安裝 SOP 參考自 https://tech.davidfield.co.uk/graylog-4-x-on-rhel-8-for-log-monitoring/
使用軟體如下:
[root@rocky8 ~]# cat /etc/redhat-release
Rocky Linux release 8.6 (Green Obsidian)
[root@rocky8 ~]#
[root@rocky8 ~]# rpm -qa | grep elasticsearch
elasticsearch-oss-7.10.2-1.x86_64
[root@rocky8 ~]# rpm -qa | grep mongodb
mongodb-org-server-4.2.20-1.el8.x86_64
mongodb-org-shell-4.2.20-1.el8.x86_64
mongodb-org-4.2.20-1.el8.x86_64
mongodb-org-tools-4.2.20-1.el8.x86_64
mongodb-org-mongos-4.2.20-1.el8.x86_64
[root@rocky8 ~]# rpm -qa | grep graylog
graylog-integrations-plugins-4.3.0-8.noarch
graylog-server-4.3.0-8.noarch
===============================================
測試架構
FTG-VM(192.168.100.254)--->RockyLinux(.160)---->GrayLog 4.2
syslog UDP 514------------------>Rsyslog UDP 514---->Graylog Syslog 8888
vi /etc/rsyslog.conf
# Provides UDP syslog reception
# for parameters see http://www.rsyslog.com/doc/imudp.html
module(load="imudp") # needs to be done just once
input(type="imudp" port="514")
*.* @192.168.100.160:8888;RSYSLOG_SyslogProtocol23Format
=====================
# You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters.
# Generate one by using for example: pwgen -N 1 -s 96
# ATTENTION: This value must be the same on all Graylog nodes in the cluster.
# Changing this value after installation will render all user sessions and encrypted values in the database invalid. (e.g. encrypted access tokens)
password_secret = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
# Create one by using for example: echo -n yourpassword | shasum -a 256
# and put the resulting hash value into the following line
root_password_sha2 = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
vi /etc/graylog/server/server.conf
root_timezone = Asia/Taipei
http_bind_address = 0.0.0.0:9000
password_secret =
root_password_sha2 =
DEMO
卡關處-待研究
Marketplace
https://github.com/seanthegeek/graylog-fortigate-cef
以前的 Lab http://xrcd2.blogspot.com/2016/07/graylog2.html
沒有留言:
張貼留言