最近因为需要日志收集,对比了一下在graylog和传统的ELK之间选择了graylog
本篇目前只涉及安装部署,使用的是docker compose和拉取镜像安装,默认已安装docker
一、安装Docker-Compose
yum install docker-compose
验证一下是否安装
docker-compose --version
二、安装graylog3.1(Docker-Compose方式)
创建docker-compose.yml,我们把他放在/usr/local/下
1 2 3 4
| mkdir /usr/local/graylog #创建graylog文件夹 touch docker-compose.yml #创建docker-compose.yml vim docker-compose.yml #编辑docker-compose.yml
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53
| version: '3' services: # MongoDB: https://hub.docker.com/_/mongo/ mongo: image: mongo:3 networks: - graylog # Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/7.x/docker.html elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.5.1 environment: - http.host=0.0.0.0 - transport.host=localhost - network.host=0.0.0.0 - "ES_JAVA_OPTS=-Xms512m -Xmx512m" ulimits: memlock: soft: -1 hard: -1 deploy: resources: limits: memory: 1g networks: - graylog # Graylog: https://hub.docker.com/r/graylog/graylog/ graylog: image: graylog/graylog:3.1 environment: # CHANGE ME (must be at least 16 characters)! - GRAYLOG_PASSWORD_SECRET=somepasswordpepper # Password: admin - GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918 - GRAYLOG_HTTP_EXTERNAL_URI=http://192.168.2.79:9009/ networks: - graylog depends_on: - mongo - elasticsearch ports: # Graylog web interface and REST API - 9000:9000 # Syslog TCP - 1514:1514 # Syslog UDP - 1514:1514/udp # GELF TCP - 12201:12201 # GELF UDP - 12201:12201/udp networks: graylog: driver: bridge
|
密码和端口自定义修改
启动docker-compose
docker-compose up
等待一下, 即可成功
三、安装graylog3.3(直接拉取镜像方式,我有个环境因为已经装了es7.5所以没用docker-compose)
mongoDB
1
| docker run --name graylog-mongo -d mongo:3
|
elasticsearch
1 2 3 4
| docker pull elasticsearch:7.5.1 docker run -d --name=es7 \ -p 9200:9200 -p 9300:9300 \ -e "discovery.type=single-node" elasticsearch:7.5.1
|
Graylog
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
| docker run \ --link graylog-mongo:mongo \ --link es7:elasticsearch \ --name graylog \ -p 9000:9000 \ -p 12201:12201 -p 12201:12201/udp \ -p 1514:1514 -p 1514:1514/udp -p 5044:5044 \ -e GRAYLOG_HTTP_EXTERNAL_URI=http://192.168.2.1:9000/ \ -e GRAYLOG_ROOT_TIMEZONE=Asia/Shanghai \ -e GRAYLOG_WEB_ENDPOINT_URI="http://192.168.2.79:9000/:9000/api" \ -e GRAYLOG_PASSWORD_SECRET=somepasswordpepper \ -e GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918 \ -v /etc/localtime:/etc/localtime:ro \ -v graylog_journal:/usr/share/graylog/data/journal \ -d graylog/graylog:3.3
|
可以看到成功启动
访问一下~admin
以上就是安装过程,之后可能会写一下在项目过程的使用