Monitoring
[Graylog] Graylog 설치
게킴의 블로그
2022. 12. 22. 14:30
Graylog 는 오픈소스를 기반으로 한 로그수집 및 모니터링 툴이다.
로그서버에 수집된 로그를 대시보드를 통해 모니터링하고 관리, Alert 등 기능을 사용할 수 있다.
주요 구성
Graylog (대시보드) + Elasticsearch (검색) + Mongodb (데이터 저장)
설치 방법
공식 : https://go2docs.graylog.org/4-x/downloading_and_installing_graylog/centos_installation.html
1. mongodb 설치
vi /etc/yum.repos.d/mongodb-org.repo
[mongodb-org-4.3]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.3/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.3.asc
mongodb 서비스 설치 / 시작
yum install -y mongodb-org.
systemctl daemon-reload
systemctl enable mongod.service
systemctl start mongod.service
systemctl --type=service --state=active | grep mongod
2. Elasticsearch 설치 (7.11 이상부터는 Graylog와 호환되지 않음)
[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/oss-7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
Elasticsearch 서비스 설치
yum install -y elasticsearch-oss
elasticsearch.yml 파일 수정
vi /etc/elasticsearch/elasticsearch.yml
tee -a /etc/elasticsearch/elasticsearch.yml > /dev/null <<EOT
cluster.name: graylog
action.auto_create_index: false
EOT
elasticsearch 서비스 시작
systemctl daemon-reload
systemctl enable elasticsearch.service
systemctl restart elasticsearch.service
systemctl --type=service --state=active | grep elasticsearch
3. Graylog 설치
graylog 레포지토리로 설치
rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-4.3-repository_latest.rpm
yum install -y graylog-server graylog-enterprise-plugins graylog-integrations-plugins graylog-enterprise-integrations-plugins
초기 설정을 위한 server.conf 수정
1. password_secret 설정
pwgen -N 1 -s 96
vi /etc/graylog/server/server.conf
# You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters.
# Generate one by using for example: pwgen -N 1 -s 96
# ATTENTION: This value must be the same on all Graylog nodes in the cluster.
# Changing this value after installation will render all user sessions and encrypted values in the database invalid. (e.g. encrypted access tokens)
password_secret = 여기에 붙여넣기
2. admin 패스워드 설정 (관리자 로그인용 패스워드)
echo -n 패스워드 | sha256sum
vi /etc/graylog/server/server.conf
# You MUST specify a hash password for the root user (which you only need to initially set up the
# system and in case you lose connectivity to your authentication backend)
# This password cannot be changed using the API or via the web interface. If you need to change it,
# modify it in this file.
# Create one by using for example: echo -n yourpassword | shasum -a 256
# and put the resulting hash value into the following line
root_password_sha2 = 여기에 붙여넣기
3.부가 설정
# 서버 타임존
root_timezone = Asia/Seoul
graylog 서비스 시작
sudo systemctl daemon-reload
sudo systemctl enable graylog-server.service
sudo systemctl start graylog-server.service
sudo systemctl --type=service --state=active | grep graylog
방화벽 허용
firewall-cmd --permanent --add-port=9000/tcp
firewall-cmd --reload