Graylog build configuration (centos7)
1, Basic environment
1. jdk environment required:
[root@iz2zee3zwuvnmai605c99vz ~]# java -version
openjdk version "1.8.0_171"
OpenJDK Runtime Environment (build 1.8.0_171-b10)
OpenJDK 64-Bit Server VM (build 25.171-b10, mixed mode)
//If not, you need to install it. Here I use yum to install:
[root@iz2zee3zwuvnmai605c99vz ~]#yum list java* ###View available java version packages
[root@cotroller ~]# yum -y install java-1.8.0* ###Install java version 1.8
[root@cotroller ~]# java -version ###View java version
openjdk version "1.8.0_171"
OpenJDK Runtime Environment (build 1.8.0_171-b10)
OpenJDK 64-Bit Server VM (build 25.171-b10, mixed mode)
2. If you want pwgen to be used later, you need to install EPEL on the system and install the package:
[root@cotroller ~]# yum install epel-release [root@cotroller ~]# yum install pwgen
2, Set up three services for graylog installation
1. To install MongoDB:
[root@cotroller ~]# vim /etc/yum.repos.d/mongodb-org-3.6.repo ###Add a yum source for mongodb [mongodb-org-3.6] name=MongoDB Repository baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.6/x86_64/ gpgcheck=1 enabled=1 gpgkey=https://www.mongodb.org/static/pgp/server-3.6.asc [root@cotroller ~]# yum install -y mongodb-org ###Install the latest version of MongoDB [root@cotroller ~]# chkconfig --add mongod ###Join system services [root@cotroller ~]# systemctl daemon-reload ###Reload systemd and scan for new or changed units [root@cotroller ~]# systemctl enable mongod.service ###Start up service [root@cotroller ~]# systemctl start mongod.service ###Startup service [root@cotroller ~]# netstat -utpln |grep 27017 ###Check whether the service port is on tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN 2095/mongod
2. To install Elasticsearch:
Note: Gralasticog 2.4.x should be used with Elasticsearch 5.x
[root@cotroller ~]# rpm --import https://Artifacts.elastic.co/gpg-key-elastic search install Elastic GPG key first
[root@cotroller ~]# vim /etc/yum.repos.d/elasticsearch.repo ###Add the yum source of es
[elasticsearch-5.x]
name=Elasticsearch repository for 5.x packages
baseurl=https://artifacts.elastic.co/packages/5.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
[root@cotroller ~]# yum install elasticsearch ###Install the latest version of es
[root@cotroller ~]# vim /etc/elasticsearch/elasticsearch.yml ###Change es name to graylog
cluster.name: graylog #Line 17 modified
[root@cotroller ~]# chkconfig --add elasticsearch ###Join system services
[root@cotroller ~]# systemctl daemon-reload ###Reload systemd and scan for new or changed units
[root@cotroller ~]# systemctl enable elasticsearch.service ###Start up service
[root@cotroller ~]# systemctl start elasticsearch.service ###Startup service
[root@cotroller ~]# netstat -utpln ###Check whether es service ports 9200 and 9300 are on
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:9200 0.0.0.0:* LISTEN 2237/java
tcp 0 0 127.0.0.1:9300 0.0.0.0:* LISTEN 2237/java
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1033/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1517/master
tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN 2095/mongod
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1562/mysqld
udp 0 0 0.0.0.0:68 0.0.0.0:* 1695/dhclient
udp 0 0 0.0.0.0:37164 0.0.0.0:* 1695/dhclient
udp 0 0 127.0.0.1:323 0.0.0.0:* 781/chronyd
[root@cotroller ~]# curl 127.0.0.1:9200 #Test es node
{
"name" : "LLmDcwG",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "wKL4z-rZTGuauYctS-FX1A",
"version" : {
"number" : "5.6.10",
"build_hash" : "b727a60",
"build_date" : "2018-06-06T15:48:34.860Z",
"build_snapshot" : false,
"lucene_version" : "6.6.1"
},
"tagline" : "You Know, for Search"
}
3. To install graylog:
[root@cotroller ~]# rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-2.4-repository_latest.rpm [root@cotroller ~]# yum install graylog-server ###Installing graylog [root@cotroller ~]# vim /etc/graylog/server/server.conf ###Profile modification password_secret = LEetJba3xNy0TGMbqf1Hwxg26H9dZTb4tLlJ6l9T9t9aejiatr5MSlLmlPJq0UMS4gvDKDxLQIEW0yOU4W521hMYPWPrgNkd ### [root@cotroller ~]# pwgen -N 1 -s 96 ###Use pwgen to generate password "secret" and add password LEetJba3xNy0TGMbqf1Hwxg26H9dZTb4tLlJ6l9T9t9aejiatr5MSlLmlPJq0UMS4gvDKDxLQIEW0yOU4W521hMYPWPrgNkd root_password_sha2 = 8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92 ### [root@cotroller ~]# echo -n 123456 | sha256sum ###Generate login password 8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92 rest_listen_uri = http://127.0.0.1:9000/api / ා it must be made that the local IP cannot be used 127.0.0.1 because it will cause external access web_listen_uri = http://127.0.0.1:9000 / ා it is necessary to make sure that the local IP cannot be used 127.0.0.1 because it will cause external inaccessibility [root@cotroller ~]# chkconfig --add graylog-server [root@cotroller ~]# systemctl daemon-reload [root@cotroller ~]# systemctl enable graylog-server.service [root@cotroller ~]# systemctl start graylog-server.service
3, Configure nginx agent
Add server field
server
{
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name graylog.example.org;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL http://$server_name/api;
proxy_pass http://127.0.0.1:9000;
}
}
If you cannot find 12201 nginx add agent field when you access it:
location /api {
proxy_pass http://192.168.1.83:12201/api;
}
4, Restart service access test
[root@cotroller conf.d]# nginx -s stop [root@cotroller conf.d]# nginx [root@cotroller conf.d]# /etc/init.d/graylog-server restart
5, Access test grab http
Default account: admin
Password: 123456
Access add HTTP input
Push a message:
curl -XPOST http://gray address: 12202 / shelf - P0 - D '{"short message": "this is a message", "host": "172.3.3.3", "facility": "test", "U foo": "bar"}'
graylog verification:
