ubuntu20.04 部署graylog

Graylog 是开源集中式日志管理解决方案，和ELK类似功能。

1 安装java8

#查看是否安装jdk
java --version
#若是没有安装，先安装
sudo apt update
sudo apt-get install openjdk-8-jre-headless pwgen apt-transport-https uuid-runtime

2 安装Elasticsearch

#将软件包存储库添加到我们的系统软件包存储库列表中
$ wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
$ echo "deb https://artifacts.elastic.co/packages/oss-7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
#安装
$ sudo apt update
$ sudo apt install elasticsearch-oss -y
#更新配置
$ sudo vim /etc/elasticsearch/elasticsearch.yml
#找到该行并修改：
cluster.name: graylog
#在该文件的底部，添加以下行：
action.auto_create_index: false
#重新启动服务以应用修改。
$ sudo systemctl daemon-reload
$ sudo systemctl enable elasticsearch.service
$ sudo systemctl restart elasticsearch.service

3 安装mongdb

#为存储库注册一个公共 GPG 密钥。
$ wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -
#添加软件到本地库
$ echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list
#安装
$ sudo apt update
$ sudo apt install -y mongodb-org
#开启自启动
$ sudo systemctl daemon-reload
$ sudo systemctl enable mongod
$ sudo systemctl restart mongod

4 安装graylog

#下载dep包
$ wget https://packages.graylog2.org/repo/packages/graylog-4.1-repository_latest.deb
#解析dep包
$ sudo dpkg -i graylog-4.1-repository_latest.deb
#安装
$ sudo apt update
$ sudo apt -y install graylog-server
#开启自启动
$ sudo systemctl daemon-reload
$ sudo systemctl enable graylog-server.service
##下面三步设置 password_secret 、 root_password_sha2 密码
#这里的password_secret需要最少16位密码，必须设置否则启动报错
#安装pwgen用来生成一个随机的 128 个字符的密码
$ sudo apt install pwgen
# 现在，我们将使用以下命令生成密码并使用 sed 命令注入password_secret
$ sudo -E sed -i -e "s/password_secret =.*/password_secret = $(pwgen -s 128 1)/" /etc/graylog/server/server.conf
#为 root_password 生成 SHA 256 哈希密码。
#注意将'your_password'替换成你的密码（敲黑板！！！，这个密码下面要用）
$ sudo sed -i -e "s/root_password_sha2 =.*/root_password_sha2 = $(echo -n 'your_password' | shasum -a 256 | cut -d' ' -f1)/" /etc/graylog/server/server.conf
#配置域
$ sudo vim /etc/graylog/server/server.conf
#找到对应的变量并修改 
#your_server_ip改为你主机的ip
http_bind_address = your_server_ip:9000
#启动
$ sudo systemctl restart graylog-server.service

5 验证是否安装成功
浏览器搜索栏输入：your_server_ip:9000/登录 用户名：admin 密码：刚刚你设置的your_password

6 QAS
1.若是无法访问可以查看日志信息

#想要实时动态查看最新日志文件的内容，
tail -f /var/log/graylog/graylog.log
# 查看倒数100条
tail - n 100 /var/log/graylog/graylog.log

2.如果数据库无法安装，提示需要安装libssl1.1

nano /etc/apt/sources.list
# 添加阿里云软件源
deb http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ focal-backports main restricted universe multiverse
#然后再执行：
apt install libssl1.1