基于GrayLog日志平台部署说明

一、部署架构

负载均衡: lvs+keepalived,用于WEB、REST API、日志信息输入的负载
graylog-server集群: 用于集中控制filebet、日志信息输入、及API
WEB-interfae: 用于用户交互,查看日志、报表、搜索、用户角色等
mongodb副本集: 用户存储graylog-server配置
elasticsearch集群: 存储日志信息

二、部署配置

2.1 lvs-keepalived

负载信息列表

安装软件包

yum install ipvsadm keepalived -y  

keepalived配置文件

! Configuration File for keepalived
#全局配置
global_defs {  
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   smtp_server 192.168.200.1
   smtp_connect_timeout 30
   router_id LVS_DEVEL
}
#路由配置
static_routes {  
    default  dev eth3
}
#NAT VIP VRRP实例,用于HA
vrrp_instance VI_1 {  
    state MASTER
    interface eth3
#    lvs_sync_daemon_inteface eth1
    virtual_router_id 51
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
         119.147.144.31
    }
}

vrrp_instance VI_2 {  
    state MASTER
    interface eth1
#    lvs_sync_daemon_inteface eth1
    virtual_router_id 51
    priority 90
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
         10.33.91.200
    }
}


#NAT虚拟服务器实例,lvs的配置及心跳检查,graylog的web及RESTAPI的负载配置
virtual_server  119.147.144.31 9000 {  
    delay_loop 6
    lb_algo rr
    lb_kind nat
    nat_mask 255.255.255.0
    persistence_timeout 50
    protocol TCP

    real_server 10.33.91.49 9000 {
        weight 1
        TCP_CHECK {
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
            connect_port 9000
            #bindto 10.134.22.60
        }
    }

    real_server 10.33.91.59 9000 {
        weight 1
        TCP_CHECK {
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
            connect_port 9000
           #bindto 10.134.22.60
        }
    }

}

#DR虚拟服务器实例,lvs的配置及心跳检查,graylog信息收集的负载配置
virtual_server  10.33.91.200 514 {  
    delay_loop 6
    lb_algo rr
    lb_kind DR
    nat_mask 255.255.255.0
    persistence_timeout 50
    protocol TCP

    real_server 10.33.91.49 514 {
        weight 1
        TCP_CHECK {
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
            connect_port 514
            #bindto 10.134.22.60
        }
    }
    real_server 10.33.91.59 514 {
        weight 1
        TCP_CHECK {
            connect_timeout 3
            nb_get_retry 3
            delay_before_retry 3
            connect_port 514
            #bindto 10.134.22.60
        }
    }
}

2.2 graylog

安装

#需要安装jdk,下载解压无需安装
wget https://github.com/Graylog2/graylog2-server/archive/master.zip  
unzip master.zip  

配置

is_master = true    #集群master设置
password_secret = CC67NUVeKQLgRZ3lsoYyzEkTr2eHvfclt0LEnsm0La7jJoXuy34pW0R6UWUEIUFiMVW9cbrSLhGDRAE341PPjFwLNWAVEee7    #随机值用于密码加盐
root_username = zhutougg    #web账号名
root_password_sha2 = 5bae9d42be49302292e9e964ab5f6d9aa7eb5cd92348fe7bdce0dc393968284e    #密码哈希
rest_listen_uri = http://10.33.91.49:9000/api/    #api端口监听配置
web_listen_uri = http://10.33.91.49:9000/    #web端口监听设置
web_endpoint_uri = http://119.147.144.31:9000/api    #api外部ip(或域名),如果前面有负载均衡或代理,需要配置为负载或代理的ip,否则外部无法访问api
elasticsearch_cluster_name = zhutougg_graylog_dg    #elasticsearch集群名
elasticsearch_discovery_zen_ping_unicast_hosts = 10.33.91.48:9300,10.33.91.58:9300
elasticsearch_network_host = 10.33.91.49    #elasticserarch与graylog通信端口,
mongodb_uri = mongodb://10.33.91.49/graylog    #mongodb设置,副本集配置时,mongodb以逗号隔开

2.3 elasticearch集群配置

安装

wget https://download.elastic.co/elasticsearch/release/org/elasticsearch/distribution/tar/elasticsearch/2.4.5/elasticsearch-2.4.5.tar.gz  
tar -zxvf elasticsearch-2.4.5.tar.gz  

配置

cluster.name: hhlygraylog_dg   #集群名
node.name: Glog_02_dg    #节点名
network.host: 10.33.91.48    #端口监听地址
discovery.zen.ping.multicast: false    #关闭多播发现
discovery.zen.ping.unicast.hosts: ["10.33.91.48", "10.33.91.58"]    #节点地址

2.4 mongodb副本集配置

安装

#配置yum源
[mongodb-org-3.2]
name=MongoDB Repository  
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.2/x86_64/  
gpgcheck=1  
enabled=1  
gpgkey=https://www.mongodb.org/static/pgp/server-3.2.asc

#yum安装
yum install mongo*  

配置

注:副本集需要三个节点才能切换

mongod --replSet "rs0"    #启动时设置副本集名称,主节点及副本均需要设置  
mongo    #进入mongoshell  
rs.initiate()    #主节点启动副本  
rs.add("副本ip")    #主节点添加副本  
rs.status()    #查看节点状态  

2.5 最后

欢迎大家加入小密圈,一起交流进步

zhutougg

继续阅读此作者的更多文章