카이도스의 Tech Blog

GRAYLOG 설치 본문

모니터링

GRAYLOG 설치

카이도스 2023. 2. 1. 10:30
728x90
반응형

설치환경 : 우분투 20.04 기준

echo "[TASK 2] Disable ufw & AppArmor"
sudo systemctl stop ufw && sudo systemctl disable
sudo systemctl stop apparmor && sudo systemctl disable apparmor

echo "[TASK 3] Install Packages : OpenJdk-17 "
sudo apt update
sudo apt-get install apt-transport-https openjdk-16-jre-headless uuid-runtime pwgen -y

echo "[TASK 4] Install Mongodb"
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 9DA31620334BD75D9DCB49F368818C72E52529D4
echo "deb [ arch=amd64 ] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.0.list
sudo apt-get update
sudo apt-get install mongodb-org -y
sudo systemctl daemon-reload && sudo systemctl enable mongod && sudo systemctl restart mongod

echo "[TASK 5] Install PHP"
sudo wget -q https://artifacts.elastic.co/GPG-KEY-elasticsearch -O myKey
sudo apt-key add myKey
echo "deb https://artifacts.elastic.co/packages/oss-7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
sudo apt-get update && sudo apt-get install elasticsearch-oss -y


## Modify the Elasticsearch configuration file (/etc/elasticsearch/elasticsearch.yml), ## set the cluster name to Graylog, and uncomment action.auto_create_index: false to enable the action:

sudo tee -a /etc/elasticsearch/elasticsearch.yml > /dev/null <<EOT
cluster.name: graylog
action.auto_create_index: false
EOT

## After you have modified the configuration, you can start Elasticsearch and verify it is running.
sudo systemctl daemon-reload && sudo systemctl enable elasticsearch && sudo systemctl restart elasticsearch

echo "[TASK 6] Install Graylog"
sudo wget https://packages.graylog2.org/repo/packages/graylog-4.3-repository_latest.deb
sudo dpkg -i graylog-4.3-repository_latest.deb
#apt-get update && apt-get install graylog-server graylog-enterprise-plugins graylog-integrations-plugins graylog-enterprise-integrations-plugins
sudo apt-get update && sudo apt-get install graylog-server -y

#echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
#Enter Password: 사용자설정
export PW=패스워드값
sudo sed -i "s/root_password_sha2 =/root_password_sha2 =$PW/g" /etc/graylog/server/server.conf
export PW2=$(pwgen -N 1 -s 96)
echo $PW2
sudo sed -i "s/password_secret =/password_secret = $PW2/g" /etc/graylog/server/server.conf
echo "http_bind_address = 설치서버IP:9000" | sudo tee -a /etc/graylog/server/server.conf
sudo sed -i "s/elasticsearch_shards = 4/elasticsearch_shards = 1/g" /etc/graylog/server/server.conf
sudo systemctl daemon-reload && sudo systemctl enable graylog-server && sudo systemctl start graylog-server


rsyslog 설정(UDP60000을 기본으로 설정함. 원하는 포트로 등록하면 됨)

echo "*.* @설치서버IP:60000;RSYSLOG_SyslogProtocol23Format" | sudo tee -a /etc/rsyslog.d/60-graylogsrv.conf sudo systemctl restart rsyslog

 

# 로그 발생 테스트

logger test

 

간단하게 운영하기 위해 모두 UDP 60000 설정 → 향후 서비스별 UDP 포트를 구별해서 inputs 생성

echo "*.* @설치서버IP:60000;RSYSLOG_SyslogProtocol23Format" | sudo tee -a /etc/rsyslog.d/60-graylogsrv.conf

sudo systemctl restart rsyslog && logger $(cat /etc/hostname)

 

sudo vi /etc/profile (아래내용 하단에 추가 후 저장)

---------------------------------------------------------------------------

function logging
{
#stat="$?"
cmd=$(history|tail -1)
srcip=`who -m | awk -F'(' '{print $2}' | awk -F')' '{print $1}'`

if [ "$cmd" != "$cmd_old" ]; then
#logger -p local1.notice "[2] STAT=$stat"
logger -p local1.notice "PID= $$, SRC=$srcip, PWD=$PWD, CMD=$cmd"
fi
cmd_old=$cmd
}
trap logging DEBUG

---------------------------------------------------------------------------

 

 

설치 참고링크 https://docs.graylog.org/v1/docs/ubuntu

 

Ubuntu installation

This guide describes the fastest way to install Graylog on Ubuntu 20.04 LTS and 22.04. All links and packages are present at the time of writing. Warning: This guide does not cover security settings! The server administrator must make sure the Graylog serv

go2docs.graylog.org

728x90
반응형

'모니터링' 카테고리의 다른 글

Grafana, Loki, Promtail 모니터링+로그 셋팅+zabbix 연동  (0) 2023.04.26
Datadog Agent 설치  (0) 2023.04.04
DATADOG-AWS 연동  (0) 2023.03.29
kafka zabbix 모니터링 설정  (0) 2023.02.09
Zabbix server 설치  (0) 2023.02.01
Comments