Yadda ake Sanya Splunk Log Analyzer akan CentOS 7

Splunk software ce mai ƙarfi, mai ƙarfi, kuma cikakkiyar haɗe-haɗe don sarrafa log ɗin kasuwanci na lokaci-lokaci don tattarawa, adanawa, bincika, tantancewa da bayar da rahoton duk wani log da na'ura da aka samar da bayanai, gami da tsararru, marasa tsari, da hadaddun rajistan ayyukan aikace-aikacen layi mai yawa.

Yana ba ku damar tattarawa, adanawa, fihirisa, bincika, daidaitawa, gani, tantancewa da bayar da rahoto akan kowane bayanan log ko bayanan da aka samar da injin cikin sauri da kuma hanyar maimaitawa, don ganowa da warware matsalolin aiki da tsaro.

Bugu da kari, splunk yana goyan bayan ɗimbin nau'ikan amfani da ayyukan sarrafa log kamar haɓaka loggu da riƙewa, tsaro, magance matsalar ayyukan IT, magance matsalar aikace-aikacen gami da bayar da rahoton yarda da ƙari.

  • Yana da sauƙin daidaitawa kuma yana haɗawa sosai.
  • Yana goyan bayan tushen bayanan gida da na nesa.
  • Yana ba da izinin tantance bayanan inji.
  • yana goyan bayan bincike da daidaita kowane bayanai.
  • Yana ba ku damar zurfafa ƙasa da sama da kunna cikin bayanai.
  • Yana goyan bayan sa ido da faɗakarwa.
  • Hakanan yana goyan bayan rahotanni da dashboards don gani.
  • Yana ba da sauƙi mai sauƙi zuwa bayanan bayanai masu alaƙa, ƙayyadaddun bayanai na filin cikin fayilolin waƙafi (.CSV) ko zuwa wasu shagunan bayanan kasuwanci kamar Hadoop ko NoSQL.
  • Yana goyan bayan fa'idodin sarrafa log na amfani da lokuta da ƙari mai yawa.

A cikin wannan labarin, za mu nuna yadda ake shigar da sabon sigar Splunk log analyzer da yadda ake ƙara fayil ɗin log (tushen bayanai) da bincika ta abubuwan da ke faruwa a cikin CentOS 7 (kuma yana aiki akan rarraba RHEL).

  1. Sabar RHEL 7 tare da Mafi ƙarancin shigarwa.
  2. Mafi ƙarancin 12GB RAM

  1. Linode VPS tare da ƙaramin shigar da CentOS 7.

Sanya Splunk Log Analyzer don saka idanu akan rajistan ayyukan CentOS 7

1. Jeka gidan yanar gizon splunk, ƙirƙiri asusu kuma ansu rubuce-rubucen sabuwar sigar da ake samu don tsarin ku daga shafin zazzagewar Kasuwancin Splunk. Akwai fakitin RPM don Red Hat, CentOS, da nau'ikan Linux iri ɗaya.

A madadin, zaku iya zazzage shi kai tsaye ta hanyar burauzar gidan yanar gizo ko samun hanyar zazzagewar, kuma yi amfani da wget commandv don ɗaukar kunshin ta layin umarni kamar yadda aka nuna.

# wget -O splunk-7.1.2-a0c72a66db66-linux-2.6-x86_64.rpm 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.1.2&product=splunk&filename=splunk-7.1.2-a0c72a66db66-linux-2.6-x86_64.rpm&wget=true'

2. Da zarar kun sauke kunshin, shigar da Splunk Enterprise RPM a cikin tsoho directory/opt/splunk ta amfani da mai sarrafa fakitin RPM kamar yadda aka nuna.

# rpm -i splunk-7.1.2-a0c72a66db66-linux-2.6-x86_64.rpm

warning: splunk-7.1.2-a0c72a66db66-linux-2.6-x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 653fb112: NOKEY
useradd: cannot create directory /opt/splunk
complete

3. Na gaba, yi amfani da layin umarni na Splunk Enterprise (CLI) don fara sabis ɗin.

# /opt/splunk/bin/./splunk start

Karanta ta YARJEJIN LASANCEWAR SPLUNK SOFTWARE ta latsa Shigar. Da zarar kun gama karantawa, za a tambaye ku Shin kun yarda da wannan lasisin? Shigar da Y don ci gaba.

Do you agree with this license? [y/n]: y

Sannan ƙirƙirar takaddun shaida don asusun mai gudanarwa, kalmar sirrin ku dole ne ta ƙunshi aƙalla jimillar haruffa 8 masu bugawa ASCII.

Create credentials for the administrator account.
Characters do not appear on the screen when you type the password.
Password must contain at least:
   * 8 total printable ASCII character(s).
Please enter a new password: 
Please confirm new password:

4. Idan duk fayilolin da aka shigar ba su da kyau kuma duk bayanan farko sun wuce, za a fara daemon uwar garken splunk (splunkd), za a samar da maɓalli na sirri na 2048 RSA kuma za ku iya samun damar shiga yanar gizo na splunk.

All preliminary checks passed.

Starting splunk server daemon (splunkd)...  
Generating a 2048 bit RSA private key
......................+++
.....+++
writing new private key to 'privKeySecure.pem'
-----
Signature ok
subject=/CN=tecmint/O=SplunkUser
Getting CA Private Key
writing RSA key
Done
                                                           [  OK  ]

Waiting for web server at http://127.0.0.1:8000 to be available............. Done


If you get stuck, we're here to help.  
Look for answers here: http://docs.splunk.com

The Splunk web interface is at http://tecmint:8000

5. Bayan haka, buɗe tashar jiragen ruwa 8000 wanda Splunk uwar garken ke saurare, a cikin Tacewar zaɓinku ta amfani da Firewall-cmd.

# firewall-cmd --add-port=8000/tcp --permanent
# firewall-cmd --reload

6. Bude mai binciken gidan yanar gizo kuma buga URL mai zuwa don samun damar haɗin yanar gizon splunk.

http://SERVER_IP:8000

Don shiga, yi amfani da Sunan mai amfani: admin da kalmar sirri da kuka ƙirƙira yayin aikin shigarwa.

7. Bayan nasarar shiga, za ku sauka a cikin splunk admin console wanda aka nuna a cikin hoton da ke gaba. Don saka idanu fayil ɗin log, misali /var/log/amino, danna Ƙara Data.

8. Sannan danna Monitor don ƙara bayanai daga fayil.

9. Daga na gaba dubawa, zabi Files & Directories.

10. Sannan saita misalin don saka idanu fayiloli da kundin adireshi don bayanai. Don saka idanu akan duk abubuwa a cikin kundin adireshi, zaɓi kundin adireshi. Don saka idanu fayil guda ɗaya, zaɓi shi. Danna kan Bincike don zaɓar tushen bayanai.

11. Za a nuna maka jerin kundayen adireshi a cikin tushen(/) directory, kewaya zuwa fayil ɗin log ɗin da kake son saka idanu (/var/log/secure) sannan ka danna Zaɓi.

12. Bayan zaɓar tushen bayanan, zaɓi Ci gaba da saka idanu don kallon wannan fayil ɗin log ɗin sannan danna Next don saita nau'in tushe.

13. Na gaba, saita nau'in tushe don tushen bayanan ku. Don fayil ɗin log ɗin gwajin mu (/var/log/secure) , muna buƙatar zaɓar Tsarin aiki →linux_secure; wannan yana ba da damar splunk sanin cewa fayil ɗin ya ƙunshi saƙonnin tsaro daga tsarin Linux. Sannan danna Next don ci gaba.

14. Kuna iya saita ƙarin sigogin shigarwa da zaɓi don wannan shigarwar bayanai. A ƙarƙashin mahallin App, zaɓi Bincika & Ba da rahoto. Sannan danna Bita. Bayan bita, danna Submit.

15. Yanzu an ƙirƙiri shigarwar fayil ɗinku cikin nasara. Danna Fara Bincike don bincika bayananku.

16. Domin duba duk bayanan da aka shigar, je zuwa Settings→Data→Data Inputs. Sannan danna nau'in da kake son dubawa misali Files & Directories.

17. Wadannan ƙarin umarni ne don sarrafa (sake farawa ko dakatar da) splunk daemon.

# /opt/splunk/bin/./splunk restart
# /opt/splunk/bin/./splunk stop

Daga yanzu, zaku iya ƙara ƙarin tushen bayanai (na gida ko na nesa ta amfani da Splunk Forwarder), bincika bayanan ku da/ko shigar da ƙa'idodin Splunk don haɓaka aikin sa na asali. Kuna iya yin ƙarin ta hanyar karanta takaddun splunk da aka bayar a gidan yanar gizon hukuma.

Shafin Farko: https://www.splunk.com/

Shi ke nan a yanzu! Splunk mai ƙarfi ne, mai ƙarfi da cikakken haɗin kai, software na sarrafa log ɗin kasuwanci na lokaci-lokaci. A cikin wannan labarin, mun nuna yadda ake shigar da sabon sigar Splunk log analyzer akan CentOS 7. Idan kuna da tambayoyi ko tunani don raba, yi amfani da fom ɗin sharhi da ke ƙasa don isa gare mu.