03-Graylog Cluster. Multi Node установка. Центральный лог сервер для Linux и Windows отчетов.
Graylog - open source программное обеспечение, предназначенное для сбора логов с огромного количества источников различными способами.
«Центральный лог-сервер»
Graylog позволяет организовать сбор событий (логов/отчетов), фильтрацию, поиск и автоматизацию.Подходит для Linux и Windows.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
00:00 | Обзор компонентов
05:30 | Установка mongoDB и настройка ReplicaSet
12:23 | Установка и настройка Elasticsearch Cluster
21:34 | Установка и настройка Graylog
30:33 | Nginx как Load Balancer.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Буду очень благодарен за поддержку в виде чашечки ☕️:
https://www.buymeacoffee.com/RomNero
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
По вопросам и предложениям пишите: [email protected]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#Graylog
#Linux
#Log
Команды и параметры в видео:
https://docs.graylog.org/en/latest/pa...
apt update && sudo apt-get upgrade
apt install apt-transport-https openjdk-8-jre-headless uuid-runtime pwgen
ongoDB Install:
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 9DA31620334BD75D9DCB49F368818C72E52529D4
echo "deb [ arch=amd64 ] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.0.list
apt update
apt install -y mongodb-org
MongoDB :
vi /etc/mongod.conf
====================
bindIp: 0.0.0.0
replication:
replSetName: graylog
====================
systemctl restart mongod.service
Master Node:
mongo
rs.initiate( {
_id : "graylog",
members: [ { _id : 0, host : "10.10.10.161:27017" } ]
})
rs.conf()
Add members to the replica set:
rs.add("10.10.10.162:27017")
rs.config()
rs.status()
--Create a graylog database and add graylog users:
mongo
use graylog
db.createUser( {
user: "graylog",
pwd: "Pa$$w0rD",
roles: [ { role: "readWrite", db: "graylog" } ]
});
db.grantRolesToUser( "graylog" , [ { role: "dbAdmin", db: "graylog" } ])
show users
db.auth("graylog","Pa$$w0rD")
systemctl enable mongod
Elasticsearch Installation:
wget -q https://artifacts.elastic.co/GPG-KEY-... -O myKey
apt-key add myKey
echo "deb https://artifacts.elastic.co/packages... stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
apt update && sudo apt-get install elasticsearch-oss
vi /etc/elasticsearch/elasticsearch.yml
cluster.name: graylog
---Node name
node.name: node01
---Current node IP
network.host: 10.10.10.161
---port
http.port: 9200
---Hosts in the cluster
discovery.zen.ping.unicast.hosts: ["10.10.10.161", "10.10.10.162", "10.10.10.163"]
----Discoverable master node
discovery.zen.minimum_master_nodes: 2
systemctl restart elasticsearch.service
systemctl enable elasticsearch.service
ERROR "master not discovered yet, this node has not previously joined a bootstrapped (v7+) cluster,and [cluster.initial_master_nodes] is empty on this node"
cluster.initial_master_nodes: ["10.10.10.161:9300"]
Checks:
curl 'http://10.10.10.161:9200
curl 'http://10.10.10.161:9200/_cluster/health?pretty=true'
curl 'http://10.10.10.161:9200/_cat/nodes?v'
Graylog Installation:
wget https://packages.graylog2.org/repo/pa...
dpkg -i graylog-4.1-repository_latest.deb
apt update && sudo apt install graylog-server graylog-enterprise-plugins graylog-integrations-plugins graylog-enterprise-integrations-plugins
Master Node:
vi /etc/graylog/server/server.conf
is_master = true
root_username = admin
password_secret = Passw0rdPassw0rd
root_password_sha2 = ab38eadaeb746599f2c1ee90f8267f31f467347462764a24d71ac1843ee77fe3
http_bind_address = 0.0.0.0:9000
http_publish_uri = http://10.10.10.161:9000/
elasticsearch_hosts = http://10.10.10.161:9200,http://10.10.10.162:9200,http://10.10.10.163:9200
mongodb_uri = mongodb://graylog:[email protected]:27017,10.10.10.162:27017,10.10.10.163:27017/graylog?replicaSet=graylog
grep "^[^#]" /etc/graylog/server/server.conf
systemctl enable graylog-server.service
systemctl start graylog-server.service
tail -f /var/log/graylog-server/server.log
LoadBalancer:
apt install nginx
cd /etc/nginx/sites-enabled/
rm default
cd /etc/nginx/sites-available
vi graylog
server {
listen 80 default_server;
server_name graylog.rom.home;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL http://$server_name/;
proxy_pass http://graylog-web-cluster;
}
}
upstream graylog-web-cluster {
server 10.10.10.161:9000 max_fails=3 fail_timeout=30s;
server 10.10.10.162:9000 max_fails=3 fail_timeout=30s;
server 10.10.10.163:9000 max_fails=3 fail_timeout=30s;
}
Watch video 03-Graylog Cluster. Multi Node установка. Центральный лог сервер для Linux и Windows отчетов. online without registration, duration hours minute second in high quality. This video was added by user RomNero 04 August 2021, don't forget to share it with your friends and acquaintances, it has been viewed on our site 6,597 once and liked it 120 people.