http://docs.graylog.org/en/3.1/pages/installation/operating_system_packages.html
http://docs.graylog.org/en/3.1/pages/installation/os/centos.html
注意:目前的graylog還不支援新版的7.x的Elasticsearch,也不支援MongoDB 4.2
請安裝以下軟體
Java ( >= 8 )
Elasticsearch (5.x or 6.x)
MongoDB (3.6 or 4.0)
yum install -y epel-release
setenforce 0
systemctl stop firewalld
#安裝java
yum install -y java-11-openjdk
#安裝pwgen
yum install -y pwgen
#安裝MongoDB 4.0版本,目前還不支援4.2版本
#---------------------------------------------------------------------------------------------------------
vim /etc/yum.repos.d/mongodb-org.repo
[mongodb-org-4.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc
yum install -y mongodb-org
systemctl daemon-reload
systemctl enable mongod
systemctl start mongod
#安裝Elasticsearch 6.x版本,目前不支援7.x版本
#---------------------------------------------------------------------------------------------------------
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
vim /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/oss-6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
yum install -y elasticsearch-oss
vim /etc/elasticsearch/elasticsearch.yml
cluster.name: graylog
action.auto_create_index: false
systemctl daemon-reload
systemctl enable elasticsearch
systemctl restart elasticsearch
#安裝graylog
#---------------------------------------------------------------------------------------------------------
rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-3.1-repository_latest.rpm
使用以下兩個指令其中一個來安裝
yum install -y graylog-server
yum install -y graylog-server graylog-enterprise-plugins graylog-integrations-plugins graylog-enterprise-integrations-plugins
產生密碼
pwgen -N 1 -s 96
echo -n yourpassword | shasum -a 256
echo -n 1q2w3e4r | sha256sum | cut -d" " -f1
echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
[root@localhost ~]# pwgen -N 1 -s 96
RrGsch8pkVClPiY2aNjhGGrRgdgnXPVElU2GXPoZhdjDdiMSWowN4FBHavTMFypPEAIUtTe0qeVB80UzRTGr0GfqTOUHdRQc
[root@localhost ~]# echo -n 1q2w3e4r | sha256sum | cut -d" " -f1
72ab994fa2eb426c051ef59cad617750bfe06d7cf6311285ff79c19c32afd236
vim /etc/graylog/server/server.conf
修改
password_secret = (pwgen -N 1 -s 96產生的亂數密碼)
root_password_sha2 = (echo -n 1q2w3e4r | sha256sum | cut -d" " -f1產生的亂數密碼)
#其他設定
vim /etc/graylog/server/server.conf
root_timezone = Asia/Taipei
http_bind_address = 192.168.1.141:9000
# 允許wildcard搜尋語法
# 例如 AND EventID:4771 AND NOT TargetUserName:*?
# 新增下列設定
allow_leading_wildcard_searches = true
# 啟動graylog
systemctl start graylog-server
systemctl enable graylog-server