使用Graylog將各主機log紀錄集中管理(安裝篇)
安裝 Graylog 在 Ubuntu 18.04 步驟教學,需要三個元件:
MongoDB
充當數據庫,存儲配置和元信息
Elasticsearch
它存儲日誌消息並提供搜索工具
Graylog日誌解析器
它從各種輸入中收集日誌,並將輸出提供給用於管理日誌的內置Web界面
安裝開始
sudo apt-get update && sudo apt-get upgrade
sudo apt-get install apt-transport-https openjdk-8-jre-headless uuid-runtime pwgen
安裝 MongoDB
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 9DA31620334BD75D9DCB49F368818C72E52529D4
echo "deb [ arch=amd64 ] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.0.list
sudo apt-get update
sudo apt install -y mongodb-org
sudo systemctl daemon-reload
sudo systemctl enable mongod.service
sudo systemctl restart mongod.service
安裝 Elasticsearch
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/oss-6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list
sudo apt update
sudo apt-get update && sudo apt-get install elasticsearch-oss
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service
台灣最快速穩定便宜的主機:
安裝 Graylog 4.0
wget https://packages.graylog2.org/repo/packages/graylog-4.0-repository_latest.deb
sudo dpkg -i graylog-4.0-repository_latest.deb
sudo apt update
sudo apt install -y graylog-server
pwgen -N 1 -s 96
複製亂碼
sudo nano /etc/graylog/server/server.conf
設定 admin 登入密碼
echo -n 密碼 | sha256sum
sudo nano /etc/graylog/server/server.conf
設定IP
設定時區
sudo systemctl restart graylog-server
sudo systemctl enable graylog-server
造訪 http://192.168.1.52:9000
Sending syslog from Linux systems into Graylog
https://marketplace.graylog.org/addons/a47beb3b-0bd9-4792-a56a-33b27b567856
How to send Windows EventLogs into Graylog
https://marketplace.graylog.org/addons/0bf65c6f-6fe8-4420-9c30-249706c9e55c
參考:
https://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog-on-ubuntu-16-04.html
發表評論
想要留言嗎?歡迎歡迎!