(图片点击放大查看)
见官方文档说明链接:
https://go2docs.graylog.org/5-2/downloading_and_installing_graylog/installing_graylog.html
GrayLog5.2.X版本(这时说的是Graylog Open开源版本)
1、5.0.7版本 <=MongoDB版本 <=6.X版本
2、Elasticsearch版本 只支持7.10.2版本
说明:如果使用OpenSearch替换ES的话, 1.1.x <= OpenSearch <= 2.9.x
考虑到众多人偏向于用Elasticsearch作为Graylog的日志存储组件,对OpenSearch的接受度不太高
我个人更倾向于使用OpenSearch,不过没有关系,用啥不重要,稳定好用最重要,本人不太倾向于追新,因为在软件开发中现在是“敏捷开发、频繁迭代”的理念,软件不断升级是为了改善功能、提升用户体验、修复漏洞,通过升级软件,用户可以获得更好的使用体验和更完善的功能,目的是好的,但是频繁更新,也会给用户带来负担,本人秉持“能用就行了”的至简原则
,其实很多高级功能往往在生产生活中用到的几率很小,很多人会陷入”我可以选择不用,但必须有这个功能“的想法
(图片点击放大查看)
废话不多说,回到正题
因为CentOS7 在今年6月30日即将 EOL(End Of Life ),所以选用AlmaLinux 9.3
GrayLogServer5.2.5_install.sh一键安装脚本内容如下
#!/bin/bash
#关闭SELINUX
sed -i 's/enforcing/disabled/g' /etc/selinux/config
setenforce 0
#解压安装包
mkdir -p /opt/GrayLog_install
tar -zxvf ./GrayLog5.2.5_MongoDB6.0_Elasticsearch7.10.2_EL9_RPM.tar.gz -C /opt/GrayLog_install
cat > /etc/yum.repos.d/mongodb-org.repo << \EOF
[mongodb-org-6.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/9/mongodb-org/6.0/x86_64/
gpgcheck=0
enabled=1
gpgkey=https://pgp.mongodb.com/server-6.0.asc
EOF
cd /opt/GrayLog_install
#安装mongodb-server服务
rpm -ivh cyrus-sasl*.rpm
rpm -ivh mongodb*.rpm
#启动mongodb-server服务
systemctl daemon-reload
systemctl enable mongod.service
systemctl start mongod.service
systemctl --type=service --state=active | grep mongod
firewall-cmd --add-port=27017/tcp --permanent --zone=public
firewall-cmd --reload
#安装elasticsearch
rpm -ivh /opt/GrayLog_install/elasticsearch-7.10.2-x86_64.rpm
#单独创建目录用于存放elasticsearch数据
mkdir -p /data/elasticsearch/data
mkdir -p /data/elasticsearch/logs
chown -R elasticsearch:elasticsearch /data/elasticsearch
cp /etc/elasticsearch/elasticsearch.yml /etc/elasticsearch/elasticsearch.yml_default
#修改elasticsearch相关配置文件
sed -i "s@#cluster.name: my-application@cluster.name: graylog@g" /etc/elasticsearch/elasticsearch.yml
sed -i "s#path.data: /var/lib/elasticsearch#path.data: /data/elasticsearch/data#g" /etc/elasticsearch/elasticsearch.yml
sed -i "s#path.logs: /var/log/elasticsearch#path.logs: /data/elasticsearch/logs#g" /etc/elasticsearch/elasticsearch.yml
#修改JVM内存大小
sed -i "s/-Xms1g/-Xms3g/g" /etc/elasticsearch/jvm.options
sed -i "s/-Xmx1g/-Xmx3g/g" /etc/elasticsearch/jvm.options
#启动elasticsearch服务
systemctl daemon-reload
systemctl enable elasticsearch.service
systemctl restart elasticsearch.service
firewall-cmd --add-port=9200/tcp --permanent --zone=public
firewall-cmd --reload
curl -s -XGET 'http://127.0.0.1:9200/_cluster/health?pretty=true'
curl -s -XGET 'http://127.0.0.1:9200/_cat/nodes?v'
#安装graylog-server服务
rpm -ivh /opt/GrayLog_install/graylog-server-5.2.5-1.x86_64.rpm
cp /etc/graylog/server/server.conf /etc/graylog/server/server.conf_default
#修改graylog-server相关配置文件
sed -i "s/password_secret =/password_secret = 0pAHJtPdZZUb5yHAvFbBezbWAlQwh9CbRX1rshJEVxM0kV7t0SpIgY5q9tLpVEwWLElhG3EtbvQ03mTm9i0HuvWKwlWgWiIJ/g" /etc/graylog/server/server.conf
sed -i "s/root_password_sha2 =/root_password_sha2 = 429d280c5ddad83d94770b077b22124231efc727d504b107883297304b3e2939/g" /etc/graylog/server/server.conf
sed -i "s@#root_timezone = UTC@root_timezone = Asia/Shanghai@g" /etc/graylog/server/server.conf
sed -i "s@#http_bind_address = 127.0.0.1:9000@http_bind_address = 0.0.0.0:9000@g" /etc/graylog/server/server.conf
sed -i "s/allow_highlighting = false/allow_highlighting = true/g" /etc/graylog/server/server.conf
echo "elasticsearch_hosts = http://127.0.0.1:9200" >> /etc/graylog/server/server.conf
#修改graylog-server启动时JVM内存大小
sed -i "s/-Xms1g -Xmx1g/-Xms2g -Xmx2g/g" /etc/sysconfig/graylog-server
firewall-cmd --add-port=9000/tcp --permanent --zone=public
firewall-cmd --reload
#启动graylog-server服务
systemctl daemon-reload
systemctl restart graylog-server
systemctl enable graylog-server
说明:
(图片点击放大查看)
(图片点击放大查看)
(图片点击放大查看)
(图片点击放大查看)
#报错日志
WARN [ProxiedResource] Failed to call API on node <55a4eda7-a6d7-46d0-9e9f-776ba8ecc4e0>, cause: timeout (duration: 5001 ms)
(图片点击放大查看)
(图片点击放大查看)
解决办法:/etc/hosts加上主机名的解析记录
(图片点击放大查看)
(图片点击放大查看)
需要手动调整elasticsearch_hosts配置 所以我在一键脚本中加了这一行命令
echo "elasticsearch_hosts = http://127.0.0.1:9200" >> /etc/graylog/server/server.conf
如果你使用的ES位于其它IP的主机或者ES集群,自行调整server.conf这行配置中参数即可
It is necessary in Graylog 5.2 to manually adjust the elasticsearch_hosts setting to include a list of comma-separated URIs to one or more valid Elasticsearch/OpenSearch nodes. A sample specification may look as follows:
elasticsearch_hosts = http://es-node-1.example.org:9200/foo,https://someuser:somepassword@es-node-2.example.org:19200
Warning: If this setting is not adjusted before start up, then you will NOT be able to log into Graylog using your previously configured root password! For more information on this configuration setting, see Elasticsearch Configuration.
本文分享自 WalkingCloud 微信公众号,前往查看
如有侵权,请联系 cloudcommunity@tencent.com 删除。
本文参与 腾讯云自媒体同步曝光计划 ,欢迎热爱写作的你一起参与!