最近因为需要日志收集,对比了一下在graylog和传统的ELK之间选择了graylog

本篇目前只涉及安装部署,使用的是docker compose和拉取镜像安装,默认已安装docker

一、安装Docker-Compose

yum install docker-compose

验证一下是否安装

docker-compose --version

二、安装graylog3.1(Docker-Compose方式)

创建docker-compose.yml,我们把他放在/usr/local/下

1
2
3
4
mkdir /usr/local/graylog      #创建graylog文件夹
touch docker-compose.yml      #创建docker-compose.yml
vim docker-compose.yml        #编辑docker-compose.yml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
version: '3'
services:
  # MongoDB: https://hub.docker.com/_/mongo/
  mongo:
    image: mongo:3
    networks:
      - graylog
  # Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/7.x/docker.html
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.5.1
    environment:
      - http.host=0.0.0.0
      - transport.host=localhost
      - network.host=0.0.0.0
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    deploy:
      resources:
        limits:
          memory: 1g
    networks:
      - graylog
  # Graylog: https://hub.docker.com/r/graylog/graylog/
  graylog:
    image: graylog/graylog:3.1
    environment:
      # CHANGE ME (must be at least 16 characters)!
      - GRAYLOG_PASSWORD_SECRET=somepasswordpepper
      # Password: admin
      - GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
      - GRAYLOG_HTTP_EXTERNAL_URI=http://192.168.2.79:9009/
    networks:
      - graylog
    depends_on:
      - mongo
      - elasticsearch
    ports:
      # Graylog web interface and REST API
      - 9000:9000
      # Syslog TCP
      - 1514:1514
      # Syslog UDP
      - 1514:1514/udp
      # GELF TCP
      - 12201:12201
      # GELF UDP
      - 12201:12201/udp
networks:
  graylog:
    driver: bridge

密码和端口自定义修改

启动docker-compose

docker-compose up

等待一下, 即可成功

三、安装graylog3.3(直接拉取镜像方式,我有个环境因为已经装了es7.5所以没用docker-compose)

mongoDB

1
docker run --name graylog-mongo -d mongo:3

elasticsearch

1
2
3
4
docker pull elasticsearch:7.5.1
docker run -d --name=es7 \
-p 9200:9200 -p 9300:9300 \
-e "discovery.type=single-node" elasticsearch:7.5.1

Graylog

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
docker run \
--link graylog-mongo:mongo \
--link es7:elasticsearch \
--name graylog \
-p 9000:9000 \
-p 12201:12201 -p 12201:12201/udp \
-p 1514:1514 -p 1514:1514/udp -p 5044:5044 \
-e GRAYLOG_HTTP_EXTERNAL_URI=http://192.168.2.1:9000/ \
-e GRAYLOG_ROOT_TIMEZONE=Asia/Shanghai \
-e GRAYLOG_WEB_ENDPOINT_URI="http://192.168.2.79:9000/:9000/api" \
-e GRAYLOG_PASSWORD_SECRET=somepasswordpepper \
-e GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918 \
-v /etc/localtime:/etc/localtime:ro \
-v graylog_journal:/usr/share/graylog/data/journal \
-d graylog/graylog:3.3

可以看到成功启动

访问一下~admin

以上就是安装过程,之后可能会写一下在项目过程的使用