graylog2 基本安装

把下面的通过 pp 走一遍就成自动化了 :-)

1. mongodb install
# apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10
# echo -e "deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen\n" >> /etc/apt/sources.list
# apt-get update
# apt-get install mongodb-10gen

2. sun jdk install
# "deb http://ppa.launchpad.net/sun-java-community-team/sun-java6/ubuntu lucid main" >> /etc/apt/sources.list
# apt-get update
# apt-get install sun-java6-jdk

3. download and install graylog2
# mkdir /opt/graylog2
# cd /opt/graylog2
# wget https://github.com/downloads/Graylog2/graylog2-server/graylog2-server-0.9.6.tar.gz
# tar -xvf graylog2-server-0.9.6.tar.gz
# cp /opt/graylog2/graylog2-server-0.9.6/graylog2.conf.example /etc/graylog2.conf


4. edit graylog2 config
# vim /etc/graylog2.conf
syslog_listen_port = 18032
syslog_protocol = tcp
elasticsearch_url = http://localhost:9200/
elasticsearch_index_name = graylog2
mongodb_useauth = false
mongodb_host = 127.0.0.1
mongodb_database = graylog2
mongodb_port = 1111

5. start graylog2
# ./graylog2ctl start
或者直接通过 jar 文件启动:
# java -jar graylog2-server.jar -f /etc/graylog2.conf --debug

6. graylog2 web interface
# cd /opt/
# wget https://github.com/downloads/Graylog2/graylog2-web-interface/graylog2-web-interface-0.9.6.tar.gz
# tar -xvf graylog2-web-interface-0.9.6.tar.gz
# apt-get install rubygems
# gem install bundler --no-ri --no-rdoc
# bundle install
# apt-get install rails

# pwd
/opt/graylog2-web-interface-0.9.6/config
# vim mongoid.yml
/opt/graylog2-web-interface-0.9.6/config
 production:
   host: 127.0.0.1
   port: 1111
   username:
   password:
   database: graylog2

7. 为运行 graylog2 建立一个用户:
# useradd graylog2 -d /opt/graylog2-web-interface
# chown -R graylog2:graylog2 /opt/graylog2-web-interface*
# usermod -G admin graylog2

8. start graylog2 web interface:
# su - graylog2
# /opt/graylog2/graylog2-web-interface/scripts/rails server -e production

这里有一个一键安装的脚本,只适用于 10.04。我没试过。 这里有几个别的用户的 installation guide,可以参考。

下面这个是一个 init.d 的脚本:

#!/bin/sh
#
# graylog2-server:   graylog2 message collector

CMD=$1
NOHUP=`which nohup`
JAVA_CMD=`which java`
GRAYLOG2_SERVER_HOME=/opt/graylog2-server-0.9.6

start() {
    echo "Starting graylog2-server …"
    $NOHUP $JAVA_CMD -jar $GRAYLOG2_SERVER_HOME/graylog2-server.jar > /var/log/graylog2.log 2>&1 &
}

stop() {
        PID=`cat /tmp/graylog2.pid`
        echo "Stopping graylog2-server ($PID) …"
        kill $PID
}

restart() {
    echo "Restarting graylog2-server …"
        stop
        start
}

case "$CMD" in
    start)
        start
        ;; 
    stop)
        stop
        ;; 
    restart)
        restart
        ;; 
    *) 
        echo "Usage $0 {start|stop|restart}"
        RETVAL=1
esac

# update-rc.d graylog2-server defaults

运行久了会产生比较大的日志,分割,其他的类似:
$ cat /etc/logrotate.d/graylog2-web-interface
/opt/graylog2-web-interface/log/*log {
       size=256M
       rotate 90
       copytruncate
       delaycompress
       compress
       notifempty
       missingok
}

关于 log 的收集方式,这篇文章说了三种,分别是 syslog,这个是最原始的;通过 nc,这个更原始;最后通过 graylog2 的扩展 GELF 实现,要自己写。