Yadda ake Sanya Kayan Aikin Gudanar da Log ɗin Graylog akan Tsarin RHEL
Graylog shine jagorar jagorancin buɗaɗɗen buɗaɗɗen tsarin sarrafa logsource don tattarawa, adanawa, ƙididdigewa, da kuma nazarin bayanan lokaci-lokaci daga aikace-aikace da ɗimbin na'urori a cikin kayan aikin IT kamar sabobin, masu tuƙi, da wuta.
Graylog yana taimaka muku samun ƙarin haske game da bayanan da aka tattara ta hanyar haɗa bincike da yawa don cikakken bincike da bayar da rahoto. Hakanan yana gano barazanar da yiwuwar mummunan aiki ta hanyar gudanar da bincike mai zurfi na rajistan ayyukan daga tushe mai nisa.
Graylog ya ƙunshi abubuwa masu zuwa:
- Sabar Greylog – Wannan ita ce babbar uwar garken kuma ana amfani da ita don sarrafa rajistan ayyukan.
- Fasahar gidan yanar gizo na Graylog - Wannan aikace-aikacen burauza ne wanda ke ba da hangen nesa ga bayanai da rajistan ayyukan da aka tattara daga wuraren ƙarshe da yawa.
- MongoDB – Sabar bayanai ta NoSQL don adana bayanan sanyi.
- ElasticSearch - Wannan ingin bincike ne na kyauta kuma buɗaɗɗen tushe da injin bincike wanda ke tantancewa da bayyani ga ɗanyen bayanai daga tushe daban-daban.
Gine-gine na Graylog yana karɓar kowane nau'in bayanan da aka tsara ciki har da zirga-zirgar hanyar sadarwa da rajistan ayyukan daga masu zuwa:
- Syslog (TCP, UDP, AMQP, Kafka)
- AWS - rajistan ayyukan AWS, CloudTrail, & FlowLogs.
- Netflow (UDP).
- GELF (TCP, UDP, AMQP, Kafka).
- ELK - Beats, da Logstash.
- Hanyar JSON daga HTTP API.
Wasu daga cikin manyan kamfanonin fasaha waɗanda ke aiwatar da Graylog a cikin tarin fasaharsu sun haɗa da Fiverr, CircleCI, CraftBase, da BitPanda.
A cikin wannan jagorar, za mu nuna muku yadda ake shigar da kayan aikin sarrafa log na Graylog akan RHEL 8 da distros na tushen RHEL kamar AlmaLinux, CentOS Stream, da Rocky Linux.
Mataki 1: Shigar da EPEL Repo da Fakitin Abubuwan da ake buƙata
Don farawa, kuna buƙatar wasu fakiti masu mahimmanci waɗanda za su taimaka yayin da kuke tafiya tare da wannan jagorar. Da farko, shigar da ma'ajiyar EPEL wanda ke ba da ɗimbin fakitin software don rarraba RHEL & RHEL.
$ sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
Na gaba, shigar da fakiti masu zuwa waɗanda za a buƙaci a hanya.
$ sudo dnf install -y pwgen wget curl perl-Digest-SHA
Mataki 2: Sanya Java (OpenJDK) a cikin RHEL
Ɗaya daga cikin abubuwan da ake buƙata don shigar da Graylog shine Java 8 da kuma na baya. Anan, zamu shigar da sabon sakin LTS na Java wanda shine Java 11 wanda OpenJDK 11 zai bayar.
Don haka, gudanar da umarni mai zuwa don shigar da OpenJDK.
$ sudo dnf install java-11-openjdk java-11-openjdk-devel -y
Wannan yana shigar da abubuwan dogaro na Java da ɗimbin sauran abubuwan dogaro.
Da zarar an gama shigarwa, tabbatar da shigar da sigar.
$ java -version
Mataki 3: Sanya Elasticsearch a cikin RHEL
Elasticsearch kyauta ne kuma buɗaɗɗen tushen bincike da injin nazari wanda ke sarrafa bayanai iri-iri da suka haɗa da tsararru, maras tsari, lamba, geospatial, da bayanan rubutu.
Yana da maɓalli mai mahimmanci na tari na Elastic, wanda kuma aka sani da ELK (Elasticsearch, Logstash, da Kibana), kuma ana amfani dashi sosai don sauƙaƙan APIs na REST, scalability da sauri.
Graylog yana buƙatar Elasticsearch 6.x ko 7.x. Za mu shigar da Elasticsearch 7.x wanda shine sabon saki a lokacin buga wannan jagorar.
Ƙirƙiri fayil ɗin ma'auni na Elasticsearch.
$ sudo vim /etc/yum.repos.d/elasticsearch.repo
Na gaba, liƙa waɗannan layukan lambar zuwa fayil ɗin.
[elasticsearch-7.x] name=Elasticsearch repository for 7.x packages baseurl=https://artifacts.elastic.co/packages/oss-7.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md
Ajiye canje-canje kuma fita.
Na gaba, shigar da Elasticsearch ta amfani da mai sarrafa fakitin DNF kamar yadda aka nuna.
$ sudo dnf install elasticsearch-oss
Don Elasticsearch yayi aiki tare da Graylog, ana buƙatar ƴan canje-canje. Don haka buɗe fayil ɗin elasticsearch.yml.
$ sudo vim /etc/elasticsearch/elasticsearch.yml
Sabunta sunan gungu zuwa Graylog kamar yadda aka nuna.
cluster.name: graylog
Ajiye canje-canje kuma fita.
Sa'an nan kuma sake shigar da tsarin gudanarwa na tsarin.
$ sudo systemctl daemon-reload
Na gaba, kunna kuma fara sabis ɗin Elasticsearch ta gudanar da umarni masu zuwa.
$ sudo systemctl enable elasticsearch.service $ sudo systemctl start elasticsearch.service
Elasticsearch yana sauraron tashar jiragen ruwa 9200 ta tsohuwa don aiwatar da buƙatun HTTP. Kuna iya tabbatar da hakan ta hanyar aika buƙatar CURL kamar yadda aka nuna.
$ curl -X GET http://localhost:9200
Mataki 4: Sanya MongoDB a cikin RHEL
Graylog yana amfani da uwar garken bayanan MongoDB don adana bayanan sanyi.
Za mu shigar da MongoDB 4.4, amma da farko, ƙirƙirar fayil ɗin sanyi don MongoDB.
$ sudo vim /etc/yum.repos.d/mongodb-org-4.repo
Sa'an nan manna da wadannan sanyi.
[mongodb-org-4] name=MongoDB Repository baseurl=https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/ gpgcheck=1 enabled=1 gpgkey=https://www.mongodb.org/static/pgp/server-4.4.asc
Ajiye canje-canje kuma fita.
Na gaba, shigar da MongoDB kamar haka.
$ sudo dnf install mongodb-org
Da zarar an shigar, fara kuma kunna MongoDB don farawa akan tsarin farawa.
$ sudo systemctl start mongod $ sudo systemctl enable mongod
Don duba sigar MongoDB, gudanar da umarni:
$ mongo --version
Mataki 5: Shigar da Greylog Server a RHEL
Tare da shigar da duk abubuwan da ake buƙata, yanzu shigar da Graylog ta hanyar aiwatar da umarni masu zuwa.
$ sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-4.2-repository_latest.rpm $ sudo dnf install graylog-server
Kuna iya tabbatar da shigar da Graylog kamar yadda aka nuna:
$ rpm -qi graylog-server
Yanzu, fara kuma kunna uwar garken Graylog don farawa akan lokacin taya.
$ sudo systemctl start graylog-server.service $ sudo systemctl enable graylog-server.service
Mataki 6: Sanya Sabar Greylog a cikin RHEL
Don Graylog yayi aiki kamar yadda aka zata, ana buƙatar wasu ƙarin matakai. Kuna buƙatar ayyana sigogi masu zuwa a cikin fayil ɗin sanyi:
root_password_sha2 password_secret root_username http_bind_address
Za mu ayyana waɗannan masu canji a cikin /etc/graylog/server/server.conf fayil wanda shine babban fayil ɗin sanyi.
Tushen_password_sha2 shine kalmar sirrin hash don tushen mai amfani. Don samar da shi gudanar da umarni mai zuwa. [email kare ] mai riƙe wuri ne kawai. Jin kyauta don saka kalmar sirrinku.
$ echo -n [email | shasum -a 256
Fitowa
68e865af8ddbeffc494508bb6181167fccf0bb7c0cab421c54ef3067bdd8d85d
A lura da wannan kalmar sirri kuma ajiye shi a wani wuri.
Na gaba, samar da sirrin sirri kamar haka:
$ pwgen -N 1 -s 96
Fitowa
T1EtSsecY0QE4jIG3t6e96A5qLU5WhS9p5SliveX9kybWjC3WKhN4246oqGYPe4BTLXaaiOcM7LyuSd9bGAonQxkTsTjuqBf
Bugu da kari, lura da wannan hashed kalmar sirri.
Na gaba, buɗe fayil ɗin sanyi na Graylog.
$ sudo vim /etc/graylog/server/server.conf
Manna ƙimar da kuka ƙirƙira don tushen_password_sha2 da kalmar sirri kamar yadda aka nuna.
root_username = admin root_password_sha2 = 68e865af8ddbeffc494508bb6181167fccf0bb7c0cab421c54ef3067bdd8d85d password_secret = T1EtSsecY0QE4jIG3t6e96A5qLU5WhS9p5SliveX9kybWjC3WKhN4246oqGYPe4BTLXaaiOcM7LyuSd9bGAonQxkTsTjuqBf
Bugu da ƙari, sanya Graylog samun dama ga masu amfani da waje ta hanyar saita siginar http_bind_address kamar haka.
http_bind_address = 0.0.0.0:9000
Hakanan, saita yankin lokaci don uwar garken Graylog.
root_timezone = UTC
Ajiye ku fita fayil ɗin sanyi.
Don amfani da canje-canje, sake kunna uwar garken Graylog.
$ sudo systemctl restart graylog-server.service
Kuna iya tabbatarwa daga fayilolin log ɗin kuma bincika idan Graylog yana gudana kamar yadda aka zata.
$ tail -f /var/log/graylog-server/server.log
Fitowa mai zuwa a layi na ƙarshe yana nuna cewa komai lafiya.
Graylog yana sauraron tashar jiragen ruwa 9000 wanda ke ba da damar yin amfani da hanyar yanar gizo. Don haka, buɗe wannan tashar jiragen ruwa akan Tacewar zaɓi.
$ sudo firewall-cmd --add-port=9000/tcp --permanent $ sudo firewall-cmd --reload
Mataki 7: Shiga Greylog Web UI
Don samun damar Graylog, bincika URL mai zuwa.
http://server-ip:9000 OR http://domain-name:9000
Shiga tare da admin sunan mai amfani da kalmar sirri da aka saita don tushen_password_sha2 a cikin fayil ɗin uwar garken.conf.
Da zarar ka shiga, ya kamata ka ga gaban dashboard mai zuwa.
Daga nan, za ku iya ci gaba da nazarin bayanai da rajistan ayyukan da aka tattara daga kafofin bayanai daban-daban.
Graylog ya ci gaba da kasancewa sanannen tsarin sarrafa log ɗin ga masu haɓakawa da ƙungiyoyin aiki. Binciken bayanan da aka tattara yana ba da zurfin fahimta game da yanayin aiki na aikace-aikace da na'urori daban-daban kuma yana taimakawa nemo kurakurai da haɓaka ayyukan IT.
Wannan shine duka don wannan jagorar. A cikin wannan koyawa, mun nuna yadda ake shigar da Greylog Server akan rarrabawar Linux na tushen RHEL.