Graylog ipuratifomu ine simba iyo inogonesa nyore manejimendi eakavakirwa uye asina kurongeka data marekodhi pamwe nekugadzirisa kwekushandisa. Iyo yakavakirwa paElasticsearch, MongoDB, uye Scala.
Iyo ine main server, iyo inogamuchira dhata kubva kune vatengi vayo yakaiswa pane akasiyana maseva, uye webhu interface, iyo inoratidza iyo data uye inobvumidza kushanda nemarekodhi akawedzerwa neiyo huru server.
Nezve Graylog
Greylog inoshanda kana uchishanda netambo mbishi (kureva syslog) - chishandiso chinochinjisa mu data rakarongedzwa ratiri kuda.
Iyo zvakare inogonesa epamberi tsika yekutsvaga mumarekodhi uchishandisa yakarongeka mibvunzo.
Mune mamwe mazwi, kana yakanyatsobatanidzwa newebhu webhu, Graylog inobatsira mainjiniya kuongorora maitiro maitiro senge pamutsetse wekodhi.
Kubatsira kukuru kweGraylog ndeyekuti inopa imwechete muenzaniso wekutora marogi kwese system.
Izvi zvinobatsira kana hurongwa hwehurongwa hwakakura uye hwakaomarara. Inogona kugoverwa munzvimbo dzakawanda uye kwete nhengo dzese dzechikwata dzinogona kuwana nekukurumidza kune zvese zvadzo zvikamu.
NaGraylog, tinogadzirisa nyaya idzi uye tinoona kuti nguva yedu yekupindura yechiitiko inokurumidza.
MuLogicify, inogona kushandiswa kune ese mafomu mukusimudzira uye ayo akatoburitswa pachena. Muzviitiko zvese izvi, mamwe maGreylog maitiro ekushandisa akasarudzika, nepo mamwe achiyambuka.
Greylog Kuisirwa
Ichi chishandiso chinogona kuwanikwa mukati mekuparadzirwa kwakawanda kweLinux, asi zvinofanirwa kuita kumisikidza kusati kwaiswa kwayo.
Muchiitiko cheavo vari veDebian, Ubuntu uye vashandisi vanobva, ivo vanofanirwa kuita zvinotevera.
Tiri kuzovhura terminal uye mairi tichaenda kunyora mirairo inotevera:
sudo apt install apt-transport-https openjdk-8-jre-headless uuid-runtime pwgen
Mushure mekumisikidza mapakeji ekutanga, ivo vanofanirwa kumisikidza iyo MongoDB system ne:
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5
echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.6 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.6.list
sudo apt update
sudo apt install -y mongodb-org
Mushure mekuisa MongoDB, tanga iyo database ne:
sudo systemctl daemon-reload
sudo systemctl enable mongod.service
sudo systemctl restart mongod.service
Kuteedzera MongoDB, iwe unofanirwa kuisa iyo Elasticsearch chishandiso, seGraylog inoishandisa seyedendend.
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-5.x.list
sudo apt update && sudo apt install elasticsearch
Chinja iyo Elasticsearch YML faira ne:
sudo nano /etc/elasticsearch/elasticsearch.yml
Iye zvino ivo vanofanirwa kutsvaga inotevera tambo:
#cluster.name: graylog
Uye bvisa iyo # kubva pairi, ponesa uye uvhare nano uye nyora mune iyo terminal:
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service
Zvino izvo Elasticsearch neMongoDB zvagadzirwa, tinogona kurodha pasi Graylog uye nekuiisa pane Ubuntu.
Kuti uiise, unofanirwa kunyora zvinotevera:
wget https://packages.graylog2.org/repo/packages/graylog-2.4-repository_latest.deb
sudo dpkg -i graylog-2.4-repository_latest.deb
sudo apt-get update && sudo apt-get install graylog-server
Uchishandisa pwgen chishandiso, ivo vanogadzira yakavanzika kiyi.
pwgen -N 1 -s 96
Kana izvi zvangoitwa, ivo vanofanirwa kuteedzera izvo zvinoratidzwa neiyo terminal vobva vagadzirisa iyo server.conf faira uye ivo vanozotsiva chikamu che "password_secret" nezvakapihwa iwo wekutanga murairo:
sudo nano /etc/graylog/server/server.conf
Zvino muchikamu che "password" mune unotevera kuraira, iwe unofanirwa kuisa yako midzi password:
echo -n "contraseña " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
Zvekare zvakare, teedzera zvabuda izvo zvinoratidzwa neiyo terminal uye vhura iyo server.conf faira muNano. Uye namatidza password kuburitsa mushure me "root_password_sha2".
Iye zvino ivo vanofanirwa kuseta iyo default webhu kero.
Mufaira rimwe chete vanofanirwa kutsvaga mutsara une "rest_listen_uri" uye "web_listen_uri". Kana vangowanikwa, ivo vanofanirwa kudzima iwo default default uye vochinjira kune yavo IP kero, chimwe chinhu chakafanana neichi:
rest_listen_uri =http://ip:12900/
web_listen_uri =http://ip:9000/
Pakupedzisira chengeta iyo faira uye ubude nano, mushure meizvi unofanirwa kunyora:
sudo systemctl daemon-reload
sudo systemctl restart graylog-server
Uye neizvi unogona kupinda kubva pawebhusaiti nekutaipa iyo IP kero iwe yauinayo.