1, operating system installation CentOS installation------omitted
Cat/etc/os-release # # #配置主机的版本
Name= "CentOS Linux"
version= "7 (Core)"
Id= "CentOS"
Id_like= "Rhel Fedora"
Version_id= "7"
Pretty_name= "CentOS Linux 7 (Core)"
Ansi_color= "0;31"
Cpe_name= "Cpe:/o:centos:centos:7"
Home_url= "https://www.centos.org/"
Bug_report_url= "https://bugs.centos.org/"
centos_mantisbt_project= "CentOS-7"
centos_mantisbt_project_version= "7"
redhat_support_product= "CentOS"
redhat_support_product_version= "7"
Turn off SELinux
Vim/etc/sysconfig/selinux
Selinux=disable
2. Java, database and Elasticsearch installation
1. Java Installation
$ sudo yum install java-1.8.0-openjdk-headless.x86_64
View Java version after installation
[Email protected] ~]# java-version
OPENJDK Version "1.8.0_161"
OpenJDK Runtime Environment (build 1.8.0_161-b14)
OpenJDK 64-bit Server VM (build 25.161-b14, Mixed mode)
2. MongoDB Installation
Vi/etc/yum.repos.d/mongodb-org-3.6.repo after entering edit mode, add the following configuration:
[mongodb-org-3.6]
Name=mongodb Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.6/x86_64/
Gpgcheck=1
Enabled=1
Gpgkey=https://www.mongodb.org/static/pgp/server-3.6.asc
Save the configuration, after exiting
Yum install-y mongodb-org.
$ sudo chkconfig--add mongod
$ sudo systemctl daemon-reload
$ sudo systemctl enable Mongod.service
$ sudo systemctl start mongod.service
3.Elasticsearch
Graylog 2.4.x must use Elasticsearch 5.x,
Install Elastic GPG Key
RPM--import Https://artifacts.elastic.co/GPG-KEY-elasticsearch
Vi/etc/yum.repos.d/elasticsearch.repo # # #增加以下配置
[elasticsearch-5.x]
Name=elasticsearch repository for 5.x packages
Baseurl=https://artifacts.elastic.co/packages/5.x/yum
Gpgcheck=1
Gpgkey=https://artifacts.elastic.co/gpg-key-elasticsearch
Enabled=1
Autorefresh=1
Type=rpm-md
Yum Install Elasticsearch # # # #安装elasticsearch
VI/ETC/ELASTICSEARCH/ELASTICSEARCH.YML # # # # # # # #进入elasticsearch config file, configure Cluster.name, the Cluster.name name is consistent with Graylog
Cluster.name:graylog2
$ sudo chkconfig--add elasticsearch
$ sudo systemctl daemon-reload
$ sudo systemctl enable Elasticsearch.service
$ sudo systemctl restart Elasticsearch.service
Graylog
$ sudo rpm-uvh https://packages.graylog2.org/repo/packages/graylog-2.4-repository_latest.rpm
$ sudo yum install graylog-server # # # # #安装graylog-server
Pwgen-n 1-s ############### #获取password_secret
Echo-n YourPassword | Shasum-a ############# #获取root_password_sha2
Vi/etc/graylog/server/server.conf
password_secret= Uz8dp8hfbjtntwysqdnxhjlu4pfqsbskjnrk4mhxlffdjkfshmyekzmkkj7cnosnugpgqd8p0euzy41rhsr39ykuzosx0oag
root_password_sha2=e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951
? elasticsearch_index_prefix = graylog2? ####### #和? Elasticsearch Configure the name to match
Web_listen_uri = Http://0.0.0.0:9000/
Rest_listen_uri = http://0.0.0.0:9000/api/
Elasticsearch_shards = 1
Elasticsearch_replicas = 0
Mongodb_useauth = False
$ sudo chkconfig--add graylog-server
$ sudo systemctl daemon-reload
$ sudo systemctl enable Graylog-server.service
$ sudo systemctl start graylog-server.service
4. Collect Network Equipment
Graylog Collecting Network device logs
Centos7 runs the Rsyslog by default
Vi/etc/rsyslog.conf
$ModLoad imudp ############# #将原有的注释 # Remove
$UDPServerRun 514 ############# #将原有的注释 # Remove
. @127.0.0.1:1514 forwarded to Graylog
Systemctl Restart Rsyslog.service ######### #重启rsyslog服务
Access http:x.x.x.x:9000 user name admin password yourpassword
Configuring the input port is a workaround for non-root users who cannot use the 1024 following ports under 1514,linux, so use more than 1024 ports as much as possible.
1) Create the dashboard of test
2) Search Keywords
3) Save to Dashboard
4) Open Dashhboards
Open Source log server Graylog detects network device failures