1. OpenSource 資料蒐集&分析平台比較:
https://www.evernote.com/l/AfBaqPuTRHBINLW7Fcafv2jffYx4WnTqau8
2. graylog簡介:
https://www.graylog.org/overview
3. 從零到架設
1) Java SE 8:
http://rongson.twbbs.org/wordpress/how-to-install-java-se-8-in-ubuntu-14-04/
2) MongoDB:
sudo apt-get update
sudo apt-get install mongod
* 檢查是否有執行: ps aux | grep mongod
* 檢查是否有執行: ps aux | grep elasticsearch
若沒有,就重開機:sudo reboot
4) Graylog:
檢查完前兩項mongodb, elasticsearch都有設定好且啟動後,再進行graylog安裝
設定password_secret:`pwgen -N 1 -s 96` => 產生的亂碼複製到/etc/graylog/server/server.conf內的password_secret欄位
和root_password_sha2:echo -n yourpassword | shasum -a 256 => 產生的亂碼複製到/etc/graylog/server/server.conf內的root_password_sha2欄位
*成功後,如何開啟graylog服務?
=> `sudo rm -f /etc/init/graylog-server.override`
=> `sudo start graylog-server`
*確認graylog server有否開啟服務?
=> ps aux | grep graylog
若沒有開啟,就是Java版本有問題,請更新到java se 8
不能openjdk哦!
5) 設定graylog web interface:
看:http://docs.graylog.org/en/2.0/pages/configuration/web_interface.html#configuring-webif-nginx
一樣到/etc/graylog/server/server.conf裡修改參數即可(跟剛剛設定密碼一樣檔案)
將
1. web_enable =true
2. rest_listen_uri = http://YourServerIp:12900/ (不是127.0.0.1:12900)
3. web_listen_uri = http://YourServerIp:9000/ (不是127.0.0.1:9000)
4. web_enable_cors = false
5. web_enable_gzip = true
=> 設定完,即可用瀏覽器輸入 YourServerIp:9000 就進去囉
預設帳密是admin / admin
參考:
1. graylog doc – OS packages: http://docs.graylog.org/en/2.0/pages/installation/operating_system_packages.html
2. graylog doc – Ubuntu steps by steps: http://docs.graylog.org/en/2.0/pages/installation/os/ubuntu.html