1、组件版本选定
|---------------|------------------------------------|
| 组件 | 版本号 |
| Graylog | 4.2.10 |
| MongoDB | 4.4.14 |
| Elasticsearch | 7.10.2 |
| jdk | java-1.8.0-openjdk-headless.x86_64 |
2、安装密码指令
# 安装pwd yum install -y pwgen
3、安装MongoDB
1、配置yum仓库
# 修改yum仓库配置 vim /etc/yum.repos.d/mongodb-org.repo # 加入一下内容 [mongodb-org-4.4] name=MongoDBRepository baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.2/x86_64/ gpgcheck=1 enabled=1 gpgkey=https://www.mongodb.org/static/pgp/server-4.2.asc
2、安装MongoDB
# 安装MongoDB yum -y install mongodb-org # 查看版本号 mongo --version sudo systemctl daemon-reload # 设置开机自启 sudo systemctl enable mongod.service # 启动MongoDB sudo systemctl start mongod.service # 查看状态 sudo systemctl --type=service --state=active | grep mongod
3、安装Elastic GPG key并配置yum仓库
# 安装Elastic GPG key rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch # 配置yum仓库.这里这种方式跟vim本质一样都是写数据到/etc/yum.repos.d/elasticsearch.repo中,只不过这种更方便 cat > /etc/yum.repos.d/elasticsearch.repo <<EOF [elasticsearch-7.x] name=Elasticsearch repository for 7.x packages baseurl=https://artifacts.elastic.co/packages/oss-7.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md EOF
4、安装Elasticsearch
# 安装es yum -y install elasticsearch-oss # 修改Elasticsearch配置文件 cp /etc/elasticsearch/elasticsearch.yml /etc/elasticsearch/elasticsearch.yml_default sudo tee -a /etc/elasticsearch/elasticsearch.yml > /dev/null <<EOT cluster.name: graylog action.auto_create_index: false EOT # 启动 sudo systemctl daemon-reload sudo systemctl enable elasticsearch.service sudo systemctl restart elasticsearch.service sudo systemctl --type=service --state=active | grep elasticsearch # 查看版本信息 curl -XGET localhost:9200
5、安装graylog
# 安装4.2 sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-4.2-repository_latest.rpm # 安装graylog服务,包含了插件。如果不需要安装插件,只安装sudo yum install graylog-server sudo yum install graylog-server graylog-enterprise-plugins graylog-integrations-plugins graylog-enterprise-integrations-plugins
6、配置密码
配置password_secret和root_password_sha2,未配置graylog无法启动。文件路径:/etc/graylog/server/server.conf 创建password_secret,需要使用pwgen工具
# 生成96的安全密码,将生成的密码配置到password_secret即可。 pwgen -1 -s 96 # 示例结果如下 smypspdHATo9vGHTM6VUl4dtIjaI32okPekLCdQ5yiD7iakUwdY9w9LFH9sVA5qNZ8tFmnq0S65QNnLOxYdyyLMbtWg8H7bk
7、集群部署,多个节点的 password_secret需要相同,部署启动后这个值不要随便修改,修改后数据库中的所有用户的会话都会失效。
创建root_password_sha2,也就是admin账号的登录密码,这里我配置成admin
echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
8、配置http_bind_address
文件路径:/etc/graylog/server/server.conf http_bind_address需要配置外部可访问到graylog的IP和地址,可以是域名或IP。默认为127.0.0.1:9000。配置成0.0.0.0:9000即可。
9、启动
sudo systemctl daemon-reload sudo systemctl enable graylog-server.service sudo systemctl start graylog-server.service sudo systemctl --type=service --state=active | grep graylog
10、具体代码图示
