Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

Open source log server Graylog detects network equipment failures

2025-03-04 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

1. Operating system installation CentOS installation- omitted

Cat / etc/os-release # configure the version of the host

NAME= "CentOS Linux"

VERSION= "7 (Core)"

ID= "centos"

ID_LIKE= "rhel fedora"

VERSION_ID= "7"

PRETTY_NAME= "CentOS Linux 7 (Core)"

ANSI_COLOR= "0x31"

CPE_NAME= "cpe:/o:centos:centos:7"

HOME_URL= "https://www.centos.org/"

BUG_REPORT_URL= "https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT= "CentOS-7"

CENTOS_MANTISBT_PROJECT_VERSION= "7"

REDHAT_SUPPORT_PRODUCT= "centos"

REDHAT_SUPPORT_PRODUCT_VERSION= "7"

Close selinux

Vim / etc/sysconfig/selinux

SELINUX=disable

2. Java, database and Elasticsearch installation

1. Java installation

$sudo yum install java-1.8.0-openjdk-headless.x86_64

Check the java version after installation

[root@Graylog ~] # java-version

Openjdk version "1.8.0,161"

OpenJDK Runtime Environment (build 1.8.0_161-b14)

OpenJDK 64-Bit Server VM (build 25.161-b14, mixed mode)

2. MongoDB installation

After Vi / etc/yum.repos.d/mongodb-org-3.6.repo enters edit mode, add the following configuration:

[mongodb-org-3.6]

Name=MongoDB Repository

Baseurl= https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.6/x86_64/

Gpgcheck=1

Enabled=1

Gpgkey= https://www.mongodb.org/static/pgp/server-3.6.asc

Save the configuration, after exit

Yum install-y mongodb-org.

$sudo chkconfig-add mongod

$sudo systemctl daemon-reload

$sudo systemctl enable mongod.service

$sudo systemctl start mongod.service

3.Elasticsearch

Graylog 2.4.x must use Elasticsearch 5.x

Install Elastic GPG key

Rpm-- import https://artifacts.elastic.co/GPG-KEY-elasticsearch

Vi / etc/yum.repos.d/elasticsearch.repo # add the following configuration

[elasticsearch-5.x]

Name=Elasticsearch repository for 5.x packages

Baseurl= https://artifacts.elastic.co/packages/5.x/yum

Gpgcheck=1

Gpgkey= https://artifacts.elastic.co/GPG-KEY-elasticsearch

Enabled=1

Autorefresh=1

Type=rpm-md

Yum install elasticsearch # install elasticsearch

Vi / etc/elasticsearch/elasticsearch.yml # enter the elasticsearch configuration file and configure cluster.name. The name of the cluster.name should be the same as graylog.

Cluster.name: graylog2

$sudo chkconfig-add elasticsearch

$sudo systemctl daemon-reload

$sudo systemctl enable elasticsearch.service

$sudo systemctl restart elasticsearch.service

Graylog

$sudo rpm-Uvh https://packages.graylog2.org/repo/packages/graylog-2.4-repository_latest.rpm

$sudo yum install graylog-server # install graylog-server

Pwgen-N1-s 96 # get password_secret

Echo-n yourpassword | shasum-a 256 # get root_password_sha2

Vi / etc/graylog/server/server.conf

Password_secret=uz8DP8HFBJtNtwySQdNxhjlU4PfqSbSKjnRk4MHXlfFdJKfsHmyekzMkkJ7CNoSnUGpGqD8P0euzy41rHsR39yKUZoSX0OAG

Root_password_sha2=e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951

Elasticsearch_index_prefix = graylog2 # and elasticsearch configuration should have the same name

Web_listen_uri = http://0.0.0.0:9000/

Rest_listen_uri = http://0.0.0.0:9000/api/

Elasticsearch_shards = 1

Elasticsearch_replicas = 0

Mongodb_useauth = false

$sudo chkconfig-add graylog-server

$sudo systemctl daemon-reload

$sudo systemctl enable graylog-server.service

$sudo systemctl start graylog-server.service

4. Collect network equipment

Graylog collects network device logs

Centos7 runs rsyslog by default

Vi / etc/rsyslog.conf

$ModLoad imudp # remove the original comment #

$UDPServerRun 514 # remove the original comment #

. @ 127.0.0.1 1514 forwarded to graylog

Systemctl restart rsyslog.service # restart the rsyslog service

Access http:x.x.x.x:9000 username admin password yourpassword

Configure the input port to 1514. Under root, non-Linux users cannot use less than 1024 ports, so try to use more than 1024 ports.

1) create a dashboard for test

2) search keywords

3) Save to dashboard

4) Open dashhboards

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Configuration port network network device device consistency name comment version user log service operating system host key keyword password data database file vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple Microsoft Shulou Tech Info Docker MariaDB Huawei Shulou Technology Xiaomi MySQL macOS Redmi Linux NVidia OPPO Reno Apple vpn Shulou Information Microsoft Shulou Tech Info Docker MariaDB Huawei Shulou Technology Xiaomi MySQL macOS Redmi Linux NVidia OPPO Reno Apple vpn Shulou Information

Share To

Related

Network Security

More Network Security >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report