01-Graylog. Обзор. Центральный лог сервер для Linux и Windows отчетов.
02-Graylog. Простая установка на один сервер. Центральный лог сервер для Linux и Windows отчетов.
Установка Graylog:
https://docs.graylog.org/en/latest/pages/installation.html
Настройка apache2 и создание SSL Сертификатов:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
apt install apache2
a2enmod proxy rewrite ssl headers proxy_http
!!! Внимание!!!
Замените "!" на острые скобки как в видео
!VirtualHost *:80!
ServerName graylog.home
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
!/VirtualHost!
!VirtualHost *:443!
SSLEngine On
RequestHeader set X-Forwarded-Proto "https"
SSLCertificateFile /etc/ssl/private/cert.pem
SSLCertificateKeyFile /etc/ssl/private/key.pem
ServerName graylog.home
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:9000/
ProxyPassReverse / http://127.0.0.1:9000/
!/VirtualHost!
03-Graylog Cluster. Multi Node установка. Центральный лог сервер для Linux и Windows отчетов.
Команды и параметры в видео:
https://docs.graylog.org/en/latest/pages/configuration/multinode_setup.html#configure-multinode
apt update && sudo apt-get upgrade
apt install apt-transport-https openjdk-8-jre-headless uuid-runtime pwgen
MongoDB Install:
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 9DA31620334BD75D9DCB49F368818C72E52529D4
echo "deb [ arch=amd64 ] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.0.list
apt update
apt install -y mongodb-org
MongoDB :
vi /etc/mongod.conf
====================
bindIp: 0.0.0.0
replication:
replSetName: graylog
====================
systemctl restart mongod.service
Master Node:
mongo
rs.initiate( {
_id : "graylog",
members: [ { _id : 0, host : "10.10.10.161:27017" } ]
})
rs.conf()
Add members to the replica set:
rs.add("10.10.10.162:27017")
rs.config()
rs.status()
--Create a graylog database and add graylog users:
mongo
use graylog
db.createUser( {
user: "graylog",
pwd: "Pa$$w0rD",
roles: [ { role: "readWrite", db: "graylog" } ]
});
db.grantRolesToUser( "graylog" , [ { role: "dbAdmin", db: "graylog" } ])
show users
db.auth("graylog","Pa$$w0rD")
systemctl enable mongod
Elasticsearch Installation:
wget -q https://artifacts.elastic.co/GPG-KEY-... -O myKey
apt-key add myKey
echo "deb https://artifacts.elastic.co/packages... stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
apt update && sudo apt-get install elasticsearch-oss
vi /etc/elasticsearch/elasticsearch.yml
cluster.name: graylog
---Node name
node.name: node01
---Current node IP
network.host: 10.10.10.161
---port
http.port: 9200
---Hosts in the cluster
discovery.zen.ping.unicast.hosts: ["10.10.10.161", "10.10.10.162", "10.10.10.163"]
----Discoverable master node
discovery.zen.minimum_master_nodes: 2
systemctl restart elasticsearch.service
systemctl enable elasticsearch.service
ERROR "master not discovered yet, this node has not previously joined a bootstrapped (v7+) cluster,and [cluster.initial_master_nodes] is empty on this node"
cluster.initial_master_nodes: ["10.10.10.161:9300"]
Checks:
curl 'http://10.10.10.161:9200
curl 'http://10.10.10.161:9200/_cluster/hea...
curl 'http://10.10.10.161:9200/_cat/nodes?v'
Graylog Installation:
wget https://packages.graylog2.org/repo/pa...
dpkg -i graylog-4.1-repository_latest.deb
apt update && sudo apt install graylog-server graylog-enterprise-plugins graylog-integrations-plugins graylog-enterprise-integrations-plugins
Master Node:
vi /etc/graylog/server/server.conf
is_master = true
root_username = admin
password_secret = Passw0rdPassw0rd
root_password_sha2 = ab38eadaeb746599f2c1ee90f8267f31f467347462764a24d71ac1843ee77fe3
http_bind_address = 0.0.0.0:9000
http_publish_uri = http://10.10.10.161:9000/
elasticsearch_hosts = http://10.10.10.161:9200,http://10.10...
mongodb_uri = mongodb://graylog:Pa$$w0rD@10.10.10.161:27017,10.10.10.162:27017,10.10.10.163:27017/graylog?replicaSet=graylog
grep "^[^#]" /etc/graylog/server/server.conf
systemctl enable graylog-server.service
systemctl start graylog-server.service
tail -f /var/log/graylog-server/server.log
LoadBalancer:
apt install nginx
cd /etc/nginx/sites-enabled/
rm default
cd /etc/nginx/sites-available
vi graylog
server {
listen 80 default_server;
server_name graylog.rom.home;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL http://$server_name/;
proxy_pass http://graylog-web-cluster;
}
}
upstream graylog-web-cluster {
server 10.10.10.161:9000 max_fails=3 fail_timeout=30s;
server 10.10.10.162:9000 max_fails=3 fail_timeout=30s;
server 10.10.10.163:9000 max_fails=3 fail_timeout=30s;
}
04-Graylog. Подключение клиентов Linux.
Установка Sidecar:
https://docs.graylog.org/en/latest/pages/sidecar.html
Агенты Sidecar и Collector:
https://github.com/Graylog2/collector-sidecar/releases
05-Graylog. Подключение клиентов Windows.
Установка Sidecar:
https://docs.graylog.org/en/latest/pages/sidecar.html
Агенты Sidecar и Collector:
https://github.com/Graylog2/collector-sidecar/releases
Was this helpful?
0 / 0