Graylog2 installation on Ubuntu server

올린이:seokom Graylog2 installation on Ubuntu server에 댓글 남기기

Setting GrayLog2 Server

Graylog2-server-0.11, Graylog2-web-intrerface-0.11 기준 설치 예시

Up to date Ubuntu 12.04 server x64

apt-get update && apt-get upgrade

Installing mongodb

echo -e "deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen\n" > /etc/apt/sources.list.d/mongodb-10gen.list
apt-get update
apt-get install mongodb-10gen

create the mongodb user:

mongo
use graylog2
db.addUser("grayloguser", "123")
exit

Installing Java

apt-get install openjdk-6-jdk 
ln -s /usr/lib/jvm/java-6-openjdk-amd64 java-6-openjdk
cat <<EOF > /etc/profile.d/java.sh
export JAVA_HOME=/usr/lib/jvm/java-1.6.0-openjdk-amd64
EOF

source /etc/profile.d/java.sh

Installing elasticsearch

wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-0.20.4.deb 
dpkg -i elasticsearch- 0.20.4.deb
service elasticsearch start

Check Elasticsearch service

curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'
output
{ “cluster_name” : “elasticsearch”, “status” : “green”, “timed_out” : false, “number_of_nodes” : 1, “number_of_data_nodes” : 1, “active_primary_shards” : 0, “active_shards” : 0, “relocating_shards” : 0, “initializing_shards” : 0, “unassigned_shards” : 0 }

Installing graylog2-server

mkdir -p /opt/graylog2 && cd /tmp
wget http://download.graylog2.org/graylog2-server/graylog2-server-0.11.0.tar.gz
tar -xzvf graylog2-server-0.11.0.tar.gz -C /opt/graylog2
cd /opt/graylog2
ln -sf graylog2-server-0.11.0 graylog2-server
cp graylog2-server/graylog2.conf.example /etc/graylog2.conf
You should change the value of the mongodb_password too If you changed the mongodb_user’s password in mongodb console.

Configuring service

cat <<EOF > /etc/init/graylog2-server.conf
description "graylog2 server"
author  "Mick Pollard <aussielunix@gmail.com>"
modified  "DaeHyung <daehyung@gmail.com>"
start on runlevel [2345]
stop on runlevel [06]
# tell upstart we're creating a daemon
# upstart manages PID creation for you.
expect fork
script
  cd /opt/graylog2/graylog2-server
  exec sudo java -jar graylog2-server.jar > /opt/graylog2/graylog2-server/log/graylog2.log 2>&1 &
  emit graylog2-server_running
end script
EOF
touch /opt/graylog2/graylog2-server/log/graylog2.log
cd /var/log && ln -s /opt/graylog2/graylog2-server/log/graylog2.log
service graylog2-server start

위의 service graylog2-server start 는 동작 안함.
아래 /etc/init.d/graylog2-server? 파일 생성 후 /etc/init.d/graylog2-server start? 로 실행

/etc/init.d/graylog2-server? 생성

 


#!/bin/bash

CMD=$1
NOHUP=`which nohup`

GRAYLOG2CTL_DIR="/opt/graylog2/graylog2-server/bin"
GRAYLOG2_SERVER_JAR=graylog2-server.jar
GRAYLOG2_CONF=/etc/graylog2.conf
GRAYLOG2_PID=/tmp/graylog2.pid
LOG_FILE=log/graylog2-server.log

start() {
    echo "Starting graylog2-server ..."
    cd "$GRAYLOG2CTL_DIR/.."
    sleep 2m
    $NOHUP java -jar ${GRAYLOG2_SERVER_JAR} -f ${GRAYLOG2_CONF} -p ${GRAYLOG2_PID} >> ${LOG_FILE} &
}

stop() {
    PID=`cat ${GRAYLOG2_PID}`
    echo "Stopping graylog2-server ($PID) ..."
    if kill $PID; then
        rm ${GRAYLOG2_PID}
    fi
}

restart() {
    echo "Restarting graylog2-server ..."
    stop
    start
}

status() {
    pid=$(get_pid)
    if [ ! -z $pid ]; then
        if pid_running $pid; then
            echo "graylog2-server running as pid $pid"
            return 0
        else
            echo "Stale pid file with $pid - removing..."
            rm ${GRAYLOG2_PID}
        fi
    fi

    echo "graylog2-server not running"
}

get_pid() {
    cat ${GRAYLOG2_PID} 2> /dev/null
}

pid_running() {
    kill -0 $1 2> /dev/null
}

case "$CMD" in
    start)
        start
        ;;
    stop)
        stop
        ;;
    restart)
        restart
        ;;
    status)
        status
        ;;
    *)
        echo "Usage $0 {start|stop|restart|status}"
        RETVAL=1
esac

 

Installing graylog2-web-interface

apt-get install curl

cd /tmp
wget http://download.graylog2.org/graylog2-web-interface/graylog2-web-interface-0.11.0.tar.gz
tar -xzvf graylog2-web-interface-0.11.0.tar.gz -C /opt/graylog2
cd /opt/graylog2
ln -sf graylog2-web-interface-0.11.0 graylog2-web-interface
chown www-data.www-data -R /opt/graylog2/graylog2-web-interface

Installing RUBY 2.0

Preparing

apt-get install build-essential libcurl4-openssl-dev libssl-dev zlib1g-dev

Installing Ruby 2.0

cd /tmp
wget http://ftp.ruby-lang.org/pub/ruby/2.0/ruby-2.0.0-p0.tar.gz
tar -xzvf ruby-2.0.0-p0.tar.gz -C /opt/graylog2
cp ruby-2.0.0-p0 
cd /opt/graylog2/ruby-2.0.0-p0 
./configure && make && make install
update-alternatives --install /usr/bin/ruby ruby /usr/local/bin/ruby 20000

Check ruby is working

ruby -v

Installing bundler and others

gem install bundler --no-rdoc --no-ri

Change the version of json in the Gemfile

/opt/graylog2/graylog2-web-interface/Gemfile
...skiped...
gem 'json', '~> 1.5.5'               ===> change 1.5.5 to 1.7.7
...skiped...
Run bundle command for update json
bundle update json
bundle install

Installing web server daemon

apt-get install apache2-mpm-prefork apache2-prefork-dev libapr1-dev libaprutil1-dev
or
apt-get install nginx

Get passenger and make sure you pull the pre version

The Passenger is A modern web server and application server for Ruby, Python and Node.js, optimized for performance, low memory usage and ease of use.
Passenger web site 😕http://rubygems.org/gems/passenger

Installing the passenger module (for apache)

gem install passenger --no-rdoc --no-ri --pre
(For Apache) passenger-install-apache2-module
(For Nginx) passenger-install-nginx-module

Creating configuration files (for apache)

cd /etc/apache2/mods-available
cat <<EOF > passenger.conf
PassengerRoot /usr/local/lib/ruby/gems/2.0.0/gems/passenger-4.0.23
PassengerDefaultRuby /usr/local/bin/ruby
EOF

cat <<EOF > passenger.load
LoadModule passenger_module /usr/local/lib/ruby/gems/2.0.0/gems/passenger-4.0.23/buildout/apache2/mod_passenger.so
EOF

cd ../mods-enabled
ln -sf ../mods-available/passenger.conf
ln -sf ../mods-available/passenger.load

cd ../sites-available
mv default default.backup

cat <<EOF > default
<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /opt/graylog2/graylog2-web-interface/public
        RailsEnv 'production'
        <Directory /opt/graylog2/graylog2-web-interface/public>
                 # This relaxes Apache security settings.
                 Require all granted
???????????????? Options FollowSymLinks
                 AllowOverride None
                 # MultiViews must be turned off.
                 # Options -MultiViews
                   Allow from all
        </Directory>
        ErrorLog ${APACHE_LOG_DIR}/error.log
        LogLevel warn
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
EOF

Editing elasticsearch and other items

/etc/elasticsearch/elasticsearch.yml
...skipped...
cluster.name: graylog2
node.name: "graylog2-elasticserver"
node.master: true
node.data: true
/etc/graylog2-elasticsearch.yml
cluster.name: graylog2
node.name: "graylog2-server"
transport.tcp.port: 9390

Restarting services

service apache2 start

 

reference : http://toofasttosee.blogspot.kr/2013/11/install-and-setup-graylog2-on-ubuntu.html

댓글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다

This site uses Akismet to reduce spam. Learn how your comment data is processed.