카이도스의 Tech Blog
GRAYLOG 설치 본문
설치환경 : 우분투 20.04 기준
echo "[TASK 2] Disable ufw & AppArmor"
sudo systemctl stop ufw && sudo systemctl disable
sudo systemctl stop apparmor && sudo systemctl disable apparmor
echo "[TASK 3] Install Packages : OpenJdk-17 "
sudo apt update
sudo apt-get install apt-transport-https openjdk-16-jre-headless uuid-runtime pwgen -y
echo "[TASK 4] Install Mongodb"
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 9DA31620334BD75D9DCB49F368818C72E52529D4
echo "deb [ arch=amd64 ] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.0.list
sudo apt-get update
sudo apt-get install mongodb-org -y
sudo systemctl daemon-reload && sudo systemctl enable mongod && sudo systemctl restart mongod
echo "[TASK 5] Install PHP"
sudo wget -q https://artifacts.elastic.co/GPG-KEY-elasticsearch -O myKey
sudo apt-key add myKey
echo "deb https://artifacts.elastic.co/packages/oss-7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
sudo apt-get update && sudo apt-get install elasticsearch-oss -y
## Modify the Elasticsearch configuration file (/etc/elasticsearch/elasticsearch.yml), ## set the cluster name to Graylog, and uncomment action.auto_create_index: false to enable the action:
sudo tee -a /etc/elasticsearch/elasticsearch.yml > /dev/null <<EOT
cluster.name: graylog
action.auto_create_index: false
EOT
## After you have modified the configuration, you can start Elasticsearch and verify it is running.
sudo systemctl daemon-reload && sudo systemctl enable elasticsearch && sudo systemctl restart elasticsearch
echo "[TASK 6] Install Graylog"
sudo wget https://packages.graylog2.org/repo/packages/graylog-4.3-repository_latest.deb
sudo dpkg -i graylog-4.3-repository_latest.deb
#apt-get update && apt-get install graylog-server graylog-enterprise-plugins graylog-integrations-plugins graylog-enterprise-integrations-plugins
sudo apt-get update && sudo apt-get install graylog-server -y
#echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
#Enter Password: 사용자설정
export PW=패스워드값
sudo sed -i "s/root_password_sha2 =/root_password_sha2 =$PW/g" /etc/graylog/server/server.conf
export PW2=$(pwgen -N 1 -s 96)
echo $PW2
sudo sed -i "s/password_secret =/password_secret = $PW2/g" /etc/graylog/server/server.conf
echo "http_bind_address = 설치서버IP:9000" | sudo tee -a /etc/graylog/server/server.conf
sudo sed -i "s/elasticsearch_shards = 4/elasticsearch_shards = 1/g" /etc/graylog/server/server.conf
sudo systemctl daemon-reload && sudo systemctl enable graylog-server && sudo systemctl start graylog-server
rsyslog 설정(UDP60000을 기본으로 설정함. 원하는 포트로 등록하면 됨)
echo "*.* @설치서버IP:60000;RSYSLOG_SyslogProtocol23Format" | sudo tee -a /etc/rsyslog.d/60-graylogsrv.conf sudo systemctl restart rsyslog
# 로그 발생 테스트
logger test
간단하게 운영하기 위해 모두 UDP 60000 설정 → 향후 서비스별 UDP 포트를 구별해서 inputs 생성
echo "*.* @설치서버IP:60000;RSYSLOG_SyslogProtocol23Format" | sudo tee -a /etc/rsyslog.d/60-graylogsrv.conf
sudo systemctl restart rsyslog && logger $(cat /etc/hostname)
sudo vi /etc/profile (아래내용 하단에 추가 후 저장)
---------------------------------------------------------------------------
function logging
{
#stat="$?"
cmd=$(history|tail -1)
srcip=`who -m | awk -F'(' '{print $2}' | awk -F')' '{print $1}'`
if [ "$cmd" != "$cmd_old" ]; then
#logger -p local1.notice "[2] STAT=$stat"
logger -p local1.notice "PID= $$, SRC=$srcip, PWD=$PWD, CMD=$cmd"
fi
cmd_old=$cmd
}
trap logging DEBUG
---------------------------------------------------------------------------
'모니터링' 카테고리의 다른 글
Grafana, Loki, Promtail 모니터링+로그 셋팅+zabbix 연동 (0) | 2023.04.26 |
---|---|
Datadog Agent 설치 (0) | 2023.04.04 |
DATADOG-AWS 연동 (0) | 2023.03.29 |
kafka zabbix 모니터링 설정 (0) | 2023.02.09 |
Zabbix server 설치 (0) | 2023.02.01 |