I-Graylog, isixhobo solawulo lwe-log kunye nohlalutyo

Darkcrizt

Imizuzu ye4

Ngwevu1

I-Graylog liqonga elinamandla elenza ukuba kube lula ukulawulwa kweerekhodi zedatha eyakhiwe nengacwangciswanga Kunye nokusetyenziswa kokulungisa ingxaki. Isekwe kwi-Elasticsearch, MongoDB, naseScala.

Inesiphakeli esiphambili, esifumana idatha kubathengi bayo efakwe kwiiseva ezahlukeneyo, kunye nomdibaniso wewebhu, obonisa idatha kwaye uvumela ukusebenza ngeerekhodi ezongezwe ngumncedisi ophambili.

Malunga neGreylog

Ngwevu iyasebenza xa usebenza ngentambo eluhlaza (okt syslog) -isixhobo siyicacisa kwidatha eyakhiweyo esiyifunayo.

Ikwenza ukuba ukukhangelwa kwesiko okuqhubekekayo kweerekhodi kusetyenziswa imibuzo elungiselelwe

Ngamanye amagama, xa idityaniswe ngokufanelekileyo kunye nokusetyenziswa kwewebhu, i-Graylog inceda iinjineli zihlalutye indlela yokuziphatha kwendlela phantse nganye kumgca wekhowudi.

Olona ncedo luphambili lweGreylog kukuba ibonelela ngohlobo olufanelekileyo lokuqokelelwa kwelog kwenkqubo yonke.

Oku kuluncedo ukuba isiseko senkqubo sikhulu kwaye sinzima. Inokuhanjiswa kwiindawo ezininzi kwaye ayingawo onke amalungu eqela anokufikelela kwangoko kuwo onke amacandelo.

NgeGraylog, siyijongana nale micimbi kwaye siqinisekisa ukuba ixesha lethu lokuphendula kwisehlo liyakhawuleza.

Kwi-Logicify, inokusetyenziselwa zombini izicelo kuphuhliso kunye nezo sele zikhutshiwe esidlangalaleni. Kuzo zombini iimeko, ezinye iindlela zesicelo seGraylog zahlukile, ngelixa ezinye zinqamleza.

Ukufakwa kweGreylog

Esi sixhobo sinokufumaneka kuninzi lonikezelo lweLinux, kodwa kuyafuneka ukuba kwenziwe ubumbeko ngaphambi kofakelo lwayo.

Kwimeko yabo bangabasebenzisi be-Debian, Ubuntu kunye nabaphuma kwezinye izinto, kufuneka benze oku kulandelayo.

Siza kuvula i-terminal kwaye siza kuchwetheza le miyalelo ilandelayo:

sudo apt install apt-transport-https openjdk-8-jre-headless uuid-runtime pwgen

Emva kokumisela iipakeji ezisisiseko, Kuya kufuneka baqwalasele inkqubo ye-MongoDB nge:

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5
echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.6 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.6.list
sudo apt update
sudo apt install -y mongodb-org

Emva kokufaka iMongoDB, qala isiseko sedatha nge:

sudo systemctl daemon-reload
sudo systemctl enable mongod.service
sudo systemctl restart mongod.service

Ukulandela iMongoDB, kuya kufuneka ufake isixhobo se-Elasticsearch, njengoko iGreylog isisebenzisa njenge-backend.

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-5.x.list
sudo apt update && sudo apt install elasticsearch

Guqula ifayile ye-Elasticsearch YML nge:

sudo nano /etc/elasticsearch/elasticsearch.yml

Ngoku kufuneka bajonge lo mgca ulandelayo:

#cluster.name: graylog

Kwaye ususe # kuyo, gcina kwaye uvale nano kwaye uchwetheze kwisiphelo sendlela:

sudo systemctl daemon-reload

sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service

Ngoku ukuba i-Elasticsearch kunye neMongoDB ziqwalaselwe, sinokuzikhuphelela iGreylog kwaye siyifake ku-Ubuntu.

Ngwevu

Ukuyifaka, kufuneka uchwetheze oku kulandelayo:

wget https://packages.graylog2.org/repo/packages/graylog-2.4-repository_latest.deb
sudo dpkg -i graylog-2.4-repository_latest.deb
sudo apt-get update && sudo apt-get install graylog-server

Sebenzisa isixhobo se-pwgen, bavelisa isitshixo semfihlo.

pwgen -N 1 -s 96

Nje ukuba kwenziwe oku, kufuneka bakope oko kuboniswa sisiphelo sendlela emva koko bahlele ifayile ye-server.conf kwaye baya kuyibuyisela indawo ye "password_secret" kunye nomyalelo wangaphambili obanike wona:

sudo nano /etc/graylog/server/server.conf

Ke kwi "password" inxenye yalo myalelo ulandelayo, kufuneka ubeke igama eligqithisiweyo lengcambu:

echo -n "contraseña " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1

Kwakhona, khuphela iziphumo eziza kukubonisa kwisiphelo sendlela kwaye uvule iserver.conf ifayile eNano. Kwaye uncamathisele ukuphuma kwephasiwedi emva kwe "root_password_sha2".

Ngoku kufuneka basete idilesi yewebhu emiselweyo.

Kwifayile enye kufuneka bajonge umgca oqukethe "rest_listen_uri" kunye ne "web_listen_uri". Nje ukuba babekhona, kufuneka basuse amaxabiso asisiseko kwaye bawatshintshe kwidilesi ye-IP, into efana nale:

rest_listen_uri =http://ip:12900/
web_listen_uri =http://ip:9000/

Ekugqibeleni gcina ifayile kwaye uphume ngaphandle, emva koku kufuneka uchwetheze:

sudo systemctl daemon-reload
sudo systemctl restart graylog-server

Kwaye ngale nto ungangena kwisikhangeli sewebhu ngokuchwetheza idilesi ye-IP onayo.


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.