GrayLog 설치하기

AWS 환경에서 설치하기 때문에 외부, 내부 IP 설정이 필요 합니다.

[설치파일목록]

elasticsearch-2.4.4.tar.gz

graylog-2.2-repository_latest.deb

jdk-8u121-linux-x64.tar.gz

mongodb-linux-x86_64-ubuntu1404-3.4.4.gz

############################### java 설정 ##########################################################
mkdir /usr/java
cd /usr/java
tar xvzf jdk-8u121-linux-x64.tar.gz
ln -s jdk1.8.0_121/ default

############################### 환경 설정 ##########################################################
vi  /etc/profile
PATH=$PATH:/opt/mongo/bin:/opt/elasticsearch:/nexon:/opt/graylog
JAVA_HOME=/usr/java/default
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
CLASSPATH=$CLASSPATH:$JAVA_HOME/lib

update-alternatives --install /usr/bin/java java /usr/java/default/bin/java 1

################################ Elasticsearch 설치 ###############################################
# cd /opt
# wget https://download.elastic.co/elasticsearch/release/org/elasticsearch/distribution/tar/elasticsearch/2.4.4/elasticsearch-2.4.4.tar.gz
# tar xvzf elasticsearch-2.4.4.tar.gz
# ln -s elasticsearch-2.4.4 elasticsearch

# mkdir /etc/elasticsearch
# cp /opt/elasticsearch/config/* /etc/elasticsearch

# vi elasticsearch.yml
cluster.name: imc-graylog
node.name: imc-gl-node-0
node.master: false
node.data: true
bootstrap.mlockall: true
network.host: 0.0.0.0
path.data: /data/elasticsearch/
path.logs: /log/
path.plugins: /data/elasticsearch/plugins
discovery.zen.minimum_master_nodes: 1
discovery.zen.ping.multicast.enabled: false
discovery.zen.ping.unicast.hosts: ["아이피정보1"]
index.number_of_replicas: 1

# vi /etc/init.d/elasticsearch
#!/bin/sh
# /etc/init.d/elasticsearch -- startup script for Elasticsearch

PATH=/bin:/usr/bin:/sbin:/usr/sbin
JAVA_HOME=/usr/java/default
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
CLASSPATH=$CLASSPATH:$JAVA_HOME/lib
export PATH=$PATH:/opt/elasticsearch/bin
ES_USER=elasticsearch                         
DESC="Elasticsearch Server"
DEFAULT=/etc/default/$NAME
NAME=elasticsearch
ES_HOME=/opt/$NAME
ES_HEAP_SIZE=10g                             
#ES_HEAP_NEWSIZE=
#ES_DIRECT_SIZE=
ES_JAVA_OPTS="-Des.insecure.allow.root=true -Des.path.conf=/etc/elasticsearch -Djna.tmpdir=/tmp"
MAX_OPEN_FILES=65536
MAX_LOCKED_MEMORY=unlimited
MAX_MAP_COUNT=262144
LOG_DIR=/log/$NAME
DATA_DIR=/data/$NAME
CONF_DIR=/etc/$NAME
ES_GC_LOG_FILE=/log/gc.log
PID_DIR="/var/run/elasticsearch"

if [ `id -u` -ne 0 ]; then
 echo "You need root privileges to run this script"
 exit 1
fi

. /lib/lsb/init-functions

if [ -r /etc/default/rcS ]; then
 . /etc/default/rcS
fi

if [ -f "$DEFAULT" ]; then
 . "$DEFAULT"
fi

if [ ! -z "$CONF_FILE" ]; then
    echo "CONF_FILE setting is no longer supported. elasticsearch.yml must be placed in the config directory and cannot be renamed."
    exit 1
fi

PID_FILE="$PID_DIR/$NAME.pid"
DAEMON=$ES_HOME/bin/elasticsearch
DAEMON_OPTS="-d -p $PID_FILE --default.path.home=$ES_HOME --default.path.logs=$LOG_DIR --default.path.data=$DATA_DIR --default.path.conf=$CONF_DIR"

export ES_HEAP_SIZE
export ES_HEAP_NEWSIZE
export ES_DIRECT_SIZE
export ES_JAVA_OPTS
export ES_GC_LOG_FILE
export JAVA_HOME
export ES_INCLUDE

test -x $DAEMON || exit 0
checkJava() {
 if [ -x "$JAVA_HOME/bin/java" ]; then
  JAVA="$JAVA_HOME/bin/java"
 else
  JAVA=`which java`
 fi
 if [ ! -x "$JAVA" ]; then
  echo "Could not find any executable java binary. Please install java in your PATH or set JAVA_HOME"
  exit 1
 fi
}
case "$1" in
  start)
 checkJava
 if [ -n "$MAX_LOCKED_MEMORY" -a -z "$ES_HEAP_SIZE" ]; then
  log_failure_msg "MAX_LOCKED_MEMORY is set - ES_HEAP_SIZE must also be set"
  exit 1
 fi
 log_daemon_msg "Starting $DESC"

 pid=`pidofproc -p $PID_FILE elasticsearch`
 if [ -n "$pid" ] ; then
  log_begin_msg "Already running."
  log_end_msg 0
  exit 0
 fi
 mkdir -p "$LOG_DIR" "$DATA_DIR" && chown "$ES_USER":"$ES_GROUP" "$LOG_DIR" "$DATA_DIR"
 if [ -n "$PID_DIR" ] && [ ! -e "$PID_DIR" ]; then
  mkdir -p "$PID_DIR" && chown "$ES_USER":"$ES_GROUP" "$PID_DIR"
 fi
 if [ -n "$PID_FILE" ] && [ ! -e "$PID_FILE" ]; then
  touch "$PID_FILE" && chown "$ES_USER":"$ES_GROUP" "$PID_FILE"
 fi
 if [ -n "$MAX_OPEN_FILES" ]; then
  ulimit -n $MAX_OPEN_FILES
 fi
 if [ -n "$MAX_LOCKED_MEMORY" ]; then
  ulimit -l $MAX_LOCKED_MEMORY
 fi
 if [ -n "$MAX_MAP_COUNT" -a -f /proc/sys/vm/max_map_count ]; then
  sysctl -q -w vm.max_map_count=$MAX_MAP_COUNT
 fi
 start-stop-daemon -d $ES_HOME --start -b --user "$ES_USER" -c "$ES_USER" --pidfile "$PID_FILE" --exec $DAEMON -- $DAEMON_OPTS
 return=$?
 if [ $return -eq 0 ]; then
  i=0
  timeout=10
  # Wait for the process to be properly started before exiting
  until { kill -0 `cat "$PID_FILE"`; } >/dev/null 2>&1
  do
   sleep 1
   i=$(($i + 1))
   if [ $i -gt $timeout ]; then
    log_end_msg 1
    exit 1
   fi
  done
 fi
 log_end_msg $return
 exit $return
 ;;
  stop)
 log_daemon_msg "Stopping $DESC"

 if [ -f "$PID_FILE" ]; then
  start-stop-daemon --stop --pidfile "$PID_FILE" \
   --user "$ES_USER" \
   --quiet \
   --retry forever/TERM/20 > /dev/null
  if [ $? -eq 1 ]; then
   log_progress_msg "$DESC is not running but pid file exists, cleaning up"
  elif [ $? -eq 3 ]; then
   PID="`cat $PID_FILE`"
   log_failure_msg "Failed to stop $DESC (pid $PID)"
   exit 1
  fi
  rm -f "$PID_FILE"
 else
  log_progress_msg "(not running)"
 fi
 log_end_msg 0
 ;;
  status)
 status_of_proc -p $PID_FILE elasticsearch elasticsearch && exit 0 || exit $?
 ;;
  restart|force-reload)
 if [ -f "$PID_FILE" ]; then
  $0 stop
  sleep 1
 fi
 $0 start
 ;;
  *)
 log_success_msg "Usage: $0 {start|stop|restart|force-reload|status}"
 exit 1
 ;;
esac
exit 0

# service elasticsearch start

################################ MongoDB 설치 ###############################################
# cd  /opt
# tar xvzf mongodb-linux-x86_64-ubuntu1404-3.4.4.gz
# ln -s pymongo-3.4.0 mongo

# vi /etc/mongo.conf
storage:
    dbPath: "/data/mongodb"
    engine: "wiredTiger"
    directoryPerDB: true
    syncPeriodSecs: 60
    journal:
        enabled: true
    wiredTiger:
        engineConfig:
            cacheSizeGB: 1
            statisticsLogDelaySecs: 0
            directoryForIndexes: true
        collectionConfig:
            blockCompressor: snappy
        indexConfig:
            prefixCompression: true
systemLog:
    destination: syslog
    logAppend: true

processManagement:
    fork: false

operationProfiling:
    slowOpThresholdMs: 100
    mode: "slowOp"

replication:
    oplogSizeMB: 100
    replSetName: "log1"

net:
    port: 27017

security:
    authorization: "enabled"

 

# vi /etc/init/mongodb.conf
start on (filesystem and net-device-up)
stop on runlevel [!2345]
setuid mongodb
manual
limit nofile 64000 64000
limit nproc 64000 64000
kill timeout 300
script
    exec numactl --interleave=all /opt/mongo/bin/mongod -config /etc/mongo.conf
end script

# start mongodb

# mongo admin
> rs.initiate()
> user admin
> db.createUser({  user : "root",pwd:"패스워드", roles : [{"role" : "root","db" : "admin"}]})
> use graylog
> db.createUser({  user : "graylog", pwd:"패스워드", roles : [{"role" :"readWrite", "db" : "graylog"}]})

 

################################ graylog server 설치 ###############################################
# cd /opt
# wget https://packages.graylog2.org/repo/packages/graylog-2.2-repository_latest.deb
# dpkg -i graylog-2.1-repository_latest.deb
# apt-get update && sudo apt-get install graylog-server
# echo -n "logwhghl" | sha256sum       sha2 생성
# pwgen -N 1 -s 96                     pass 생성
# vi /etc/graylog/server/server.conf
root_password_sha2 = bd08d99fb4f46151c43673e93f37afae7f5d70834483fb3b2f8bfc16e1243d4f
password_secret = bZuGBxXKat2xwylIbObNPC6ew9RnXRWYOxuWn2CyvJZZaRAyolxgy3qaMKlhmGjhLw4rqIi11TllzedqRzV2sUzjvkozGcjh
root_timezone = Asia/Bangkok
rest_listen_uri = http://아이피정보1:12900
rest_transport_uri = http://아이피정보2:12900
elasticsearch_cluster_name = imc-graylog
elasticsearch_node_name_prefix = imc-gl-client
elasticsearch_discovery_zen_ping_unicast_hosts = 아이피정보1:9300
mongodb_uri = mongodb://graylog:2tnstlswkdrns!!@localhost/graylog
web_enable = true
web_listen_uri = http://아이피정보3:9000/

# vi log4j2.xml
/var/log/graylog-server  =>  /log/graylog-server

service graylog-server start

http://아이피정보2:9000
admin/log조회