目前使用的5.1版本比较稳定,GrayLog5.1版本目前已经更新到5.1.10版本
基础环境说明
- 1、CentOS7.9(关闭SELINUX)
- 2、GrayLog5.1.10一键安装脚本和相关组件压缩包
MongoDB6.0+OpenSearch2.8+GrayLog5.1.10的EL7版本rpm安装包
- 3、环境说明 建议内存大于8G,CPU8核及以上
建议专门一个/data分区,(LVM可扩展更佳),用于存放用GrayLog采集的日志
一键脚本安装过程如下
1、SFTP上传如下文件
- GrayLog5.1.10_MongoDB6.0_opensearch2.8_RPM.tar.gz
- GrayLogServer5.1.10_install.sh
(图片点击放大查看)
然后执行shell脚本即可一键完成安装
2、安装完成后即可登录GrayLog Web界面
账号密码为admin/Graylog@2023
(图片点击放大查看)
(图片点击放大查看)
3、具体脚本内容如下
GrayLogServer5.1.10_install.sh
#!/bin/bash #关闭SELINUX sed -i 's/enforcing/disabled/g' /etc/selinux/config setenforce 0 #解压安装包 mkdir -p /opt/GrayLog_install tar -zxvf ./GrayLog5.1.10_MongoDB6.0_opensearch2.8_RPM.tar.gz -C /opt/GrayLog_install cat > /etc/yum.repos.d/mongodb-org.repo << \EOF [mongodb-org-6.0] name=MongoDB Repository baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/6.0/x86_64/ gpgcheck=0 enabled=1 gpgkey=https://www.mongodb.org/static/pgp/server-6.0.asc EOF cd /opt/GrayLog_install #安装mongodb-server服务 rpm -Uvh cyrus-sasl*.rpm rpm -Uvh mongodb*.rpm #启动mongodb-server服务 systemctl daemon-reload systemctl enable mongod.service systemctl start mongod.service systemctl --type=service --state=active | grep mongod firewall-cmd --add-port=27017/tcp --permanent --zone=public firewall-cmd --reload #安装opensearch rpm -ivh /opt/GrayLog_install/opensearch-2.8.0-linux-x64.rpm #单独的/data目录下创建目录用于存放opensearch数据 mkdir -p /data/opensearch/data mkdir -p /data/opensearch/logs chown -R opensearch /data/opensearch sysctl -w vm.max_map_count=262144 echo 'vm.max_map_count=262144' >> /etc/sysctl.conf cp /etc/opensearch/opensearch.yml /etc/opensearch/opensearch.yml_default #修改opensearch相关配置文件 sed -i "s@#cluster.name: my-application@cluster.name: graylog@g" /etc/opensearch/opensearch.yml sed -i "s@#node.name: node-1@node.name: graylog@g" /etc/opensearch/opensearch.yml sed -i "s#path.data: /var/lib/opensearch#path.data: /data/opensearch/data#g" /etc/opensearch/opensearch.yml sed -i "s#path.logs: /var/log/opensearch#path.logs: /data/opensearch/logs#g" /etc/opensearch/opensearch.yml sed -i "s@#network.host: 192.168.0.1@network.host: 0.0.0.0@g" /etc/opensearch/opensearch.yml echo "discovery.type: single-node" >> /etc/opensearch/opensearch.yml echo "action.auto_create_index: false" >> /etc/opensearch/opensearch.yml echo "plugins.security.disabled: true" >> /etc/opensearch/opensearch.yml #修改JVM内存大小 sed -i "s/-Xms1g/-Xms4g/g" /etc/opensearch/jvm.options sed -i "s/-Xmx1g/-Xmx4g/g" /etc/opensearch/jvm.options #启动opensearch服务 systemctl daemon-reload systemctl enable opensearch.service systemctl restart opensearch.service firewall-cmd --add-port=9200/tcp --permanent --zone=public firewall-cmd --reload curl -s -XGET 'http://127.0.0.1:9200/_cluster/health?pretty=true' curl -s -XGET 'http://127.0.0.1:9200/_cat/nodes?v' #安装graylog-server服务 rpm -ivh /opt/GrayLog_install/graylog-server-5.1.10-1.x86_64.rpm cp /etc/graylog/server/server.conf /etc/graylog/server/server.conf_default #修改graylog-server相关配置文件 sed -i "s/password_secret =/password_secret = 0pAHJtPdZZUb5yHAvFbBezbWAlQwh9CbRX1rshJEVxM0kV7t0SpIgY5q9tLpVEwWLElhG3EtbvQ03mTm9i0HuvWKwlWgWiIJ/g" /etc/graylog/server/server.conf sed -i "s/root_password_sha2 =/root_password_sha2 = 429d280c5ddad83d94770b077b22124231efc727d504b107883297304b3e2939/g" /etc/graylog/server/server.conf sed -i "s@#root_timezone = UTC@root_timezone = Asia/Shanghai@g" /etc/graylog/server/server.conf sed -i "s@#http_bind_address = 127.0.0.1:9000@http_bind_address = 0.0.0.0:9000@g" /etc/graylog/server/server.conf sed -i "s/allow_highlighting = false/allow_highlighting = true/g" /etc/graylog/server/server.conf #修改graylog-server启动时JVM内存大小 sed -i "s/-Xms1g -Xmx1g/-Xms2g -Xmx2g/g" /etc/sysconfig/graylog-server firewall-cmd --add-port=9000/tcp --permanent --zone=public firewall-cmd --reload #启动graylog-server服务 systemctl daemon-reload systemctl restart graylog-server systemctl enable graylog-server
