2012年7月22日 星期日

安裝 Graylog2 筆記 ( centos 6.3 + Ruby 1.9.3 )


關於 Graylog2 (log server)請自行參閱
http://graylog2.org/

前置作業安裝好 Ruby 與 Java 的使用環境

#yum erase ruby ruby-libs ruby-mode ruby-rdoc ruby-irb ruby-ri ruby-docs .............
#yum install gcc gcc-c++ openssl-devel zlib-devel autoconf readline-devel curl-devel expat-devel gettext-devel

如安裝使用 Ruby 1.9.x 請先安裝 yaml-0.1.4.tar.gz
http://pyyaml.org/wiki/LibYAML
yuml
./configure
make
make install

Ruby 1.9.x
./configure --enable-shared --enable-pthread --prefix=/xxxx
make
make install


=================================
另一種安裝方式

#curl -L https://get.rvm.io | bash -s stable
#exit  and relogin
or
#source /etc/profile

rvm pkg install openssl
rvm install 1.9.3 --with-openssl-dir=/usr/local/rvm/usr

=================================

# ruby -v
ruby 1.9.3p194 (2012-04-20 revision 35410) [i686-linux]
# gem -v
1.8.23


java-1.6.0-openjdk.i686 : OpenJDK Runtime Environment
java-1.7.0-openjdk.i686 : OpenJDK Runtime Environment

#yum install java-xxxxxxx


gem 的使用技法
#gem install
#gem list
#gem install xxxx -v x.x.x
#gem update

graylog2
http://graylog2.org/
http://graylog2.org/download
elasticsearch
http://www.elasticsearch.org/
https://github.com/elasticsearch/elasticsearch/downloads
elasticsearch-servicewrapper
https://github.com/elasticsearch/elasticsearch-servicewrapper/downloads

DB install (mongoDB)

#vi /etc/yum.repos.d/10gen.repo
[root@graylog2 service]# cat /etc/yum.repos.d/10gen.repo
[10gen]
name=10gen Repository
baseurl=http://downloads-distro.mongodb.org/repo/redhat/os/i686
gpgcheck=0
enabled=1
[root@graylog2 service]#

#yum update

#yum install mongo-10gen mongo-10gen-server

設定 port 與 DB 使用的驗證方式
# vi /etc/mongod.conf 

Create graylog2 ID & PWD
# mongo
MongoDB shell version: 2.0.6
connecting to: test
> use graylog2
switched to db graylog2
>db.addUser("userid","userpwd")
>db.system.users.find()
>exit
or
>db.addUser("userid","userpwd")
>db.auth("userid","passwd")
>db.system.users.find()
>exit

相關 DB & ID & PWD 將套用於

# cat /etc/graylog2.conf

# On which port (UDP) should we listen for Syslog messages? (Standard: 514)
syslog_listen_port = 514
syslog_protocol = udp
# ElasticSearch URL (default: http://localhost:9200/)
elasticsearch_url = http://localhost:9200/
elasticsearch_index_name = graylog2
# Always try a reverse DNS lookup instead of parsing hostname from syslog message?
force_syslog_rdns = false
# Set time to NOW if parsing date/time from syslog message failed instead of rejecting it?
allow_override_syslog_date = true
# MongoDB Configuration
mongodb_useauth = true
mongodb_user = userid
mongodb_password = userpwd
mongodb_host = localhost
#mongodb_replica_set = localhost:27017,localhost:27018,localhost:27019
mongodb_database = graylog2
mongodb_port = 27017
....
....
===============================

# cat /opt/graylog2-web-interface/config/mongoid.yml

production:
  host: localhost
  port: 27017
  username: userid
  password: userpwd
  database: graylog2

[root@graylog2 src]#
===============================

驗證 ID & PWD + DB 的方式

#mongo localhost/graylog2 -u userid -p userpwd

or

#mongo

MongoDB shell version: 2.0.6
connecting to: test
> show dbs
admin   (empty)
graylog2        0.0625GB
graylog2_development    (empty)
local   (empty)
test    (empty)
> use graylog2
switched to db graylog2
> show collections
blacklists
filtered_terms
hosts
jobs
message_counts
server_values
settings
streamcategories
streams
system.indexes
system.users
users
> db.hosts.find()
{ "_id" : ObjectId("500b4007f226e0d4bf5c5e93"), "host" : "192.168.100.252", "message_count" : 147 }
{ "_id" : ObjectId("500b4089f226e0d4bf5c5e94"), "host" : "192.168.100.251", "message_count" : 184 }
> db.system.users.find()
{ "_id" : ObjectId("500b2504433e438db352e192"), "user" : "userid", "readOnly" : false, "pwd" : "68cdc0f21c4624d1293d2fc54f966b38" }
> exit


程式安裝的目錄結構如下:

# pwd
/opt
[root@graylog2 opt]# ll
total 12
drwxr-xr-x.  7 root root 4096 Jul 22 06:03 elasticsearch  <-- elasticsearch
drwxr-xr-x.  3 root root 4096 Jul 22 05:36 graylog2
drwxr-xr-x. 10 root root 4096 Jul 22 06:06 graylog2-web-interface
[root@graylog2 opt]#

# pwd
/opt/graylog2
# ll
total 9492
drwxr-xr-x. 2 root root    4096 Jul 22 06:04 bin
-rw-r--r--. 1 root root      30 Jul 22 05:36 build_date
-rw-r--r--. 1 root root   35147 Jul 22 05:36 COPYING
-rw-r--r--. 1 root root    3361 Jul 22 05:36 graylog2.conf.example
-rw-r--r--. 1 root root 9663961 Jul 22 05:36 graylog2-server.jar
-rw-r--r--. 1 root root     106 Jul 22 05:36 README

設定 graylog2 server 的運作方式 (cp graylog2.conf.example 來的)
cp elasticsearch.yml.example /etc/graylog2-elasticsearch.yml
cp graylog2.conf.example /etc/graylog2.conf

#vi /etc/etc/graylog2.conf


# pwd
/opt/elasticsearch/bin

# ll
total 20
-rwxr-xr-x. 1 root root 5517 Jul 22 05:36 elasticsearch
-rwxr-xr-x. 1 root root 2058 Jul 22 05:36 elasticsearch.in.sh
-rwxr-xr-x. 1 root root  729 Jul 22 05:36 plugin
drwxr-xr-x. 4 root root 4096 Jul 22 06:03 service  <-- elasticsearch-servicewrapper

#pwd
/opt/graylog2-web-interface/config
# ll
total 60
-rw-r--r--. 1 root root 2188 Jul 22 05:36 application.rb
-rw-r--r--. 1 root root 1938 Jul 22 05:36 authorization_rules.rb
-rw-r--r--. 1 root root  152 Jul 22 05:36 boot.rb
-rw-r--r--. 1 root root  299 Jul 22 05:36 email.yml
-rw-r--r--. 1 root root  189 Jul 22 05:36 environment.rb
drwxr-xr-x. 2 root root 4096 Jul 22 05:36 environments
-rw-r--r--. 1 root root  998 Jul 22 05:36 general.yml
-rw-r--r--. 1 root root   65 Jul 22 05:36 indexer.yml
drwxr-xr-x. 2 root root 4096 Jul 22 05:36 initializers
drwxr-xr-x. 2 root root 4096 Jul 22 05:36 locales
-rw-r--r--. 1 root root  104 Jul 22 06:05 mongoid.yml
-rw-r--r--. 1 root root 9042 Jul 22 05:36 newrelic.yml
-rw-r--r--. 1 root root 2451 Jul 22 05:36 routes.rb

#vi /opt/graylog2-web-interface/config/mongoid.yml

========================

production:
  host: localhost
  port: 27017
  username: userid
  password: userpwd
  database: graylog2

======================

# passenger-install-apache2-module

#vi /etc/httpd/conf/httpd.conf

Listen 8080
LoadModule passenger_module /usr/lib/ruby/gems/1.9.1/gems/passenger-3.0.14/ext/apache2/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.9.1/gems/passenger-3.0.14
PassengerRuby /usr/bin/ruby

<VirtualHost *:8080>
   ServerName 192.168.100.180
   # !!! Be sure to point DocumentRoot to 'public'!
   DocumentRoot /opt/graylog2-web-interface/public
   <Directory /graylog2>
      # This relaxes Apache security settings.
      AllowOverride all
      # MultiViews must be turned off.
      Options -MultiViews
   </Directory>
</VirtualHost>

# service httpd restart

安裝 elasticsearch service
# /opt/elasticsearch/bin/service/elasticsearch install

設定 elasticsearch service

#vi /usr/local/elasticsearch/config/elasticsearch.yml
cluster.name: graylog2
啟動 elasticsearch-servicewrapper 
# /opt/elasticsearch/bin/service/elasticsearch start

啟動 graylog2 Server
# /opt/elasticsearch/bin/graylog2ctl start


#gem install bundle

#cd /opt/graylog2-web-interface/
#bundle install

安裝所需的 Ruby Modules or Package 請先務必先執行過 gem install bundle

亦可透過 #gem install 先行安裝所需 modules or package 
(RubyGems is a package management framework for Ruby)

# gem list
*** LOCAL GEMS ***
actionmailer (3.2.6, 3.1.3)
actionpack (3.2.6, 3.1.3)
activemodel (3.2.6, 3.1.3)
activerecord (3.2.6, 3.1.3)
activeresource (3.2.6, 3.1.3)
activesupport (3.2.6, 3.1.3, 2.3.4)
arel (3.0.2, 2.2.1)
bigdecimal (1.1.0)
bson (1.6.4, 1.3.1)
bson_ext (1.6.4, 1.3.1)
builder (3.0.0)
bundler (1.1.5, 1.1.3)
chronic (0.6.7)
ci_reporter (1.7.0, 1.6.5)
daemon_controller (1.0.0, 0.2.6)
daemons (1.1.8)
database_cleaner (0.8.0, 0.6.7)
erubis (2.7.0)
eventmachine (0.12.10)
faker (1.0.1, 0.9.5)
fastthread (1.0.7)
git (1.2.5)
graylog2-declarative_authorization (0.5.2)
hashr (0.0.21)
hike (1.2.1)
home_run (1.0.6, 1.0.4)
hoptoad_notifier (2.4.11)
i18n (0.6.0)
io-console (0.3)
journey (1.0.4)
json (1.7.3, 1.5.4)
kaminari (0.13.0, 0.12.4)
machinist (2.0, 1.0.6)
machinist_mongo (1.2.0)
mail (2.4.4, 2.3.0)
metaclass (0.0.1)
mime-types (1.19, 1.17.2)
minitest (3.2.0, 2.5.1)
mocha (0.12.1, 0.9.12)
mongo (1.3.1)
mongoid (3.0.1, 2.4.5)
moped (1.1.3)
multi_json (1.3.6, 1.0.3)
newrelic_rpm (3.4.0.1, 3.3.0)
origin (1.0.4)
passenger (3.0.14, 3.0.13, 3.0.10, 2.2.1)
polyglot (0.3.3)
pony (1.4, 1.3)
rack (1.4.1, 1.3.5)
rack-cache (1.2, 1.1)
rack-mount (0.8.3)
rack-ssl (1.3.2)
rack-test (0.6.1)
rails (3.2.6, 3.1.3)
rails_autolink (1.0.9, 1.0.4)
railties (3.2.6, 3.1.3)
rake (0.9.2.2)
rdoc (3.12, 3.11, 3.9.4)
rdoc-data (3.12)
rest-client (1.6.7)
rpm_contrib (2.1.11, 2.1.6)
shoulda (3.1.1, 2.11.3)
shoulda-activemodel (0.0.2)
shoulda-context (1.0.0)
shoulda-matchers (1.2.0)
sprockets (2.4.5, 2.1.3, 2.0.3)
thin (1.4.1)
thor (0.15.4, 0.14.6)
tilt (1.3.3)
timecop (0.3.5)
tire (0.4.2, 0.3.12)
treetop (1.4.10)
tzinfo (0.3.33, 0.3.31)


初始化 graylog2 的 web-admin ID & PWD 方式 (啟動 graylog2 web )
[root@graylog2 graylog2-web-interface]#pwd
/opt/graylog2-web-interface
[root@graylog2 graylog2-web-interface]#RAILS_ENV=production script/rails server
透過上面這個方式建立 web ID & PWD 後,用建好的 ID & PWD 試看看是否可以正常登入!

[root@graylog2 graylog2-web-interface]# RAILS_ENV=production script/rails server
=> Booting WEBrick
=> Rails 3.2.12 application starting in production on http://0.0.0.0:3000
=> Call with -d to detach
=> Ctrl-C to shutdown server

正式使用方式如下:

安裝 passenger
[root@graylog2 graylog2-web-interface]# gem install passenger
Successfully installed passenger-3.0.14
1 gem installed
Installing ri documentation for passenger-3.0.14...
Installing RDoc documentation for passenger-3.0.14...

graylog2 web 的 啟用方式有二種
(1) 透過 Passenger Standalone (Nginx Server)
#/opt/graylog2-web-interface/passenger start

[root@graylog2 graylog2-web-interface]# passenger start            
*** Phusion Passenger: no passenger_native_support.so found for the current Ruby interpreter. Compiling one...
# mkdir -p /usr/lib/ruby/gems/1.9.1/gems/passenger-3.0.14/ext/ruby/ruby-1.9.3-x86-linux
# cd /usr/lib/ruby/gems/1.9.1/gems/passenger-3.0.14/ext/ruby/ruby-1.9.3-x86-linux
# /usr/bin/ruby '/usr/lib/ruby/gems/1.9.1/gems/passenger-3.0.14/ext/ruby/extconf.rb'
checking for alloca.h... yes
checking for ruby/io.h... yes
creating Makefile
# make
compiling /usr/lib/ruby/gems/1.9.1/gems/passenger-3.0.14/ext/ruby/passenger_native_support.c
linking shared-object passenger_native_support.so
=============== Phusion Passenger Standalone web server started ===============
PID file: /opt/graylog2-web-interface/tmp/pids/passenger.3000.pid
Log file: /opt/graylog2-web-interface/log/passenger.3000.log
Environment: development
Accessible via: http://0.0.0.0:3000/
You can stop Phusion Passenger Standalone by pressing Ctrl-C.
===============================================================================
Rails Error: Unable to access log file. Please ensure that /opt/graylog2-web-interface/log/development.log exists and is chmod 0666. The log level has been raised to WARN and the output directed to STDERR until the problem is fixed.
** [NewRelic][07/22/12 07:26:33 +0800 graylog2 (10379)] INFO : Dispatcher: passenger
** [NewRelic][07/22/12 07:26:33 +0800 graylog2 (10379)] INFO : Application: Graylog2

(2) 透過 passenger-install-apache2-module  (Apache Server)
這是我是透過 apache2-module方式啟動




沒有留言:

張貼留言