阿里云安装graylog监控nginx访问日志

安装graylog

mkdir ~/graylog

上传文件 docker-compose.yml to ~/graylog/

# docker-compose.yml 配置文件
version: '2'
services:
# MongoDB: https://hub.docker.com/_/mongo/
mongodb:
image: mongo:3.4.10
volumes:
- ~/graylog/data/mongo-data:/data/db
- /etc/localtime:/etc/localtime
# Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/5.5/docker.html
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:5.6.3
volumes:
- ~/graylog/data/es-data:/usr/share/elasticsearch/data
- ~/graylog/config/es-config:/usr/share/elasticsearch/config
- /etc/localtime:/etc/localtime
environment:
- http.host=0.0.0.0
- http.cors.enabled=true
- transport.host=localhost
- network.host=0.0.0.0
- cluster.name=graylog_cluster
# Disable X-Pack security: https://www.elastic.co/guide/en/elasticsearch/reference/5.5/security-settings.html#general-security-settings
- xpack.security.enabled=false
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- TZ=Asia/Shanghai
# Graylog: https://hub.docker.com/r/graylog/graylog/
graylog:
image: graylog/graylog:2.3.2-1
volumes:
- ~/graylog/data/graylog-data:/usr/share/graylog/data/journal
- ~/graylog/config/graylog-config:/usr/share/graylog/data/config
- /etc/localtime:/etc/localtime
environment:
# CHANGE ME!
- GRAYLOG_PASSWORD_SECRET=aaaaaaaaaaaaaaaa
- GRAYLOG_ROOT_PASSWORD_SHA2=9d6e0f76f4dea809bf760dd52c630c1ee774c9a606c4a1edc46fab8627483223
- GRAYLOG_ROOT_TIMEZONE=Asia/Shanghai
# 公开访问的web端地址 需要改成你自己的
- GRAYLOG_WEB_ENDPOINT_URI=https://*******************/api
# es节点存活扫描地址,不配置会扫描localhost:9200
- GRAYLOG_ELASTICSEARCH_HOSTS=http://elasticsearch:9200
- GRAYLOG_ELASTICSEARCH_CLUSTER_NAME=graylog_cluster
- TZ=Asia/Shanghai
links:
- mongodb:mongo
- elasticsearch
depends_on:
- mongodb
- elasticsearch
ports:
# Graylog web interface and REST API
- 9000:9000
# GELF UDP
- 12201:12201/udp
# GELF UDP
- 12202:12202/udp
# Volumes for persisting data, see https://docs.docker.com/engine/admin/volumes/volumes/
volumes:
mongo_data:
driver: local
es_data:
driver: local
graylog_journal:
driver: local
mkdir ~/graylog/data
mkdir ~/graylog/config
mkdir ~/graylog/config/graylog-config
cd ~/graylog/config/graylog-config/
wget https://raw.githubusercontent.com/Graylog2/graylog2-images/2.3/docker/config/graylog.conf
wget https://raw.githubusercontent.com/Graylog2/graylog2-images/2.3/docker/config/log4j2.xml

注释掉 - ~/graylog/config/es-config:/usr/share/elasticsearch/config

docker-compose up
sudo chown -R waters321:waters321 data
docker-compose up
docker cp 5068dec71c00:/usr/share/elasticsearch/config ~/graylog/config/es-config

打开注释掉的 - ~/graylog/config/es-config:/usr/share/elasticsearch/config

docker ps -a
docker rm ... #删除相关的containner
docker-compose up

卸载软件包

dpkg -l |grep nxlog
sudo apt-get --purge remove nxlog-ce
dpkg -l |grep collector-sidecar
sudo apt-get --purge remove collector-sidecar

安装nxlog

wget https://nxlog.co/system/files/products/files/348/nxlog-ce_2.9.1716_ubuntu_1604_amd64.deb
sudo dpkg -i nxlog-ce_2.9.1716_ubuntu_1604_amd64.deb
sudo apt-get install -f
sudo nxlog -s
sudo /etc/init.d/nxlog stop
sudo update-rc.d -f nxlog remove

安装collector-sidecar

wget https://github.com/Graylog2/collector-sidecar/releases/download/0.1.4/collector-sidecar_0.1.4-1_amd64.deb
sudo dpkg -i collector-sidecar_0.1.4-1_amd64.deb
sudo graylog-collector-sidecar -service install
sudo systemctl start collector-sidecar
sudo chown -R nxlog.nxlog /var/spool/collector-sidecar/nxlog
cd /etc/graylog/collector-sidecar/
sudo vim collector_sidecar.yml
#collector_sidecar.yml
server_url: https://mylog.waters321.com/api/
update_interval: 30
tls_skip_verify: true
send_status: true
list_log_files:
- /var/log
node_id: graylog-collector-sidecar
collector_id: file:/etc/graylog/collector-sidecar/collector-id
cache_path: /var/cache/graylog/collector-sidecar
log_path: /var/log/graylog/collector-sidecar
log_rotation_time: 86400
log_max_age: 604800
tags:
- linux
- www-nginx
backends:
- name: nxlog
enabled: true
binary_path: /usr/bin/nxlog
configuration_path: /etc/graylog/collector-sidecar/generated/nxlog.conf
sudo cp /etc/nxlog/nxlog.conf /etc/graylog/collector-sidecar/generated/
sudo systemctl status collector-sidecar
sudo systemctl stop collector-sidecar
sudo systemctl start collector-sidecar
sudo systemctl status collector-sidecar
sudo systemctl restart collector-sidecar