graylog2(v2.0.3)的安裝與配置
自己倒騰費(fèi)了很大勁,但是回過(guò)頭來(lái)�����,倒是不難��,還是寫(xiě)下來(lái)記錄一下��。
安裝
我自己安裝的時(shí)候�����,看了一個(gè)老版本的安裝手冊(cè)�����,走了不少?gòu)澛?����,最后還是參考官方手冊(cè)��,很簡(jiǎn)單很快的就安裝好了�����,官網(wǎng)地址:http://graylog2.org/�����。
安裝相關(guān)依賴(lài)包
1. yum -y install gcc* openssl-devel glib2-devel numactl
安裝mongodb
useradd mongodb
mkdir –p /var/mongodb/db/
mkdir –p /var/log/mongodb
tar xvf /usr/src/ mongodb-linux-x86_64-2.6.2.tgz -C /usr/local/
cd /usr/local
mv mongodb-linux-x86_64-2.6.2 mongodb
遇到的報(bào)錯(cuò):[initandlisten] ** WARNING: Youare running on a NUMA machine.
http://docs.mongodb.org/manual/administration/production-notes/#production-numa
添加到啟動(dòng)腳本里
vim /etc/init.d/mongod #內(nèi)容如下
#!/bin/bash
# description: mongodb server SysV script
. /etc/rc.d/init.d/functions
if [ -f /etc/sysconfig/mongod ]; then
. /etc/sysconfig/mongod
fi
NUMA="numactl --interleave=all"
mongod=/usr/local/mongodb/bin/mongod
prog=mongod
lockfile=/var/mongodb/db/mongod.lock
RETVAL=0
OPTIONS="--fork--logpath=/var/log/mongodb/mongod.log --dbpath=/var/mongodb/db"
start() {
echo -n $"Starting $prog: "
daemon $NUMA $mongod $OPTIONS
# $NUMA $mongod $OPTIONS
RETVAL=$?
echo
[ $RETVAL = 0 ]
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
killproc -p ${lockfile} $mongod
RETVAL=$?
echo
[$RETVAL = 0 ] && rm -f ${lockfile}
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
status)
status -p ${lockfile} $mongod
RETVAL=$?
;;
*)
echo $"Usage: $prog {start|stop|restart|status|}"
exit 1
esac
exit $RETVAL
chmod a+x /etc/init.d/mongod
chkconfig --add mongod
chkconfig mongod on
service mongod start
創(chuàng)建graylog2所需數(shù)據(jù)庫(kù)實(shí)例
/usr/local/mongodb/bin/mongo
>use admin
>db.addUser('admin','password')>use graylog2
>db.addUser('graylog','redhat')>exit
安裝elasticsearch
rpm –ivh elasticsearch-0.9.10.noarch.rpm
修改配置文件
vim/etc/elasticsearch/elasticsearch.yml
添加cluster.name:graylog2
service elasticsearch start
安裝graylog2-server
~$ tar xvfzgraylog2-server-0.20.3.tgz
~$ mvgraylog2-server-0.20.2 /usr/local/graylog2-server
cp /usr/local/graylog2-server/graylog2.conf.example/etc/graylog2.conf
修改配置文件
/usr/local/graylog2-server/bin/graylog2ctl restart
nohup /usr/local/graylog2-web-interface/bin/graylog2-web-interface &
錯(cuò)誤一:
versioncheck.torch.sh: Temporary failure in nameresolution
沒(méi)配DNS
錯(cuò)誤二:
Connect to versioncheck.torch.sh:80[versioncheck.torch.sh/54.195.251.6] failed: connect timed out
啟動(dòng)時(shí)會(huì)調(diào)用api檢查版本�����,這個(gè)錯(cuò)誤可以忽略
安裝graylog2-web-interface
報(bào)錯(cuò)如下
2014-07-03 22:00:21,388 - [ERROR] - fromnet.sf.ehcache.Cache in main
Unable to set localhost. This prevents creationof a GUID. Cause was: Myhostname: Myhostname: Name or service not known
添加/etc/hosts 文件
配置:
1��、首先在頁(yè)面上配置inputs的端口及方式��。在System下的inputs下�����。添加new input��,我選用的syslog方式��,tcp或udp的都行。我選用的tcp�,端口隨便設(shè)置,大于1024�����,這里是11514�����。這樣��,graylog2的服務(wù)端就開(kāi)啟了偵聽(tīng)11514的端口進(jìn)行輸入�。
2、客戶(hù)端及服務(wù)端都安裝rsyslog服務(wù)�����,客戶(hù)端配置將本機(jī)的日志發(fā)送到服務(wù)端的514端口�����,注意第二行的tag��,后面方便配置匹配規(guī)則�����。配置如下
3�����、服務(wù)端的rsyslog偵聽(tīng)514端口進(jìn)行接收客戶(hù)端發(fā)送過(guò)來(lái)的日志��,并且轉(zhuǎn)發(fā)到graylog2偵聽(tīng)的11514端口��,編輯/etc/rsyslog.conf��,只需添加一行
*.* @@127.0.0.1:11514
rsyslog就把本機(jī)所有日志發(fā)送到11514端口�����,即graylog2-server偵聽(tīng)的端口
修改完rsyslog的配置文件��,不要忘了重啟生效
4�����、這時(shí)候就可以在source標(biāo)簽看到哪些主機(jī)的日志被graylog2接收了
5�����、配置streams,我是根據(jù)前面說(shuō)的tag標(biāo)簽來(lái)進(jìn)行匹配的�����,相對(duì)簡(jiǎn)單�,有其他需求的看看幫助手冊(cè),很明了�����。配置郵件報(bào)警�,設(shè)置alert。
