GrayLog 설치하기
AWS 환경에서 설치하기 때문에 외부, 내부 IP 설정이 필요 합니다.
############################### java 설정 ##########################################################
mkdir /usr/java
cd /usr/java
tar xvzf jdk-8u121-linux-x64.tar.gz
ln -s jdk1.8.0_121/ default
############################### 환경 설정 ##########################################################
vi /etc/profile
PATH=$PATH:/opt/mongo/bin:/opt/elasticsearch:/nexon:/opt/graylog
JAVA_HOME=/usr/java/default
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
CLASSPATH=$CLASSPATH:$JAVA_HOME/lib
update-alternatives --install /usr/bin/java java /usr/java/default/bin/java 1
################################ Elasticsearch 설치 ###############################################
# cd /opt
# wget https://download.elastic.co/elasticsearch/release/org/elasticsearch/distribution/tar/elasticsearch/2.4.4/elasticsearch-2.4.4.tar.gz
# tar xvzf elasticsearch-2.4.4.tar.gz
# ln -s elasticsearch-2.4.4 elasticsearch
# mkdir /etc/elasticsearch
# cp /opt/elasticsearch/config/* /etc/elasticsearch
# vi elasticsearch.yml
cluster.name: imc-graylog
node.name: imc-gl-node-0
node.master: false
node.data: true
bootstrap.mlockall: true
network.host: 0.0.0.0
path.data: /data/elasticsearch/
path.logs: /log/
path.plugins: /data/elasticsearch/plugins
discovery.zen.minimum_master_nodes: 1
discovery.zen.ping.multicast.enabled: false
discovery.zen.ping.unicast.hosts: ["아이피정보1"]
index.number_of_replicas: 1
# vi /etc/init.d/elasticsearch
#!/bin/sh
# /etc/init.d/elasticsearch -- startup script for Elasticsearch
PATH=/bin:/usr/bin:/sbin:/usr/sbin
JAVA_HOME=/usr/java/default
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
CLASSPATH=$CLASSPATH:$JAVA_HOME/lib
export PATH=$PATH:/opt/elasticsearch/bin
ES_USER=elasticsearch
DESC="Elasticsearch Server"
DEFAULT=/etc/default/$NAME
NAME=elasticsearch
ES_HOME=/opt/$NAME
ES_HEAP_SIZE=10g
#ES_HEAP_NEWSIZE=
#ES_DIRECT_SIZE=
ES_JAVA_OPTS="-Des.insecure.allow.root=true -Des.path.conf=/etc/elasticsearch -Djna.tmpdir=/tmp"
MAX_OPEN_FILES=65536
MAX_LOCKED_MEMORY=unlimited
MAX_MAP_COUNT=262144
LOG_DIR=/log/$NAME
DATA_DIR=/data/$NAME
CONF_DIR=/etc/$NAME
ES_GC_LOG_FILE=/log/gc.log
PID_DIR="/var/run/elasticsearch"
if [ `id -u` -ne 0 ]; then
echo "You need root privileges to run this script"
exit 1
fi
. /lib/lsb/init-functions
if [ -r /etc/default/rcS ]; then
. /etc/default/rcS
fi
if [ -f "$DEFAULT" ]; then
. "$DEFAULT"
fi
if [ ! -z "$CONF_FILE" ]; then
echo "CONF_FILE setting is no longer supported. elasticsearch.yml must be placed in the config directory and cannot be renamed."
exit 1
fi
PID_FILE="$PID_DIR/$NAME.pid"
DAEMON=$ES_HOME/bin/elasticsearch
DAEMON_OPTS="-d -p $PID_FILE --default.path.home=$ES_HOME --default.path.logs=$LOG_DIR --default.path.data=$DATA_DIR --default.path.conf=$CONF_DIR"
export ES_HEAP_SIZE
export ES_HEAP_NEWSIZE
export ES_DIRECT_SIZE
export ES_JAVA_OPTS
export ES_GC_LOG_FILE
export JAVA_HOME
export ES_INCLUDE
test -x $DAEMON || exit 0
checkJava() {
if [ -x "$JAVA_HOME/bin/java" ]; then
JAVA="$JAVA_HOME/bin/java"
else
JAVA=`which java`
fi
if [ ! -x "$JAVA" ]; then
echo "Could not find any executable java binary. Please install java in your PATH or set JAVA_HOME"
exit 1
fi
}
case "$1" in
start)
checkJava
if [ -n "$MAX_LOCKED_MEMORY" -a -z "$ES_HEAP_SIZE" ]; then
log_failure_msg "MAX_LOCKED_MEMORY is set - ES_HEAP_SIZE must also be set"
exit 1
fi
log_daemon_msg "Starting $DESC"
pid=`pidofproc -p $PID_FILE elasticsearch`
if [ -n "$pid" ] ; then
log_begin_msg "Already running."
log_end_msg 0
exit 0
fi
mkdir -p "$LOG_DIR" "$DATA_DIR" && chown "$ES_USER":"$ES_GROUP" "$LOG_DIR" "$DATA_DIR"
if [ -n "$PID_DIR" ] && [ ! -e "$PID_DIR" ]; then
mkdir -p "$PID_DIR" && chown "$ES_USER":"$ES_GROUP" "$PID_DIR"
fi
if [ -n "$PID_FILE" ] && [ ! -e "$PID_FILE" ]; then
touch "$PID_FILE" && chown "$ES_USER":"$ES_GROUP" "$PID_FILE"
fi
if [ -n "$MAX_OPEN_FILES" ]; then
ulimit -n $MAX_OPEN_FILES
fi
if [ -n "$MAX_LOCKED_MEMORY" ]; then
ulimit -l $MAX_LOCKED_MEMORY
fi
if [ -n "$MAX_MAP_COUNT" -a -f /proc/sys/vm/max_map_count ]; then
sysctl -q -w vm.max_map_count=$MAX_MAP_COUNT
fi
start-stop-daemon -d $ES_HOME --start -b --user "$ES_USER" -c "$ES_USER" --pidfile "$PID_FILE" --exec $DAEMON -- $DAEMON_OPTS
return=$?
if [ $return -eq 0 ]; then
i=0
timeout=10
# Wait for the process to be properly started before exiting
until { kill -0 `cat "$PID_FILE"`; } >/dev/null 2>&1
do
sleep 1
i=$(($i + 1))
if [ $i -gt $timeout ]; then
log_end_msg 1
exit 1
fi
done
fi
log_end_msg $return
exit $return
;;
stop)
log_daemon_msg "Stopping $DESC"
if [ -f "$PID_FILE" ]; then
start-stop-daemon --stop --pidfile "$PID_FILE" \
--user "$ES_USER" \
--quiet \
--retry forever/TERM/20 > /dev/null
if [ $? -eq 1 ]; then
log_progress_msg "$DESC is not running but pid file exists, cleaning up"
elif [ $? -eq 3 ]; then
PID="`cat $PID_FILE`"
log_failure_msg "Failed to stop $DESC (pid $PID)"
exit 1
fi
rm -f "$PID_FILE"
else
log_progress_msg "(not running)"
fi
log_end_msg 0
;;
status)
status_of_proc -p $PID_FILE elasticsearch elasticsearch && exit 0 || exit $?
;;
restart|force-reload)
if [ -f "$PID_FILE" ]; then
$0 stop
sleep 1
fi
$0 start
;;
*)
log_success_msg "Usage: $0 {start|stop|restart|force-reload|status}"
exit 1
;;
esac
exit 0
# service elasticsearch start
################################ MongoDB 설치 ###############################################
# cd /opt
# tar xvzf mongodb-linux-x86_64-ubuntu1404-3.4.4.gz
# ln -s pymongo-3.4.0 mongo
# vi /etc/mongo.conf
storage:
dbPath: "/data/mongodb"
engine: "wiredTiger"
directoryPerDB: true
syncPeriodSecs: 60
journal:
enabled: true
wiredTiger:
engineConfig:
cacheSizeGB: 1
statisticsLogDelaySecs: 0
directoryForIndexes: true
collectionConfig:
blockCompressor: snappy
indexConfig:
prefixCompression: true
systemLog:
destination: syslog
logAppend: true
processManagement:
fork: false
operationProfiling:
slowOpThresholdMs: 100
mode: "slowOp"
replication:
oplogSizeMB: 100
replSetName: "log1"
net:
port: 27017
security:
authorization: "enabled"
# vi /etc/init/mongodb.conf
start on (filesystem and net-device-up)
stop on runlevel [!2345]
setuid mongodb
manual
limit nofile 64000 64000
limit nproc 64000 64000
kill timeout 300
script
exec numactl --interleave=all /opt/mongo/bin/mongod -config /etc/mongo.conf
end script
# start mongodb
# mongo admin
> rs.initiate()
> user admin
> db.createUser({ user : "root",pwd:"패스워드", roles : [{"role" : "root","db" : "admin"}]})
> use graylog
> db.createUser({ user : "graylog", pwd:"패스워드", roles : [{"role" :"readWrite", "db" : "graylog"}]})
################################ graylog server 설치 ###############################################
# cd /opt
# wget https://packages.graylog2.org/repo/packages/graylog-2.2-repository_latest.deb
# dpkg -i graylog-2.1-repository_latest.deb
# apt-get update && sudo apt-get install graylog-server
# echo -n "logwhghl" | sha256sum sha2 생성
# pwgen -N 1 -s 96 pass 생성
# vi /etc/graylog/server/server.conf
root_password_sha2 = bd08d99fb4f46151c43673e93f37afae7f5d70834483fb3b2f8bfc16e1243d4f
password_secret = bZuGBxXKat2xwylIbObNPC6ew9RnXRWYOxuWn2CyvJZZaRAyolxgy3qaMKlhmGjhLw4rqIi11TllzedqRzV2sUzjvkozGcjh
root_timezone = Asia/Bangkok
rest_listen_uri = http://아이피정보1:12900
rest_transport_uri = http://아이피정보2:12900
elasticsearch_cluster_name = imc-graylog
elasticsearch_node_name_prefix = imc-gl-client
elasticsearch_discovery_zen_ping_unicast_hosts = 아이피정보1:9300
mongodb_uri = mongodb://graylog:2tnstlswkdrns!!@localhost/graylog
web_enable = true
web_listen_uri = http://아이피정보3:9000/
# vi log4j2.xml
/var/log/graylog-server => /log/graylog-server
service graylog-server start
http://아이피정보2:9000
admin/log조회