debian11 docker graylog 单台docker-compose
echo "
nameserver 114.114.114.114
nameserver 8.8.8.8
" > /etc/resolv.conf
echo "
deb https://mirrors.aliyun.com/debian/ bullseye main non-free contrib
deb-src https://mirrors.aliyun.com/debian/ bullseye main non-free contrib
deb https://mirrors.aliyun.com/debian-security/ bullseye-security main
deb-src https://mirrors.aliyun.com/debian-security/ bullseye-security main
deb https://mirrors.aliyun.com/debian/ bullseye-updates main non-free contrib
deb-src https://mirrors.aliyun.com/debian/ bullseye-updates main non-free contrib
deb https://mirrors.aliyun.com/debian/ bullseye-backports main non-free contrib
deb-src https://mirrors.aliyun.com/debian/ bullseye-backports main non-free contrib">/etc/apt/sources.list
apt-get update
apt-get install -y curl
apt-get install -y gnupg2
apt-get install -y vim
timedatectl set-timezone Asia/Shanghai
cat >> /etc/security/limits.conf <<EOF root soft nofile 65535 root hard nofile 65536
* soft nofile 65535 * hard nofile 65536
root soft nproc 64000
root hard nproc 64000 * soft nproc 64000
* hard nproc 64000 EOF
---------------------------------
docker 部分:
导入官方秘钥:
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
使用阿里云镜像:
mkdir graylog
cd graylog
vim docker-compose.yml
version: '2' services: # MongoDB: https://hub.docker.com/_/mongo/ mongodb: image: mongo:5.0.13 #image: harbor.onlyedu.online:1080/baseimage/mongo:5.0.13_alex volumes: - mongo_data:/data/db environment: - TZ=Asia/Shanghai networks: - graylog # Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/7.10/docker.html elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2 #image: harbor.onlyedu.online:1080/baseimage/elasticsearch-oss:7.10.2_alex volumes: - es_data:/usr/share/elasticsearch/data environment: - http.host=0.0.0.0 - transport.host=localhost - network.host=0.0.0.0 - "ES_JAVA_OPTS=-Xms4g -Xmx7g" - TZ=Asia/Shanghai ulimits: memlock: soft: -1 hard: -1 mem_limit: 8g ports: - 9200:9200 networks: - graylog # Graylog: https://hub.docker.com/r/graylog/graylog/ graylog: image: graylog/graylog:5.0 #image: harbor.onlyedu.online:1080/baseimage/graylog/graylog:5.0_alex volumes: - graylog_data:/usr/share/graylog/data - /etc/localtime:/etc/localtime:ro networks: - graylog environment: # CHANGE ME (must be at least 16 characters)! - GRAYLOG_PASSWORD_SECRET=somepasswordpepper # Password: admin #- GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918 - GRAYLOG_ROOT_PASSWORD_SHA2=e3f90773b65a6ddf79197c61bbeead79c962b561cf31e5c765e8c81cd51d3c32 - GRAYLOG_HTTP_EXTERNAL_URI=http://127.0.0.1:9000/ # - GRAYLOG_ROOT_TIMEZONE = Asia/Shanghai - GRAYLOG_ROOT_TIMEZONE=Asia/Shanghai - TZ=Asia/Shanghai - GRAYLOG_TIMEZONE=Asia/Shanghai entrypoint: /usr/bin/tini -- wait-for-it elasticsearch:9200 -- /docker-entrypoint.sh # entrypoint: /usr/bin/tini -- /docker-entrypoint.sh links: - mongodb:mongo - elasticsearch restart: always depends_on: - mongodb - elasticsearch ports: # Graylog web interface and REST API - 9000:9000 # Syslog TCP - 1514:1514 # Syslog UDP - 1514:1514/udp # GELF TCP - 12201:12201 - 12202:12202 # GELF UDP - 12201:12201/udp - 12202:12202/udp - 5555:5555 - 5044:5044 # Volumes for persisting data, see https://docs.docker.com/engine/admin/volumes/volumes/ volumes: mongo_data: driver: local es_data: driver: local graylog_data: driver: local networks: graylog: driver: bridge # ipam: # config: # - subnet: 172.29.0.0/16 # gateway: 172.29.0.1
修改admin密码:
echo -n "Enter Password: " && head -1 </dev/stdin | tr -d ' ' | sha256sum | cut -d " " -f 1
---------------------------------
安装sidecar 1.4.0版本适合graylog 5.0
https://alexonly.obs.cn-east-3.myhuaweicloud.com/graylog-sidecar_1.4.0-1_amd64.deb
----------------------------------
filebeat
https://alexonly.obs.cn-east-3.myhuaweicloud.com/filebeat-9.0.0-amd64.deb
------------------------------------
sidecar config:
# Needed for Graylog fields_under_root: true fields.collector_node_id: ${sidecar.nodeName} fields.gl2_source_collector: ${sidecar.nodeId} filebeat.inputs: - type: filestream id: bossid enabled: true paths: - /log/bossprod/*.log #- /log/bosslocal/alex.log close_inactive: 1m symlinks: true parsers: - multiline: type: pattern pattern: '^[^(202)]' negate: false match: after ignore_older: 24h fields: projectenv: bossprod output.logstash: hosts: ['10.78.100.30:5044'] #output.console: # pretty: true processors: - add_fields: when: regexp: message: "error|ERROR" target: "" fields: alexerror: true - script: lang: javascript source: > function process(event) { var alexpath = event.Get("log.file.path"); event.Put("k8smodule",alexpath.split('.')[0].split('/')[3]); return event; }
nginx 多主机配置: deepseek 搜索Proxy Web Interface and API Traffic under a Path Prefix Using HTTP and ip allow only
geo $is_allowed { default 0; 1.2.3.4 1; 1.2.3.4/24 1; }
# location /graylog/ # { # if ($is_allowed = 0){ # return 403; # } # proxy_set_header Host $http_host; # proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Server $host; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Graylog-Server-URL http://$server_name/graylog/; # rewrite ^/graylog/(.*) /$1 break; # proxy_pass http://10.78.100.30:9000; # auth_basic off; # }
浙公网安备 33010602011771号