I-Graylog liqonga elinamandla elenza ukuba kube lula ukulawulwa kweerekhodi zedatha eyakhiwe nengacwangciswanga Kunye nokusetyenziswa kokulungisa ingxaki. Isekwe kwi-Elasticsearch, MongoDB, naseScala.
Inesiphakeli esiphambili, esifumana idatha kubathengi bayo efakwe kwiiseva ezahlukeneyo, kunye nomdibaniso wewebhu, obonisa idatha kwaye uvumela ukusebenza ngeerekhodi ezongezwe ngumncedisi ophambili.
Malunga neGreylog
Ngwevu iyasebenza xa usebenza ngentambo eluhlaza (okt syslog) -isixhobo siyicacisa kwidatha eyakhiweyo esiyifunayo.
Ikwenza ukuba ukukhangelwa kwesiko okuqhubekekayo kweerekhodi kusetyenziswa imibuzo elungiselelwe
Ngamanye amagama, xa idityaniswe ngokufanelekileyo kunye nokusetyenziswa kwewebhu, i-Graylog inceda iinjineli zihlalutye indlela yokuziphatha kwendlela phantse nganye kumgca wekhowudi.
Olona ncedo luphambili lweGreylog kukuba ibonelela ngohlobo olufanelekileyo lokuqokelelwa kwelog kwenkqubo yonke.
Oku kuluncedo ukuba isiseko senkqubo sikhulu kwaye sinzima. Inokuhanjiswa kwiindawo ezininzi kwaye ayingawo onke amalungu eqela anokufikelela kwangoko kuwo onke amacandelo.
NgeGraylog, siyijongana nale micimbi kwaye siqinisekisa ukuba ixesha lethu lokuphendula kwisehlo liyakhawuleza.
Kwi-Logicify, inokusetyenziselwa zombini izicelo kuphuhliso kunye nezo sele zikhutshiwe esidlangalaleni. Kuzo zombini iimeko, ezinye iindlela zesicelo seGraylog zahlukile, ngelixa ezinye zinqamleza.
Ukufakwa kweGreylog
Esi sixhobo sinokufumaneka kuninzi lonikezelo lweLinux, kodwa kuyafuneka ukuba kwenziwe ubumbeko ngaphambi kofakelo lwayo.
Kwimeko yabo bangabasebenzisi be-Debian, Ubuntu kunye nabaphuma kwezinye izinto, kufuneka benze oku kulandelayo.
Siza kuvula i-terminal kwaye siza kuchwetheza le miyalelo ilandelayo:
sudo apt install apt-transport-https openjdk-8-jre-headless uuid-runtime pwgen
Emva kokumisela iipakeji ezisisiseko, Kuya kufuneka baqwalasele inkqubo ye-MongoDB nge:
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5
echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.6 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.6.list
sudo apt update
sudo apt install -y mongodb-org
Emva kokufaka iMongoDB, qala isiseko sedatha nge:
sudo systemctl daemon-reload
sudo systemctl enable mongod.service
sudo systemctl restart mongod.service
Ukulandela iMongoDB, kuya kufuneka ufake isixhobo se-Elasticsearch, njengoko iGreylog isisebenzisa njenge-backend.
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-5.x.list
sudo apt update && sudo apt install elasticsearch
Guqula ifayile ye-Elasticsearch YML nge:
sudo nano /etc/elasticsearch/elasticsearch.yml
Ngoku kufuneka bajonge lo mgca ulandelayo:
#cluster.name: graylog
Kwaye ususe # kuyo, gcina kwaye uvale nano kwaye uchwetheze kwisiphelo sendlela:
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service
Ngoku ukuba i-Elasticsearch kunye neMongoDB ziqwalaselwe, sinokuzikhuphelela iGreylog kwaye siyifake ku-Ubuntu.
Ukuyifaka, kufuneka uchwetheze oku kulandelayo:
wget https://packages.graylog2.org/repo/packages/graylog-2.4-repository_latest.deb
sudo dpkg -i graylog-2.4-repository_latest.deb
sudo apt-get update && sudo apt-get install graylog-server
Sebenzisa isixhobo se-pwgen, bavelisa isitshixo semfihlo.
pwgen -N 1 -s 96
Nje ukuba kwenziwe oku, kufuneka bakope oko kuboniswa sisiphelo sendlela emva koko bahlele ifayile ye-server.conf kwaye baya kuyibuyisela indawo ye "password_secret" kunye nomyalelo wangaphambili obanike wona:
sudo nano /etc/graylog/server/server.conf
Ke kwi "password" inxenye yalo myalelo ulandelayo, kufuneka ubeke igama eligqithisiweyo lengcambu:
echo -n "contraseña " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
Kwakhona, khuphela iziphumo eziza kukubonisa kwisiphelo sendlela kwaye uvule iserver.conf ifayile eNano. Kwaye uncamathisele ukuphuma kwephasiwedi emva kwe "root_password_sha2".
Ngoku kufuneka basete idilesi yewebhu emiselweyo.
Kwifayile enye kufuneka bajonge umgca oqukethe "rest_listen_uri" kunye ne "web_listen_uri". Nje ukuba babekhona, kufuneka basuse amaxabiso asisiseko kwaye bawatshintshe kwidilesi ye-IP, into efana nale:
rest_listen_uri =http://ip:12900/
web_listen_uri =http://ip:9000/
Ekugqibeleni gcina ifayile kwaye uphume ngaphandle, emva koku kufuneka uchwetheze:
sudo systemctl daemon-reload
sudo systemctl restart graylog-server
Kwaye ngale nto ungangena kwisikhangeli sewebhu ngokuchwetheza idilesi ye-IP onayo.