Shulou(Shulou.com)06/01 Report--

I made a lot of effort, but looking back, it's not difficult. I'd better write it down and write it down.

Installation

When I installed it myself, I read an old version of the installation manual, took a lot of detours, and finally referred to the official manual, which was installed very easily and quickly, the official website address: http://graylog2.org/.

Install related dependency packages

1. Yum-y install gcc* openssl-devel glib2-devel numactl

Install mongodb

Useradd mongodb

Mkdir-p / var/mongodb/db/

Mkdir-p / var/log/mongodb

Tar xvf / usr/src/ mongodb-linux-x86_64-2.6.2.tgz-C / usr/local/

Cd / usr/local

Mv mongodb-linux-x86_64-2.6.2 mongodb

Error encountered: [initandlisten] * * WARNING: Youare running on a NUMA machine.

Http://docs.mongodb.org/manual/administration/production-notes/#production-numa

Add to the startup script

Vim / etc/init.d/mongod # is as follows

#! / bin/bash

# description: mongodb server SysV script

. / etc/rc.d/init.d/functions

If [- f / etc/sysconfig/mongod]; then

. / etc/sysconfig/mongod

Fi

NUMA= "numactl-interleave=all"

Mongod=/usr/local/mongodb/bin/mongod

Prog=mongod

Lockfile=/var/mongodb/db/mongod.lock

RETVAL=0

OPTIONS= "- fork--logpath=/var/log/mongodb/mongod.log-dbpath=/var/mongodb/db"

Start () {

Echo-n $"Starting $prog:"

Daemon $NUMA $mongod $OPTIONS

# $NUMA $mongod $OPTIONS

RETVAL=$?

Echo

[$RETVAL = 0]

Return $RETVAL

}

Stop () {

Echo-n $"Stopping $prog:"

Killproc-p ${lockfile} $mongod

RETVAL=$?

Echo

[$RETVAL = 0] & & rm-f ${lockfile}

}

Case "$1" in

Start)

Start

Stop)

Stop

Restart)

Stop

Start

Status)

Status-p ${lockfile} $mongod

RETVAL=$?

*)

Echo $"Usage: $prog {start | stop | restart | status |}"

Exit 1

Esac

Exit $RETVAL

Chmod axix / etc/init.d/mongodchkconfig-- add mongodchkconfig mongod onservice mongod start

Create the database instance required by graylog2

/ usr/local/mongodb/bin/mongo > use admin > db.addUser ('admin','password') > use graylog2 > db.addUser (' graylog','redhat') > exit

Install elasticsearch

Rpm-ivh elasticsearch-0.9.10.noarch.rpm

Modify the configuration file

Vim/etc/elasticsearch/elasticsearch.yml

Add cluster.name:graylog2

Service elasticsearch start

Install graylog2-server

~ $tar xvfzgraylog2-server-0.20.3.tgz

~ $mvgraylog2-server-0.20.2 / usr/local/graylog2-server

Cp / usr/local/graylog2-server/graylog2.conf.example/etc/graylog2.conf

Modify the configuration file

/ usr/local/graylog2-server/bin/graylog2ctl restart

Nohup / usr/local/graylog2-web-interface/bin/graylog2-web-interface &

Error one:

Versioncheck.torch.sh: Temporary failure in nameresolution

Not equipped with DNS

Error 2:

Connect to versioncheck.torch.sh:80 [versioncheck.torch.sh/54.195.251.6] failed: connect timed out

Api will be called to check the version at startup. This error can be ignored.

Install graylog2-web-interface

The error is as follows

2014-07-03 22 0011388-[ERROR]-fromnet.sf.ehcache.Cache in main

Unable to set localhost. This prevents creationof a GUID. Cause was: Myhostname: Myhostname: Name or service not known

Add / etc/hosts file

Configuration:

1. First, configure the port and method of inputs on the page. Under inputs under System. Add new input, I choose syslog, tcp or udp is fine. I choose tcp, the port is set at will, greater than 1024, here is 11514. In this way, the server of graylog2 opens the port of listening 11514 for input.

2. Rsyslog service is installed on both the client and the server. The client is configured to send the local log to port 514 of the server. Pay attention to the tag in the second line, and it is convenient to configure matching rules later. The configuration is as follows

3. The rsyslog on the server listens to port 514 to receive the logs sent by the client, and forwards it to port 11514 on which graylog2 is listening. Edit / etc/rsyslog.conf and just add a line.

*. * @ @ 127.0.0.1purl 11514

Rsyslog sends all local logs to port 11514, which is the port on which graylog2-server listens.

After modifying the configuration file of rsyslog, don't forget that the restart takes effect.

4. At this time, you can see which host logs are received by graylog2 in the source tag.

5, configure streams, I am based on the tag tag mentioned earlier to match, relatively simple, there are other needs to see the help manual, very clear. Configure mail alarm and set alert.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.