Graylog 架構
Graylog 集群架構
Graylog 官方 docker 鏡像:
docker pull mongo:3
docker pull elasticsearch:2
docker pull graylog2/server:2.1.2-1
docker-compose 服務腳本:
version: '2' services: mongo: image: "mongo:3" volumes: - /data/mongo:/data/db elasticsearch: image: "elasticsearch:2" volumes: - /data/elasticsearch:/usr/share/elasticsearch/data command: "elasticsearch -Des.cluster.name='graylog'" graylog: image: graylog2/server:2.1.2-1 environment: GRAYLOG_WEB_ENDPOINT_URI: http://x.x.x.x:9000/api depends_on: - mongo - elasticsearch ports: - "9000:9000" - "514:514" - "515:515"
啟動腳本
docker-compose -f graylog.yml up -d
瀏覽器訪問 http://x.x.x.x:9000 默認的帳號密碼為 admin
在webui上建立syslog tcp input
client 設定
vi /etc/rsyslog.conf
加入
*.* @192.168.1.201
重啟
/etc/init.d/rsyslog restart
在webui上查看input的message