> Linux命令 > 如何在 Debian 12 上安装 Graylog

如何在 Debian 12 上安装 Graylog

Linux命令 Edge插件网 1年前 (2023-11-05) 381次浏览 已收录 0个评论

日志管理和分析在当今数据驱动的世界中至关重要。有效地管理日志有助于组织获得有价值的见解并提高安全性。Graylog是一个强大的开源日志管理平台,为日志数据的聚合、处理和可视化提供了理想的解决方案。

如何在 Debian 12 上安装 Graylog

在 Debian 上安装 Graylog 12 Bookworm

步骤 1。首先确保您拥有最新版本的 Graylog。为此,请使用以下命令更新软件包列表:

<span class="pln">sudo apt update
sudo apt upgrade</span>

此命令更新可用软件包列表,确保您拥有有关软件包及其版本的最新信息。

第2步。安装必要的软件包和依赖项。

Graylog 依赖于需要安装的特定包和依赖项。执行以下命令进行安装:

<span class="pln">sudo apt install apt</span><span class="pun">-</span><span class="pln">transport</span><span class="pun">-</span><span class="pln">https openjdk</span><span class="pun">-</span><span class="lit">11</span><span class="pun">-</span><span class="pln">jre</span><span class="pun">-</span><span class="pln">headless uuid</span><span class="pun">-</span><span class="pln">runtime pwgen</span>

第 3 步。安装 Elasticsearch。

为确保 Elasticsearch 软件包的真实性,请将其 GPG 密钥添加到您的系统中:

<span class="pln">wget </span><span class="pun">-</span><span class="pln">qO </span><span class="pun">-</span><span class="pln"> https</span><span class="pun">:</span><span class="com">//artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg</span>

将 Elasticsearch APT 存储库集成到您的包管理器中:

<span class="pln">echo </span><span class="str">"deb https://artifacts.elastic.co/packages/7.x/apt stable main"</span> <span class="pun">|</span><span class="pln"> sudo tee </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">apt</span><span class="pun">/</span><span class="pln">sources</span><span class="pun">.</span><span class="pln">list</span><span class="pun">.</span><span class="pln">d</span><span class="pun">/</span><span class="pln">elastic</span><span class="pun">-</span><span class="lit">7.x</span><span class="pun">.</span><span class="pln">list</span>

现在,安装 Elasticsearch:

<span class="pln">sudo apt update
sudo apt install elasticsearch</span><span class="pun">=</span><span class="lit">7.10</span><span class="pun">.</span><span class="lit">2</span>

将 Elasticsearch 配置为在启动时自动启动并启动服务:

<span class="pln">sudo systemctl enable elasticsearch
sudo systemctl start elasticsearch</span>

第 4 步。安装 MongoDB。

与 Elasticsearch 类似,我们需要添加 MongoDB APT 存储库:

<span class="pln">wget </span><span class="pun">-</span><span class="pln">qO </span><span class="pun">-</span><span class="pln"> https</span><span class="pun">:</span><span class="com">//www.mongodb.org/static/pgp/server-6.0.asc | sudo apt-key add -</span><span class="pln">
echo </span><span class="str">"deb http://repo.mongodb.org/apt/debian bullseye/mongodb-org/6.0 main"</span> <span class="pun">|</span><span class="pln"> sudo tee </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">apt</span><span class="pun">/</span><span class="pln">sources</span><span class="pun">.</span><span class="pln">list</span><span class="pun">.</span><span class="pln">d</span><span class="pun">/</span><span class="pln">mongodb</span><span class="pun">-</span><span class="pln">org</span><span class="pun">-</span><span class="lit">6.0</span><span class="pun">.</span><span class="pln">list</span>

使用以下命令安装 MongoDB:

<span class="pln">sudo apt update
sudo apt install mongodb</span><span class="pun">-</span><span class="pln">org</span>

启动并启用 MongoDB 以确保它在系统启动时运行:

<span class="pln">sudo systemctl enable mongod
sudo systemctl start mongod</span>

您需要在 MongoDB 中为 Graylog 创建一个用户,以允许 Graylog 访问数据库。执行以下命令:

<span class="pln">mongo</span>

这将打开 MongoDB shell。在 shell 中,为 Graylog 创建一个用户和数据库:

<span class="kwd">use</span><span class="pln"> graylog
db</span><span class="pun">.</span><span class="pln">createUser</span><span class="pun">(</span>
<span class="pun">{</span><span class="pln">
user</span><span class="pun">:</span> <span class="str">"graylog"</span><span class="pun">,</span><span class="pln">
pwd</span><span class="pun">:</span> <span class="str">"your-strong-password"</span><span class="pun">,</span><span class="pln">
roles</span><span class="pun">:</span> <span class="pun">[</span> <span class="str">"readWrite"</span><span class="pun">,</span> <span class="str">"dbAdmin"</span> <span class="pun">]</span>
<span class="pun">}</span>
<span class="pun">)</span>

替换为您选择的安全密码。"your-strong-password"

第 5 步。在 Debian 12安装 Graylog

现在,将 Graylog APT 存储库添加到您的系统中:

<span class="pln">wget https</span><span class="pun">:</span><span class="com">//packages.graylog2.org/repo/packages/graylog-5.1-repository_latest.deb</span><span class="pln">
sudo dpkg </span><span class="pun">-</span><span class="pln">i graylog</span><span class="pun">-</span><span class="lit">5.1</span><span class="pun">-</span><span class="pln">repository_latest</span><span class="pun">.</span><span class="pln">deb
sudo apt update</span>

安装 Graylog 服务器:

<span class="pln">sudo apt install graylog</span><span class="pun">-</span><span class="pln">server</span>

接下来,编辑 Graylog 配置文件以设置密码密钥:

<span class="pln">sudo nano </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">graylog</span><span class="pun">/</span><span class="pln">server</span><span class="pun">/</span><span class="pln">server</span><span class="pun">.</span><span class="pln">conf</span>

Locate the following line:

<span class="pln">password_secret </span><span class="pun">=</span><span class="pln"> your</span><span class="pun">-</span><span class="pln">secret</span><span class="pun">-</span><span class="pln">password</span>

替换为强随机密码。保存文件。"your-secret-password"

之后,生成用于保护用户会话的密钥:

<span class="pln">pwgen </span><span class="pun">-</span><span class="pln">N </span><span class="lit">1</span> <span class="pun">-</span><span class="pln">s </span><span class="lit">96</span>

复制生成的密钥并将其添加到配置文件中:

<span class="pln">sudo nano </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">graylog</span><span class="pun">/</span><span class="pln">server</span><span class="pun">/</span><span class="pln">server</span><span class="pun">.</span><span class="pln">conf</span>

找到行:

<span class="pln">secret_key </span><span class="pun">=</span><span class="pln"> your</span><span class="pun">-</span><span class="pln">secret</span><span class="pun">-</span><span class="pln">key</span>

复制生成的密钥;您将在 Graylog Web 界面中用到它。

现在 Graylog 已经安装并配置好了,让我们开始服务。

<span class="pln">sudo systemctl enable graylog</span><span class="pun">-</span><span class="pln">server
sudo systemctl start graylog</span><span class="pun">-</span><span class="pln">server</span>

第 6 步。访问 Graylog Web 界面。

打开 Web 浏览器并导航到端口 9000 上的服务器 IP 地址或域名:

<span class="pln">http</span><span class="pun">:</span><span class="com">//your-server-ip:9000</span>

使用默认凭据登录:

  • 用户名:admin
  • 密码:您在 Graylog 安装过程中设置的密码。

如何在 Debian 12 上安装 Graylog

成功登录后,出于安全原因,Graylog 会提示您更改用户的密码。按照提示设置新密码。admin

感谢您使用本教程在 Debian 12 Bookworm 上安装最新版本的 Graylog。如需更多帮助或有用信息,我们建议您查看 Graylog 官方网站

Edge插件网 , 版权所有丨如未注明 , 均为原创丨本网站采用BY-NC-SA协议进行授权
转载请注明原文链接:如何在 Debian 12 上安装 Graylog
喜欢 (0)
发表我的评论
取消评论
表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址