526互联

graylog5.1安装(Centos7)

发布时间 2023-07-14 15:36:26作者: 区区致命伤

官网安装地址:https://go2docs.graylog.org/5-1/downloading_and_installing_graylog/red_hat_installation.htm?tocpath=Downloading%20and%20Installing%20Graylog%7CInstalling%20Graylog%7C_____6

一、需要安装的组件

  • OpenJDK 17 (5.0以上版本的graylog已内置,无需安装)
  • OpenSearch 1.x, 2.x (or Elasticsearch 7.10.2)
  • MongoDB 5.x or 6.x

二、安装MongoDB

1、编辑mongodb-org.repo文件

sudo vim /etc/yum.repos.d/mongodb-org.repo

输入以下内容

[mongodb-org-6.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/6.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-6.0.asc

2、安装mongodb

sudo yum install -y mongodb-org

3、启动mongod服务

sudo systemctl daemon-reload
sudo systemctl enable mongod
sudo systemctl start mongod
sudo systemctl status mongod

三、安装openSearch

1、创建opensearch本地仓库,安装openSearch

sudo curl -SL https://artifacts.opensearch.org/releases/bundle/opensearch/2.x/opensearch-2.x.repo -o /etc/yum.repos.d/opensearch-2.x.repo
sudo yum install -y opensearch

2、编辑mongodb-org.repo文件

sudo vim /etc/opensearch/opensearch.yml

输入以下内容

cluster.name: graylog
node.name: ${HOSTNAME}
path.data: /var/lib/opensearch
path.logs: /var/log/opensearch
discovery.type: single-node
network.host: 0.0.0.0
action.auto_create_index: false
plugins.security.disabled: true

3、编辑jvm.options文件,修改Xms和Xmx的大小为系统内存大小的一半

sudo vim /etc/opensearch/jvm.options

若系统内存大小是8g,则修改为Xms=4g,Xmx=4g

 4、配置运行时内核参数

sudo sysctl -w vm.max_map_count=262144
sudo echo 'vm.max_map_count=262144' >> /etc/sysctl.conf

5、启动openSearch服务

sudo systemctl daemon-reload
sudo systemctl enable opensearch
sudo systemctl start opensearch
sudo systemctl status opensearch

四、安装graylog

1、配置graylog镜像及安装

sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-5.1-repository_latest.rpm
sudo yum install graylog-server

2、生成root_password_sha2密钥

echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1

3、生成password_secret密钥

< /dev/urandom tr -dc A-Z-a-z-0-9 | head -c${1:-96};echo;

4、编辑/etc/graylog/server/server.conf

修改root_password_sha2、password_secret为2,3步生成的密钥

http_bind_address代表graylog服务的访问ip,默认是127.0.0.1/9000

http_bind_address = xxxip:9000

5、启动graylog服务

sudo systemctl daemon-reload
sudo systemctl enable graylog-server.service
sudo systemctl start graylog-server.service
sudo systemctl --type=service --state=active | grep graylog