概述

系统：CentOS8.2 mini

软件要求：
Graylog offers official DEB and RPM package repositories. The packages have been tested on the following operating systems:

• Ubuntu 16.04, 18.04, 20.04
• Debian 8, 9, 10
• RHEL/CentOS 6, 7, 8

预先准备环境：

• Java ( >= 8 )
• Elasticsearch (5.x or 6.x)
• MongoDB (3.6, 4.0 or 4.2)

Graylog 3 不支持 Elasticsearch 7.x!

开始安装

1. 安装java

使用命令：#yum install java-1.8.0-openjdk-headless.x86_64 -y

2. 安装pwgen

使用命令： #yum install epel-release && yum install pwgen -y

3. 安装MongoDB

编辑yum源#vim /etc/yum.repos.d/mongodb-org.repo内容如下：

[mongodb-org-4.2]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.2.asc

安装命令：#yum install mongodb-org -y，设置启动项，并启用MongoDB服务。

#systemctl daemon-reload
#systemctl enable mongod.service
#systemctl start mongod.service
#systemctl --type=service --state=active | grep mongod

4. 安装Elasticsearch

插入密钥#rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch,编辑yum源#vim /etc/yum.repos.d/elasticsearch.repo，内容如下：

[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/oss-6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

安装命令：#yum install elasticsearch-oss -y.

手动修改配置文件/etc/elasticsearch/elasticsearch.yml或者使用命令：

#tee -a /etc/elasticsearch/elasticsearch.yml > /dev/null <<EOT
cluster.name: graylog
action.auto_create_index: false
EOT

设置启动项，并启用Elasticsearch服务。

#systemctl daemon-reload
#systemctl enable elasticsearch.service
#systemctl restart elasticsearch.service
#systemctl --type=service --state=active | grep elasticsearch

5. 安装Graylog

5.1 可选项：安装包含组件打graylog，输入命令：

#rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-3.3-repository_latest.rpm
#yum update && sudo yum install graylog-server graylog-enterprise-plugins graylog-integrations-plugins graylog-enterprise-integrations-plugins -y

5.2 或者简单安装，输入命令：#yum install graylog-server -y
5.3 生成password_secret密码,#pwgen -N 1 -s 96
5.4 生成root_password_sha2密码，#echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
5.5 修改配置文件#vim /etc/graylog/server/server.conf添加password_secret和root_password_sha2，把上面生成到加密信息，填写到相应到选项。
5.6 启动服务，设置开机启动项

#systemctl daemon-reload
#systemctl enable graylog-server.service
#systemctl start graylog-server.service
#systemctl --type=service --state=active | grep graylog

测试

输入ip:9000，账号：root 密码：就是上面生成的。