to install EPEL on the system and install the package:

 [root@cotroller ~]# yum install epel-release
 [root@cotroller ~]# yum install pwgen

2, Set up three services for graylog installation

1. To install MongoDB:

 [root@cotroller ~]# vim /etc/yum.repos.d/mongodb-org-3.6.repo  ###Add a yum source for mongodb
 [mongodb-org-3.6]
 name=MongoDB Repository
 baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.6/x86_64/
 gpgcheck=1
 enabled=1
 gpgkey=https://www.mongodb.org/static/pgp/server-3.6.asc

 [root@cotroller ~]# yum install -y mongodb-org     ###Install the latest version of MongoDB
 [root@cotroller ~]# chkconfig --add mongod         ###Join system services
 [root@cotroller ~]# systemctl daemon-reload        ###Reload systemd and scan for new or changed units
 [root@cotroller ~]# systemctl enable mongod.service  ###Start up service
 [root@cotroller ~]# systemctl start  mongod.service  ###Startup service
 [root@cotroller ~]# netstat -utpln |grep 27017     ###Check whether the service port is on
 tcp        0      0 127.0.0.1:27017         0.0.0.0:*               LISTEN      2095/mongod 

2. To install Elasticsearch:

Note: Gralasticog 2.4.x should be used with Elasticsearch 5.x

 [root@cotroller ~]# rpm --import https://Artifacts.elastic.co/gpg-key-elastic search install Elastic GPG key first 
 [root@cotroller ~]# vim /etc/yum.repos.d/elasticsearch.repo   ###Add the yum source of es

 [elasticsearch-5.x]
 name=Elasticsearch repository for 5.x packages
 baseurl=https://artifacts.elastic.co/packages/5.x/yum
 gpgcheck=1
 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
 enabled=1
 autorefresh=1
 type=rpm-md
 [root@cotroller ~]# yum install elasticsearch    ###Install the latest version of es
 [root@cotroller ~]# vim /etc/elasticsearch/elasticsearch.yml  ###Change es name to graylog
 cluster.name: graylog      #Line 17 modified
 [root@cotroller ~]# chkconfig --add elasticsearch  ###Join system services
 [root@cotroller ~]# systemctl daemon-reload        ###Reload systemd and scan for new or changed units
 [root@cotroller ~]# systemctl enable elasticsearch.service   ###Start up service
 [root@cotroller ~]# systemctl start  elasticsearch.service   ###Startup service
 [root@cotroller ~]# netstat -utpln ###Check whether es service ports 9200 and 9300 are on
 Active Internet connections (only servers)
 Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
 tcp        0      0 127.0.0.1:9200          0.0.0.0:*               LISTEN      2237/java           
 tcp        0      0 127.0.0.1:9300          0.0.0.0:*               LISTEN      2237/java           
 tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1033/sshd           
 tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1517/master         
 tcp        0      0 127.0.0.1:27017         0.0.0.0:*               LISTEN      2095/mongod         
 tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      1562/mysqld         
 udp        0      0 0.0.0.0:68              0.0.0.0:*                           1695/dhclient       
 udp        0      0 0.0.0.0:37164           0.0.0.0:*                           1695/dhclient       
 udp        0      0 127.0.0.1:323           0.0.0.0:*                           781/chronyd         

 [root@cotroller ~]# curl 127.0.0.1:9200    #Test es node
 {
 "name" : "LLmDcwG",
 "cluster_name" : "elasticsearch",
 "cluster_uuid" : "wKL4z-rZTGuauYctS-FX1A",
 "version" : {
 "number" : "5.6.10",
 "build_hash" : "b727a60",
 "build_date" : "2018-06-06T15:48:34.860Z",
 "build_snapshot" : false,
 "lucene_version" : "6.6.1"
  },
 "tagline" : "You Know, for Search"
 }

3. To install graylog:

[root@cotroller ~]# rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-2.4-repository_latest.rpm
[root@cotroller ~]# yum install graylog-server   ###Installing graylog
[root@cotroller ~]# vim  /etc/graylog/server/server.conf  ###Profile modification  
password_secret  =   LEetJba3xNy0TGMbqf1Hwxg26H9dZTb4tLlJ6l9T9t9aejiatr5MSlLmlPJq0UMS4gvDKDxLQIEW0yOU4W521hMYPWPrgNkd  
###    [root@cotroller ~]# pwgen -N 1 -s 96  ###Use pwgen to generate password "secret" and add password
LEetJba3xNy0TGMbqf1Hwxg26H9dZTb4tLlJ6l9T9t9aejiatr5MSlLmlPJq0UMS4gvDKDxLQIEW0yOU4W521hMYPWPrgNkd 

root_password_sha2 = 8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92  
###    [root@cotroller ~]# echo -n 123456 | sha256sum    ###Generate login password
8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92  

rest_listen_uri = http://127.0.0.1:9000/api / ා it must be made that the local IP cannot be used 127.0.0.1 because it will cause external access
web_listen_uri = http://127.0.0.1:9000 / ා it is necessary to make sure that the local IP cannot be used 127.0.0.1 because it will cause external inaccessibility 
[root@cotroller ~]# chkconfig --add graylog-server
[root@cotroller ~]# systemctl daemon-reload
[root@cotroller ~]# systemctl enable graylog-server.service
[root@cotroller ~]# systemctl start graylog-server.service

3, Configure nginx agent

Add server field

server
{
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name graylog.example.org;

location / {
  proxy_set_header Host $http_host;
  proxy_set_header X-Forwarded-Host $host;
  proxy_set_header X-Forwarded-Server $host;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Graylog-Server-URL http://$server_name/api;
  proxy_pass       http://127.0.0.1:9000;
}
}

If you cannot find 12201 nginx add agent field when you access it:

 location /api {
  proxy_pass       http://192.168.1.83:12201/api;
}

4, Restart service access test

[root@cotroller conf.d]# nginx -s stop
[root@cotroller conf.d]# nginx 
[root@cotroller conf.d]# /etc/init.d/graylog-server restart

5, Access test grab http

Default account: admin

Password: 123456


Access add HTTP input



Push a message:

curl -XPOST http://gray address: 12202 / shelf - P0 - D '{"short message": "this is a message", "host": "172.3.3.3", "facility": "test", "U foo": "bar"}'

graylog verification:


Posted by thepreacher on Sat, 15 Feb 2020 07:29:27 -0800