قالب وردپرس درنا توس
Home / How To / How to monitor log files with Graylog v3.1 on Debian 10

How to monitor log files with Graylog v3.1 on Debian 10



Graylog is a free and open log management tool based on Java, ElasticSearch and MongoDB. Graylog can be used to collect, index and analyze any server log from a centralized location or distributed location . We can easily monitor all unusual activity for troubleshooting applications and logs with Graylog. Graylog provides a powerful query language, alarm capabilities, a data transformation processing pipeline and much more. We can also extend Graylog's functionality through a REST API and add-ons.

There is currently no official guide for Graylog v3.1 on Debian 10. yet.

Installation of Graylog v3.1 on Debian 10 is available in 9 steps:

  • Step 1: Update system with Debian Backport archive
  • Step 2: Install some helper
  • Step 3 : Install headless JAVA runtime v1
    1.00
  • Step 4: Install MongoDB v4.2, a database to store configurations and meta information.
  • Step 5: Install Elasticsearch-OSS 6.x: It stores all incoming messages and provides a search function.
  • Step 6: Install Graylog v3.1 – It receives and logs from various inputs and provides a web interface for analysis and monitoring.
  • Step 7: Configure Graylog
  • Step 8: Test Graylog
  • Step 9: Log in Graylog

Prerequisite

  • A minimal Debian 10. We can refer to this tutorial.
  • At least 4 GB of RAM, 2-core CPU and 20 GB of discs
  • Default password: KataLaluan
  • Default secret: SecretRahsiaSecreta
  • root access with " su – " Debian recently changed su command behavior. now & # 39; su & # 39; command does not replace PATH. use " su – " instead.

Step 1: Update systems with Debian Backport

Configure the system to use the Debian backports archive

  cat> /etc/apt/sources.list << EOF 
deb http: //ftp.debian .org / debian / buster main contrib non-free
deb http://security.debian.org/debian-security buster / updates main contrib non-free
deb http://ftp.debian.org/ debian / buster updates main contrib non-free
deb http://ftp.debian.org/debian buster-backports main contrib non-free
EOF
apt -y update
apt -y dist-upgrade

Step 2 – Install headless Java runtime v11.00

Graylog and Elasticsearch is a Java based program. So we need to install Java on your system. By default, the latest version of Java is available in the standard Debian 10 repository. We can install it by just running the following command:

  apt -y install apt-transport-https default-jdk 

Step 3 – Install some helper

We need to install some useful tools as helpers in the process:

  • GnuPG – a implementation of the OpenPGP standard, to assist with the key management system
  • wget – a tool for downloading files using HTTP, HTTPS and FTP, the most commonly used Internet protocols
  apt -y install gnupg wget 

Step 4 – Install MongoDB v4.2

By default, MongoDB is not available in Debian 10 standard repository. So we need to add the MongoDB layer to the system:

  apt-key adv --keyserver hkp: //keyserver.ubuntu.com: 80 --recv 4B7C549A058F8B6B 
echo "deb http: //repo.mongodb. org / apt / debian buster / mongodb-org / 4.2 main "| tee /etc/apt/sources.list.d/latest-mongodb.list Chapter19459017achteapt -y update
apt install -y mongodb-org

Enable and restart MongoDB services:

  systemctl enable mongod. service 
systemctl start mongod.service

Step 5: Install Elasticsearch-OSS 6.x

Right now Graylog v3.1 is not supported Elasticsearch-OSS 7.x yet [19659002] We will add the Elasticsearch key and archive to Debian. With the elasticsearch repository from elastic.co we can install Elasticsearch by running the following command:

  wget -qO - https://artifacts.elastic.co/GPG- KEY-elasticsearch | apt-key add - 
echo "deb https://artifacts.elastic.co/packages/oss-6.x/apt stable main" | tee -a /etc/apt/sources.list.d/latest-elastic-6.x.listvud19459017achteapt -y update
apt -y install elasticsearch-oss

Configure Elasticsearch for the cluster name

  sed -i "s / # cluster.name: my-application / cluster.name: graylog-  application  / g" /etc/elasticsearch/elasticsearch.yml 12719659033]  Enable and restart  Elasticsearch  services:  

  systemctl enable elasticsearch.service 
systemctl start elasticsearch.service

Step 6: Install Graylog v3.1

We are going to download one simple Graylog package that helps add Graylog key and configure Graylog archive

  cd / tmp / 
wget https://packages.graylog2.org/repo/packages /graylog-3.1-repository_latest.debuut19459017achtedpkg -i graylog-3.1-repository_latest.deb
apt -y update

Install G raylog by running the following command:

  apt - y in stall graylog server 

Step 7: Configure Graylog

Remove the password and copy the hash. " KataLaluan " is the currently selected password.

  echo & # 39; KataLaluan & # 39; | tr -d & # 39;  n & # 39; | sha256sum | cut -d "" -f1 

Add the hash password to the Graylog configuration file

  sed -i "s / ^ root_password_sha2 =  $ / root_password_sha2 =  a25d2f6605c9e27f182d39b66a8b24f2bcf4b2bfbbbbbbbbbbbbbbbbbbbbfb ?? 19199009003 Add the secret to the Graylog configuration file The minimum length is 16 characters.  

  sed -i "s / ^ password_secret =  $ / password_secret = SecretRahsiaSecreta / g" / etc / graylog / server / server. confebrit19659033 ?? Allow external access to graylog 

  sed -i "s / ^ # http_bind_address = 127.0.0.1:9000/http_bind_address = 0.0.0.0:9000/g" /etc/graylog/server/server.confebrit19659033 ?? Change time zone located 

  sed -i "s / # root_timezone = UTC / root_timezone = Asia  / Kuala_Lumpur / g"  / etc / graylog /server/server.conf Chapter19459004 ???? 19659033 ??? ? 1919900900: Enable and restart G  raylog    services:  

  systemctl enable graylog-server.service 
systemctl start graylog-server.service

If Graylog is behind a router, we must set the router's WAN IP address in the Graylog configuration. There may also be DNS-A records pointing to the same IP address

  sed -i & # 39; / http_publish_uri = / c  http_publish_uri = http: //  graylog.howtoforge.com : 9000 / & # 39; / etc / graylog / server / server.conf 

Step 8: Test Graylog

Lets test Graylog using some primitive commands

  apt -y install netcat curl 

Here are some sample commands to log in . [19659021] echo "Hi Graylog, let's be friends." | nc -w 1 -u 127.0.0.1 9099

Here are some sample commands to get Graylog server API status.

  curl -X GET http: // localhost: 9200 
curl - XGET & # 39; http: // localhost: 9200 / _cluster / health? Pretty = true & # 39;

Here are some sample commands to get Graylog server log.

  tail -f / var / log / graylog-server / server.log 

Step 9: Log in Graylog

Let WebGUI be used. The URL can be:

  • http: // : 9000 /
  • http: // : 9000 /
  • http: // : 9000 /

Examples of URL


Source link