1、安装Docker-Compose
见:【Docker】8、安装Docker-Compose服务
2、Graylog简介
Graylog 是一个开源的日志聚合、分析、审计、展现和预警工具。在功能上来说,和 ELK 类似,但又比 ELK 要简单很多。依靠着更加简洁,高效,部署使用简单的优势很快受到许多人的青睐。当然,在扩展性上面确实没有ELK好,但是其有商业版本可以选择。
3、Graylog安装
- 创建目录
mkdir -p /home/graylog/mongo_data mkdir -p /home/graylog/es_data mkdir -p /home/graylog/graylog_data mkdir -p /home/graylog/graylog_data/config
- 目录赋权
chmod -R +777 /home/graylog/mongo_data chmod -R +777 /home/graylog/es_data chmod -R +777 /home/graylog/graylog_data
- 进入/home/graylog/graylog_data/config目录
cd /home/graylog/graylog_data/config
- 下载配置文件
wget https://raw.githubusercontent.com/Graylog2/graylog-docker/4.2/config/graylog.conf wget https://raw.githubusercontent.com/Graylog2/graylog-docker/4.2/config/log4j2.xml
- 目录赋权
chown -R 1100:1100 /home/graylog/graylog_data
- 设置查询高亮和国内时区
vim /home/graylog/graylog_data/config/graylog.conf
国内时区:root_timezone = PRC
查询高亮:allow_highlighting = true
- 进入/home/graylog目录
cd /home/graylog
- 创建docker-compose.yml文件
vi docker-compose.yml
- 文件内容如下
version: '3' services: # MongoDB: https://hub.docker.com/_/mongo/ mongodb: image: mongo:4.2 volumes: - /home/graylog/mongo_data:/data/db - /etc/localtime:/etc/localtime:ro - /usr/share/zoneinfo/Asia/Shanghai:/etc/timezone:ro # Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/7.10/docker.html elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2 volumes: - /home/graylog/es_data:/usr/share/elasticsearch/data - /etc/localtime:/etc/localtime:ro - /usr/share/zoneinfo/Asia/Shanghai:/etc/timezone:ro environment: - http.host=0.0.0.0 - transport.host=localhost - network.host=0.0.0.0 - "ES_JAVA_OPTS=-Xms512m -Xmx512m" - TZ=Asia/Shanghai ulimits: memlock: soft: -1 hard: -1 # Graylog: https://hub.docker.com/r/graylog/graylog/ graylog: image: graylog/graylog:4.2 volumes: - /home/graylog/graylog_data:/usr/share/graylog/data - /etc/localtime:/etc/localtime:ro - /usr/share/zoneinfo/Asia/Shanghai:/etc/timezone:ro environment: # CHANGE ME (must be at least 16 characters)! - GRAYLOG_PASSWORD_SECRET=somepasswordpepper # Password: admin - GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918 - GRAYLOG_HTTP_EXTERNAL_URI=http://127.0.0.1:9000/ - TZ=Asia/Shanghai entrypoint: /usr/bin/tini -- wait-for-it elasticsearch:9200 -- /docker-entrypoint.sh links: - mongodb:mongo - elasticsearch restart: always depends_on: - mongodb - elasticsearch ports: # Graylog web interface and REST API - 9000:9000 # Syslog TCP - 1514:1514 # Syslog UDP - 1514:1514/udp # GELF TCP - 12201:12201 # GELF UDP - 12201:12201/udp
- 开始安装(也是启动命令)
docker-compose up -d
- 指定文件启动
docker-compose -f docker-compose.yml up -d
- 停止
docker-compose down
- 指定文件停止
docker-compose -f docker-compose.yml down
- 验证安装
docker ps
可以看见 graylog 容器的运行情况,可以看到 12201 udp这样才算成功
4、Graylog控制台
安装完成之后,访问
http://127.0.0.1:9000/
至此,Graylog分布式日志服务就安装成功了
