[Graylog] Graylog 설치

Graylog 는 오픈소스를 기반으로 한 로그수집 및 모니터링 툴이다. 

로그서버에 수집된 로그를 대시보드를 통해 모니터링하고 관리, Alert 등 기능을 사용할 수 있다. 

 

주요 구성

Graylog (대시보드) + Elasticsearch (검색) + Mongodb (데이터 저장)

 

설치 방법

공식 : https://go2docs.graylog.org/4-x/downloading_and_installing_graylog/centos_installation.html

1. mongodb 설치

vi /etc/yum.repos.d/mongodb-org.repo

[mongodb-org-4.3]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.3/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.3.asc

mongodb 서비스 설치 / 시작

yum install -y mongodb-org.
systemctl daemon-reload
systemctl enable mongod.service
systemctl start mongod.service
systemctl --type=service --state=active | grep mongod

 

2. Elasticsearch 설치 (7.11 이상부터는 Graylog와 호환되지 않음)

[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/oss-7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

Elasticsearch 서비스 설치

yum install -y elasticsearch-oss

elasticsearch.yml 파일 수정

vi /etc/elasticsearch/elasticsearch.yml

tee -a /etc/elasticsearch/elasticsearch.yml > /dev/null <<EOT
cluster.name: graylog
action.auto_create_index: false
EOT

elasticsearch 서비스 시작

systemctl daemon-reload
systemctl enable elasticsearch.service
systemctl restart elasticsearch.service
systemctl --type=service --state=active | grep elasticsearch

 

3. Graylog 설치

graylog 레포지토리로 설치

rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-4.3-repository_latest.rpm
yum install -y graylog-server graylog-enterprise-plugins graylog-integrations-plugins graylog-enterprise-integrations-plugins

초기 설정을 위한 server.conf 수정

1. password_secret 설정
pwgen -N 1 -s 96

vi /etc/graylog/server/server.conf
# You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters.
# Generate one by using for example: pwgen -N 1 -s 96
# ATTENTION: This value must be the same on all Graylog nodes in the cluster.
# Changing this value after installation will render all user sessions and encrypted values in the database invalid. (e.g. encrypted access tokens)
password_secret = 여기에 붙여넣기


2. admin 패스워드 설정 (관리자 로그인용 패스워드)
echo -n 패스워드 | sha256sum
vi /etc/graylog/server/server.conf
# You MUST specify a hash password for the root user (which you only need to initially set up the
# system and in case you lose connectivity to your authentication backend)
# This password cannot be changed using the API or via the web interface. If you need to change it,
# modify it in this file.
# Create one by using for example: echo -n yourpassword | shasum -a 256
# and put the resulting hash value into the following line
root_password_sha2 = 여기에 붙여넣기


3.부가 설정
# 서버 타임존
root_timezone = Asia/Seoul

graylog 서비스 시작

sudo systemctl daemon-reload
sudo systemctl enable graylog-server.service
sudo systemctl start graylog-server.service
sudo systemctl --type=service --state=active | grep graylog

 

방화벽 허용 

firewall-cmd --permanent --add-port=9000/tcp
firewall-cmd --reload