Graylog, chishandiso chegogi manejimendi uye kuongorora

Darkcrizt

4 maminitsi

greylog1

Graylog ipuratifomu ine simba iyo inogonesa nyore manejimendi eakavakirwa uye asina kurongeka data marekodhi pamwe nekugadzirisa kwekushandisa. Iyo yakavakirwa paElasticsearch, MongoDB, uye Scala.

Iyo ine main server, iyo inogamuchira dhata kubva kune vatengi vayo yakaiswa pane akasiyana maseva, uye webhu interface, iyo inoratidza iyo data uye inobvumidza kushanda nemarekodhi akawedzerwa neiyo huru server.

Nezve Graylog

Greylog inoshanda kana uchishanda netambo mbishi (kureva syslog) - chishandiso chinochinjisa mu data rakarongedzwa ratiri kuda.

Iyo zvakare inogonesa epamberi tsika yekutsvaga mumarekodhi uchishandisa yakarongeka mibvunzo.

Mune mamwe mazwi, kana yakanyatsobatanidzwa newebhu webhu, Graylog inobatsira mainjiniya kuongorora maitiro maitiro senge pamutsetse wekodhi.

Kubatsira kukuru kweGraylog ndeyekuti inopa imwechete muenzaniso wekutora marogi kwese system.

Izvi zvinobatsira kana hurongwa hwehurongwa hwakakura uye hwakaomarara. Inogona kugoverwa munzvimbo dzakawanda uye kwete nhengo dzese dzechikwata dzinogona kuwana nekukurumidza kune zvese zvadzo zvikamu.

NaGraylog, tinogadzirisa nyaya idzi uye tinoona kuti nguva yedu yekupindura yechiitiko inokurumidza.

MuLogicify, inogona kushandiswa kune ese mafomu mukusimudzira uye ayo akatoburitswa pachena. Muzviitiko zvese izvi, mamwe maGreylog maitiro ekushandisa akasarudzika, nepo mamwe achiyambuka.

Greylog Kuisirwa

Ichi chishandiso chinogona kuwanikwa mukati mekuparadzirwa kwakawanda kweLinux, asi zvinofanirwa kuita kumisikidza kusati kwaiswa kwayo.

Muchiitiko cheavo vari veDebian, Ubuntu uye vashandisi vanobva, ivo vanofanirwa kuita zvinotevera.

Tiri kuzovhura terminal uye mairi tichaenda kunyora mirairo inotevera:

sudo apt install apt-transport-https openjdk-8-jre-headless uuid-runtime pwgen

Mushure mekumisikidza mapakeji ekutanga, ivo vanofanirwa kumisikidza iyo MongoDB system ne:

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5
echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.6 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.6.list
sudo apt update
sudo apt install -y mongodb-org

Mushure mekuisa MongoDB, tanga iyo database ne:

sudo systemctl daemon-reload
sudo systemctl enable mongod.service
sudo systemctl restart mongod.service

Kuteedzera MongoDB, iwe unofanirwa kuisa iyo Elasticsearch chishandiso, seGraylog inoishandisa seyedendend.

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-5.x.list
sudo apt update && sudo apt install elasticsearch

Chinja iyo Elasticsearch YML faira ne:

sudo nano /etc/elasticsearch/elasticsearch.yml

Iye zvino ivo vanofanirwa kutsvaga inotevera tambo:

#cluster.name: graylog

Uye bvisa iyo # kubva pairi, ponesa uye uvhare nano uye nyora mune iyo terminal:

sudo systemctl daemon-reload

sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service

Zvino izvo Elasticsearch neMongoDB zvagadzirwa, tinogona kurodha pasi Graylog uye nekuiisa pane Ubuntu.

Greylog

Kuti uiise, unofanirwa kunyora zvinotevera:

wget https://packages.graylog2.org/repo/packages/graylog-2.4-repository_latest.deb
sudo dpkg -i graylog-2.4-repository_latest.deb
sudo apt-get update && sudo apt-get install graylog-server

Uchishandisa pwgen chishandiso, ivo vanogadzira yakavanzika kiyi.

pwgen -N 1 -s 96

Kana izvi zvangoitwa, ivo vanofanirwa kuteedzera izvo zvinoratidzwa neiyo terminal vobva vagadzirisa iyo server.conf faira uye ivo vanozotsiva chikamu che "password_secret" nezvakapihwa iwo wekutanga murairo:

sudo nano /etc/graylog/server/server.conf

Zvino muchikamu che "password" mune unotevera kuraira, iwe unofanirwa kuisa yako midzi password:

echo -n "contraseña " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1

Zvekare zvakare, teedzera zvabuda izvo zvinoratidzwa neiyo terminal uye vhura iyo server.conf faira muNano. Uye namatidza password kuburitsa mushure me "root_password_sha2".

Iye zvino ivo vanofanirwa kuseta iyo default webhu kero.

Mufaira rimwe chete vanofanirwa kutsvaga mutsara une "rest_listen_uri" uye "web_listen_uri". Kana vangowanikwa, ivo vanofanirwa kudzima iwo default default uye vochinjira kune yavo IP kero, chimwe chinhu chakafanana neichi:

rest_listen_uri =http://ip:12900/
web_listen_uri =http://ip:9000/

Pakupedzisira chengeta iyo faira uye ubude nano, mushure meizvi unofanirwa kunyora:

sudo systemctl daemon-reload
sudo systemctl restart graylog-server

Uye neizvi unogona kupinda kubva pawebhusaiti nekutaipa iyo IP kero iwe yauinayo.


Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira iyo data: Miguel Ángel Gatón
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako