tachtler:graylog
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
tachtler:graylog [2018/05/04 10:48] – [TLS: Eigene CA erstellen] klaus | tachtler:graylog [Unbekanntes Datum] (aktuell) – gelöscht - Externe Bearbeitung (Unbekanntes Datum) 127.0.0.1 | ||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
- | ====== graylog ====== | ||
- | |||
- | [[https:// | ||
- | * [[https:// | ||
- | * [[https:// | ||
- | |||
- | ^ Beschreibung | ||
- | | Homepage | ||
- | | Dokumentation | [[http:// | ||
- | | Download | ||
- | |||
- | Ab hier werden zur Ausführung nachfolgender Befehle **'' | ||
- | < | ||
- | $ su - | ||
- | Password: | ||
- | </ | ||
- | |||
- | ===== Voraussetzungen ===== | ||
- | |||
- | Nachfolgende Voraussetzungen müssen **__vor__** der Installation von [[https:// | ||
- | * Installiertes JAVA z.B. OpenJDK **ab der Version 1.7.0** | ||
- | * Lauffähiger Datenbank-Server [[https:// | ||
- | * Lauffähiger Such-Server [[https:// | ||
- | |||
- | ===== Vorbereitung ===== | ||
- | |||
- | Zur Installation von [[https:// | ||
- | |||
- | * Installation von OpenJDK | ||
- | * [[http:// | ||
- | * Installation von [[https:// | ||
- | * [[https:// | ||
- | * Installation von [[https:// | ||
- | * [[https:// | ||
- | * Installation von [[https:// | ||
- | * [[https:// | ||
- | |||
- | Die Einbindung der einzelnen Repositories wird nachfolgend beschrieben: | ||
- | * [[https:// | ||
- | * [[https:// | ||
- | * [[https:// | ||
- | |||
- | ==== Repository: EPEL ==== | ||
- | |||
- | Nachfolgende Beschreibung bindet das Drittanbieter-Repository von [[https:// | ||
- | * **Siehe nachfolgenden internen Link: [[tachtler: | ||
- | |||
- | :!: **HINWEIS** - Auf das Einbinden des eigenen [[https:// | ||
- | |||
- | ==== Repository: Elasticsearch ==== | ||
- | |||
- | Nachfolgende Beschreibung bindet das Drittanbieter-Repository von [[https:// | ||
- | |||
- | Mit nachfolgendem Befehl muss in nachfolgendem Verzeichnis mit nachfolgendem Namen eine Konfigurationsdatei erstellt werden | ||
- | * ''/ | ||
- | < | ||
- | # touch / | ||
- | </ | ||
- | welche nachfolgenden Inhalt aufweisen sollte: | ||
- | < | ||
- | [elasticsearch-1.7] | ||
- | name=Elasticsearch repository for 1.7.x packages | ||
- | baseurl=http:// | ||
- | gpgcheck=1 | ||
- | gpgkey=http:// | ||
- | enabled=1 | ||
- | </ | ||
- | |||
- | Zur Absicherung der Installation aus den richtigen Quellen, sollte mit nachfolgendem Befehl der **GPG-Schlüssel** heruntergeladen werden | ||
- | < | ||
- | # wget -P / | ||
- | --2015-11-03 09: | ||
- | Resolving packages.elastic.co (packages.elastic.co)... 107.22.245.230, | ||
- | Connecting to packages.elastic.co (packages.elastic.co)|107.22.245.230|: | ||
- | HTTP request sent, awaiting response... 200 OK | ||
- | Length: 1768 (1.7K) [binary/ | ||
- | Saving to: ‘/ | ||
- | |||
- | 100%[======================================> | ||
- | |||
- | 2015-11-03 09:52:10 (134 MB/s) - ‘/ | ||
- | |||
- | </ | ||
- | und anschließend mit nachfolgendem Befehl **importiert** werden | ||
- | < | ||
- | # rpm --import / | ||
- | </ | ||
- | * //Es erfolgt keine Ausgabe, falls der Befehl __ohne__ Fehler ausgeführt wurde!// | ||
- | |||
- | Anschließend sollten gespeicherte Informationen über die Installationsquellen zurückgesetzt werden, indem nachfolgender Befehl diese Informationen löscht: | ||
- | < | ||
- | # yum clean all | ||
- | Loaded plugins: changelog, priorities | ||
- | Cleaning repos: base elasticsearch-1.7 epel extras updates | ||
- | Cleaning up everything | ||
- | </ | ||
- | |||
- | Eine Überprüfung mit nachfolgendem Befehl, sollte die korrekte Einbindung des Repositorys bestätigen und in etwa eine Ausgabe wie die nachfolgende zur Anzeige bringen: | ||
- | < | ||
- | # yum list elasticsearch | ||
- | Loaded plugins: changelog, priorities | ||
- | 77 packages excluded due to repository priority protections | ||
- | Available Packages | ||
- | elasticsearch.noarch | ||
- | </ | ||
- | |||
- | ==== Repository: graylog ==== | ||
- | |||
- | Nachfolgende Beschreibung bindet das Drittanbieter-Repository von [[https:// | ||
- | |||
- | Zur Installation des Drittanbieter-Repositorys von [[https:// | ||
- | < | ||
- | # wget -P /tmp https:// | ||
- | --2015-11-03 11: | ||
- | Resolving packages.graylog2.org (packages.graylog2.org)... 54.247.96.254 | ||
- | Connecting to packages.graylog2.org (packages.graylog2.org)|54.247.96.254|: | ||
- | HTTP request sent, awaiting response... 302 Found | ||
- | Location: https:// | ||
- | --2015-11-03 11: | ||
- | Resolving graylog2-package-repository.s3.amazonaws.com (graylog2-package-repository.s3.amazonaws.com)... 54.231.129.48 | ||
- | Connecting to graylog2-package-repository.s3.amazonaws.com (graylog2-package-repository.s3.amazonaws.com)|54.231.129.48|: | ||
- | HTTP request sent, awaiting response... 200 OK | ||
- | Length: 3108 (3.0K) [application/ | ||
- | Saving to: ‘/ | ||
- | |||
- | 100%[======================================> | ||
- | |||
- | 2015-11-03 11:51:41 (3.28 MB/s) - ‘/ | ||
- | |||
- | </ | ||
- | |||
- | Das soeben heruntergeladene **'' | ||
- | < | ||
- | # yum localinstall / | ||
- | Loaded plugins: changelog, priorities | ||
- | Examining / | ||
- | Marking / | ||
- | Resolving Dependencies | ||
- | --> Running transaction check | ||
- | ---> Package graylog-1.2-repository-el7.noarch 0:1.2.0-4 will be installed | ||
- | --> Finished Dependency Resolution | ||
- | |||
- | Changes in packages about to be updated: | ||
- | |||
- | |||
- | Dependencies Resolved | ||
- | |||
- | ================================================================================ | ||
- | | ||
- | ================================================================================ | ||
- | Installing: | ||
- | | ||
- | noarch 1.2.0-4 / | ||
- | |||
- | Transaction Summary | ||
- | ================================================================================ | ||
- | Install | ||
- | |||
- | Total size: 1.1 k | ||
- | Installed size: 1.1 k | ||
- | Is this ok [y/d/N]: y | ||
- | Downloading packages: | ||
- | Running transaction check | ||
- | Running transaction test | ||
- | Transaction test succeeded | ||
- | Running transaction | ||
- | Installing : graylog-1.2-repository-el7-1.2.0-4.noarch | ||
- | Verifying | ||
- | |||
- | Installed: | ||
- | graylog-1.2-repository-el7.noarch 0: | ||
- | |||
- | Complete! | ||
- | </ | ||
- | |||
- | Der Inhalt des **'' | ||
- | < | ||
- | # rpm -qil graylog-1.2-repository-el7.noarch | ||
- | Name : graylog-1.2-repository-el7 | ||
- | Version | ||
- | Release | ||
- | Architecture: | ||
- | Install Date: Tue 03 Nov 2015 11:54:16 AM CET | ||
- | Group : optional | ||
- | Size : 1096 | ||
- | License | ||
- | Signature | ||
- | Source RPM : graylog-1.2-repository-el7-1.2.0-4.src.rpm | ||
- | Build Date : Mon 26 Oct 2015 05:49:46 PM CET | ||
- | Build Host : eda1ecbf991f | ||
- | Relocations : / | ||
- | Packager | ||
- | Vendor | ||
- | URL : https:// | ||
- | Summary | ||
- | Description : | ||
- | Package to install Graylog 1.2 GPG key and repository | ||
- | / | ||
- | / | ||
- | </ | ||
- | |||
- | Zur Absicherung der Installation aus den richtigen Quellen, sollte mit nachfolgendem Befehl der **GPG-Schlüssel** nun **importiert** werden | ||
- | < | ||
- | # rpm --import / | ||
- | </ | ||
- | * //Es erfolgt keine Ausgabe, falls der Befehl __ohne__ Fehler ausgeführt wurde!// | ||
- | |||
- | Anschließend sollten gespeicherte Informationen über die Installationsquellen zurückgesetzt werden, indem nachfolgender Befehl diese Informationen löscht: | ||
- | < | ||
- | # yum clean all | ||
- | Loaded plugins: changelog, priorities | ||
- | Cleaning repos: base elasticsearch-2.0 epel extras graylog updates | ||
- | Cleaning up everything | ||
- | </ | ||
- | |||
- | Eine Überprüfung mit nachfolgendem Befehl, sollte die korrekte Einbindung des Repositorys bestätigen und in etwa eine Ausgabe wie die nachfolgende zur Anzeige bringen: | ||
- | < | ||
- | # yum list graylog-server graylog-web | ||
- | Loaded plugins: changelog, priorities | ||
- | 77 packages excluded due to repository priority protections | ||
- | Available Packages | ||
- | graylog-server.noarch | ||
- | graylog-web.noarch | ||
- | </ | ||
- | |||
- | ===== Installation: | ||
- | |||
- | Mit nachfolgendem Befehl, kann das '' | ||
- | < | ||
- | # yum install java-1.8.0-openjdk | ||
- | Loaded plugins: changelog, priorities | ||
- | 77 packages excluded due to repository priority protections | ||
- | Resolving Dependencies | ||
- | --> Running transaction check | ||
- | ---> Package java-1.8.0-openjdk.x86_64 1: | ||
- | --> Processing Dependency: java-1.8.0-openjdk-headless = 1: | ||
- | --> Processing Dependency: xorg-x11-fonts-Type1 for package: 1: | ||
- | --> Processing Dependency: libpng15.so.15(PNG15_0)(64bit) for package: 1: | ||
- | --> Processing Dependency: libjvm.so(SUNWprivate_1.1)(64bit) for package: 1: | ||
- | --> Processing Dependency: libjpeg.so.62(LIBJPEG_6.2)(64bit) for package: 1: | ||
- | --> Processing Dependency: libjli.so(SUNWprivate_1.1)(64bit) for package: 1: | ||
- | --> Processing Dependency: libjava.so(SUNWprivate_1.1)(64bit) for package: 1: | ||
- | --> Processing Dependency: fontconfig for package: 1: | ||
- | --> Processing Dependency: libpng15.so.15()(64bit) for package: 1: | ||
- | --> Processing Dependency: libjvm.so()(64bit) for package: 1: | ||
- | --> Processing Dependency: libjpeg.so.62()(64bit) for package: 1: | ||
- | --> Processing Dependency: libjli.so()(64bit) for package: 1: | ||
- | --> Processing Dependency: libjava.so()(64bit) for package: 1: | ||
- | --> Processing Dependency: libgif.so.4()(64bit) for package: 1: | ||
- | --> Processing Dependency: libawt.so()(64bit) for package: 1: | ||
- | --> Processing Dependency: libXtst.so.6()(64bit) for package: 1: | ||
- | --> Processing Dependency: libXrender.so.1()(64bit) for package: 1: | ||
- | --> Processing Dependency: libXi.so.6()(64bit) for package: 1: | ||
- | --> Processing Dependency: libXext.so.6()(64bit) for package: 1: | ||
- | --> Processing Dependency: libX11.so.6()(64bit) for package: 1: | ||
- | --> Running transaction check | ||
- | ---> Package fontconfig.x86_64 0: | ||
- | --> Processing Dependency: fontpackages-filesystem for package: fontconfig-2.10.95-7.el7.x86_64 | ||
- | ---> Package giflib.x86_64 0: | ||
- | --> Processing Dependency: libSM.so.6()(64bit) for package: giflib-4.1.6-9.el7.x86_64 | ||
- | --> Processing Dependency: libICE.so.6()(64bit) for package: giflib-4.1.6-9.el7.x86_64 | ||
- | ---> Package java-1.8.0-openjdk-headless.x86_64 1: | ||
- | --> Processing Dependency: tzdata-java for package: 1: | ||
- | --> Processing Dependency: jpackage-utils for package: 1: | ||
- | ---> Package libX11.x86_64 0: | ||
- | --> Processing Dependency: libX11-common = 1.6.0-2.1.el7 for package: libX11-1.6.0-2.1.el7.x86_64 | ||
- | --> Processing Dependency: libxcb.so.1()(64bit) for package: libX11-1.6.0-2.1.el7.x86_64 | ||
- | ---> Package libXext.x86_64 0: | ||
- | ---> Package libXi.x86_64 0: | ||
- | ---> Package libXrender.x86_64 0: | ||
- | ---> Package libXtst.x86_64 0: | ||
- | ---> Package libjpeg-turbo.x86_64 0: | ||
- | ---> Package libpng.x86_64 2: | ||
- | ---> Package xorg-x11-fonts-Type1.noarch 0:7.5-9.el7 will be installed | ||
- | --> Processing Dependency: ttmkfdir for package: xorg-x11-fonts-Type1-7.5-9.el7.noarch | ||
- | --> Processing Dependency: ttmkfdir for package: xorg-x11-fonts-Type1-7.5-9.el7.noarch | ||
- | --> Processing Dependency: mkfontdir for package: xorg-x11-fonts-Type1-7.5-9.el7.noarch | ||
- | --> Processing Dependency: mkfontdir for package: xorg-x11-fonts-Type1-7.5-9.el7.noarch | ||
- | --> Running transaction check | ||
- | ---> Package fontpackages-filesystem.noarch 0: | ||
- | ---> Package javapackages-tools.noarch 0: | ||
- | --> Processing Dependency: python-javapackages = 3.4.1-6.el7_0 for package: javapackages-tools-3.4.1-6.el7_0.noarch | ||
- | --> Processing Dependency: libxslt for package: javapackages-tools-3.4.1-6.el7_0.noarch | ||
- | ---> Package libICE.x86_64 0: | ||
- | ---> Package libSM.x86_64 0: | ||
- | ---> Package libX11-common.noarch 0: | ||
- | ---> Package libxcb.x86_64 0:1.9-5.el7 will be installed | ||
- | --> Processing Dependency: libXau.so.6()(64bit) for package: libxcb-1.9-5.el7.x86_64 | ||
- | ---> Package ttmkfdir.x86_64 0: | ||
- | ---> Package tzdata-java.noarch 0: | ||
- | ---> Package xorg-x11-font-utils.x86_64 1: | ||
- | --> Processing Dependency: libfontenc.so.1()(64bit) for package: 1: | ||
- | --> Processing Dependency: libXfont.so.1()(64bit) for package: 1: | ||
- | --> Running transaction check | ||
- | ---> Package libXau.x86_64 0: | ||
- | ---> Package libXfont.x86_64 0: | ||
- | ---> Package libfontenc.x86_64 0: | ||
- | ---> Package libxslt.x86_64 0: | ||
- | ---> Package python-javapackages.noarch 0: | ||
- | --> Processing Dependency: python-lxml for package: python-javapackages-3.4.1-6.el7_0.noarch | ||
- | --> Running transaction check | ||
- | ---> Package python-lxml.x86_64 0: | ||
- | --> Finished Dependency Resolution | ||
- | |||
- | Changes in packages about to be updated: | ||
- | |||
- | |||
- | Dependencies Resolved | ||
- | |||
- | ================================================================================ | ||
- | | ||
- | Size | ||
- | ================================================================================ | ||
- | Installing: | ||
- | | ||
- | Installing for dependencies: | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | |||
- | Transaction Summary | ||
- | ================================================================================ | ||
- | Install | ||
- | |||
- | Total download size: 35 M | ||
- | Installed size: 114 M | ||
- | Is this ok [y/d/N]: y | ||
- | Downloading packages: | ||
- | (1/27): fontpackages-filesystem-1.44-8.el7.noarch.rpm | ||
- | (2/27): fontconfig-2.10.95-7.el7.x86_64.rpm | ||
- | (3/27): giflib-4.1.6-9.el7.x86_64.rpm | ||
- | (4/27): javapackages-tools-3.4.1-6.el7_0.noarch.rpm | ||
- | (5/27): libSM-1.2.1-7.el7.x86_64.rpm | ||
- | (6/27): libICE-1.0.8-7.el7.x86_64.rpm | ||
- | (7/27): libX11-1.6.0-2.1.el7.x86_64.rpm | ||
- | (8/27): libX11-common-1.6.0-2.1.el7.noarch.rpm | ||
- | (9/27): libXau-1.0.8-2.1.el7.x86_64.rpm | ||
- | (10/27): java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64.rp | 214 kB | ||
- | (11/27): libXext-1.3.2-2.1.el7.x86_64.rpm | ||
- | (12/27): libXfont-1.4.7-3.el7_1.x86_64.rpm | ||
- | (13/27): libXi-1.7.2-2.1.el7.x86_64.rpm | ||
- | (14/27): libXrender-0.9.8-2.1.el7.x86_64.rpm | ||
- | (15/27): libXtst-1.2.2-2.1.el7.x86_64.rpm | ||
- | (16/27): libfontenc-1.1.1-5.el7.x86_64.rpm | ||
- | (17/27): java-1.8.0-openjdk-headless-1.8.0.65-2.b17.el7_1. | 31 MB | ||
- | (18/27): libpng-1.5.13-5.el7.x86_64.rpm | ||
- | (19/27): libjpeg-turbo-1.2.90-5.el7.x86_64.rpm | ||
- | (20/27): libxcb-1.9-5.el7.x86_64.rpm | ||
- | (21/27): python-javapackages-3.4.1-6.el7_0.noarch.rpm | ||
- | (22/27): python-lxml-3.2.1-4.el7.x86_64.rpm | ||
- | (23/27): ttmkfdir-3.0.9-41.el7.x86_64.rpm | ||
- | (24/27): xorg-x11-font-utils-7.5-18.1.el7.x86_64.rpm | ||
- | (25/27): xorg-x11-fonts-Type1-7.5-9.el7.noarch.rpm | ||
- | (26/27): libxslt-1.1.28-5.el7.x86_64.rpm | ||
- | (27/27): tzdata-java-2015g-1.el7.noarch.rpm | ||
- | -------------------------------------------------------------------------------- | ||
- | Total 16 MB/s | 35 MB 00:02 | ||
- | Running transaction check | ||
- | Running transaction test | ||
- | Transaction test succeeded | ||
- | Running transaction | ||
- | Installing : libfontenc-1.1.1-5.el7.x86_64 | ||
- | Installing : libICE-1.0.8-7.el7.x86_64 | ||
- | Installing : libxslt-1.1.28-5.el7.x86_64 | ||
- | Installing : libjpeg-turbo-1.2.90-5.el7.x86_64 | ||
- | Installing : python-lxml-3.2.1-4.el7.x86_64 | ||
- | Installing : python-javapackages-3.4.1-6.el7_0.noarch | ||
- | Installing : javapackages-tools-3.4.1-6.el7_0.noarch | ||
- | Installing : libSM-1.2.1-7.el7.x86_64 | ||
- | Installing : libXfont-1.4.7-3.el7_1.x86_64 | ||
- | Installing : 1: | ||
- | Installing : libXau-1.0.8-2.1.el7.x86_64 | ||
- | Installing : libxcb-1.9-5.el7.x86_64 | ||
- | Installing : ttmkfdir-3.0.9-41.el7.x86_64 | ||
- | Installing : 2: | ||
- | Installing : fontpackages-filesystem-1.44-8.el7.noarch | ||
- | Installing : fontconfig-2.10.95-7.el7.x86_64 | ||
- | Installing : xorg-x11-fonts-Type1-7.5-9.el7.noarch | ||
- | Installing : tzdata-java-2015g-1.el7.noarch | ||
- | Installing : 1: | ||
- | Installing : libX11-common-1.6.0-2.1.el7.noarch | ||
- | Installing : libX11-1.6.0-2.1.el7.x86_64 | ||
- | Installing : libXext-1.3.2-2.1.el7.x86_64 | ||
- | Installing : libXi-1.7.2-2.1.el7.x86_64 | ||
- | Installing : libXtst-1.2.2-2.1.el7.x86_64 | ||
- | Installing : giflib-4.1.6-9.el7.x86_64 | ||
- | Installing : libXrender-0.9.8-2.1.el7.x86_64 | ||
- | Installing : 1: | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | |||
- | Installed: | ||
- | java-1.8.0-openjdk.x86_64 1: | ||
- | |||
- | Dependency Installed: | ||
- | fontconfig.x86_64 0: | ||
- | fontpackages-filesystem.noarch 0: | ||
- | giflib.x86_64 0: | ||
- | java-1.8.0-openjdk-headless.x86_64 1: | ||
- | javapackages-tools.noarch 0: | ||
- | libICE.x86_64 0: | ||
- | libSM.x86_64 0: | ||
- | libX11.x86_64 0: | ||
- | libX11-common.noarch 0: | ||
- | libXau.x86_64 0: | ||
- | libXext.x86_64 0: | ||
- | libXfont.x86_64 0: | ||
- | libXi.x86_64 0: | ||
- | libXrender.x86_64 0: | ||
- | libXtst.x86_64 0: | ||
- | libfontenc.x86_64 0: | ||
- | libjpeg-turbo.x86_64 0: | ||
- | libpng.x86_64 2: | ||
- | libxcb.x86_64 0: | ||
- | libxslt.x86_64 0: | ||
- | python-javapackages.noarch 0: | ||
- | python-lxml.x86_64 0: | ||
- | ttmkfdir.x86_64 0: | ||
- | tzdata-java.noarch 0: | ||
- | xorg-x11-font-utils.x86_64 1: | ||
- | xorg-x11-fonts-Type1.noarch 0: | ||
- | |||
- | Complete! | ||
- | </ | ||
- | |||
- | Mit nachfolgendem Befehl kann überprüft werden, welche Inhalte mit den Paket **'' | ||
- | < | ||
- | # rpm -qil java-1.8.0-openjdk | ||
- | Name : java-1.8.0-openjdk | ||
- | Epoch : 1 | ||
- | Version | ||
- | Release | ||
- | Architecture: | ||
- | Install Date: Tue 03 Nov 2015 12:08:57 PM CET | ||
- | Group : Development/ | ||
- | Size : 512647 | ||
- | License | ||
- | Signature | ||
- | Source RPM : java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.src.rpm | ||
- | Build Date : Wed 21 Oct 2015 10:27:39 PM CEST | ||
- | Build Host : worker1.bsys.centos.org | ||
- | Relocations : (not relocatable) | ||
- | Packager | ||
- | Vendor | ||
- | URL : http:// | ||
- | Summary | ||
- | Description : | ||
- | The OpenJDK runtime environment. | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | </ | ||
- | * // | ||
- | |||
- | Mit nachfolgendem Befehl kann nun überprüft werden, ob die Installation korrekt durchgeführt wurde: | ||
- | < | ||
- | # java -version | ||
- | openjdk version " | ||
- | OpenJDK Runtime Environment (build 1.8.0_65-b17) | ||
- | OpenJDK 64-Bit Server VM (build 25.65-b01, mixed mode) | ||
- | </ | ||
- | bzw. | ||
- | < | ||
- | # alternatives --display java | ||
- | java - status is auto. | ||
- | link currently points to / | ||
- | / | ||
- | slave jre: / | ||
- | slave jre_exports: | ||
- | slave jjs: / | ||
- | slave keytool: / | ||
- | slave orbd: / | ||
- | slave pack200: / | ||
- | slave rmid: / | ||
- | slave rmiregistry: | ||
- | slave servertool: / | ||
- | slave tnameserv: / | ||
- | slave unpack200: / | ||
- | slave java.1.gz: / | ||
- | slave jjs.1.gz: / | ||
- | slave policytool: / | ||
- | slave keytool.1.gz: | ||
- | slave orbd.1.gz: / | ||
- | slave pack200.1.gz: | ||
- | slave rmid.1.gz: / | ||
- | slave rmiregistry.1.gz: | ||
- | slave servertool.1.gz: | ||
- | slave tnameserv.1.gz: | ||
- | slave unpack200.1.gz: | ||
- | Current `best' version is / | ||
- | </ | ||
- | |||
- | ===== Installation: | ||
- | |||
- | Nachdem das **Drittanbieter-Repository** | ||
- | * [[tachtler: | ||
- | erfolgreich eingebunden wurde, können mit nachfolgendem Befehl, die '' | ||
- | < | ||
- | # yum install mongodb-server mongodb | ||
- | Loaded plugins: changelog, priorities | ||
- | 77 packages excluded due to repository priority protections | ||
- | Resolving Dependencies | ||
- | --> Running transaction check | ||
- | ---> Package mongodb.x86_64 0: | ||
- | --> Processing Dependency: v8 >= 3.14.5.10 for package: mongodb-2.6.11-1.el7.x86_64 | ||
- | --> Processing Dependency: libyaml-cpp.so.0.5()(64bit) for package: mongodb-2.6.11-1.el7.x86_64 | ||
- | --> Processing Dependency: libv8.so.3()(64bit) for package: mongodb-2.6.11-1.el7.x86_64 | ||
- | --> Processing Dependency: libtcmalloc.so.4()(64bit) for package: mongodb-2.6.11-1.el7.x86_64 | ||
- | --> Processing Dependency: libstemmer.so.0()(64bit) for package: mongodb-2.6.11-1.el7.x86_64 | ||
- | --> Processing Dependency: libpcap.so.1()(64bit) for package: mongodb-2.6.11-1.el7.x86_64 | ||
- | --> Processing Dependency: libboost_thread-mt.so.1.53.0()(64bit) for package: mongodb-2.6.11-1.el7.x86_64 | ||
- | --> Processing Dependency: libboost_system-mt.so.1.53.0()(64bit) for package: mongodb-2.6.11-1.el7.x86_64 | ||
- | --> Processing Dependency: libboost_program_options-mt.so.1.53.0()(64bit) for package: mongodb-2.6.11-1.el7.x86_64 | ||
- | --> Processing Dependency: libboost_filesystem-mt.so.1.53.0()(64bit) for package: mongodb-2.6.11-1.el7.x86_64 | ||
- | ---> Package mongodb-server.x86_64 0: | ||
- | --> Running transaction check | ||
- | ---> Package boost-filesystem.x86_64 0: | ||
- | ---> Package boost-program-options.x86_64 0: | ||
- | ---> Package boost-system.x86_64 0: | ||
- | ---> Package boost-thread.x86_64 0: | ||
- | ---> Package gperftools-libs.x86_64 0:2.4-5.el7 will be installed | ||
- | --> Processing Dependency: libunwind.so.8()(64bit) for package: gperftools-libs-2.4-5.el7.x86_64 | ||
- | ---> Package libpcap.x86_64 14: | ||
- | ---> Package libstemmer.x86_64 0: | ||
- | ---> Package v8.x86_64 1: | ||
- | ---> Package yaml-cpp.x86_64 0: | ||
- | --> Running transaction check | ||
- | ---> Package libunwind.x86_64 0: | ||
- | --> Finished Dependency Resolution | ||
- | |||
- | Changes in packages about to be updated: | ||
- | |||
- | |||
- | Dependencies Resolved | ||
- | |||
- | ================================================================================ | ||
- | | ||
- | ================================================================================ | ||
- | Installing: | ||
- | | ||
- | | ||
- | Installing for dependencies: | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | |||
- | Transaction Summary | ||
- | ================================================================================ | ||
- | Install | ||
- | |||
- | Total download size: 54 M | ||
- | Installed size: 165 M | ||
- | Is this ok [y/d/N]: y | ||
- | Downloading packages: | ||
- | (1/12): boost-filesystem-1.53.0-23.el7.x86_64.rpm | ||
- | (2/12): boost-program-options-1.53.0-23.el7.x86_64.rpm | ||
- | (3/12): boost-system-1.53.0-23.el7.x86_64.rpm | ||
- | (4/12): boost-thread-1.53.0-23.el7.x86_64.rpm | ||
- | (5/12): gperftools-libs-2.4-5.el7.x86_64.rpm | ||
- | (6/12): libstemmer-0-2.585svn.el7.x86_64.rpm | ||
- | (7/12): libunwind-1.1-10.el7.x86_64.rpm | ||
- | (8/12): libpcap-1.5.3-4.el7_1.2.x86_64.rpm | ||
- | (9/12): mongodb-server-2.6.11-1.el7.x86_64.rpm | ||
- | (10/12): v8-3.14.5.10-17.el7.x86_64.rpm | ||
- | (11/12): yaml-cpp-0.5.1-6.el7.x86_64.rpm | ||
- | (12/12): mongodb-2.6.11-1.el7.x86_64.rpm | ||
- | -------------------------------------------------------------------------------- | ||
- | Total 29 MB/s | 54 MB 00:01 | ||
- | Running transaction check | ||
- | Running transaction test | ||
- | Transaction test succeeded | ||
- | Running transaction | ||
- | Installing : boost-system-1.53.0-23.el7.x86_64 | ||
- | Installing : boost-filesystem-1.53.0-23.el7.x86_64 | ||
- | Installing : boost-thread-1.53.0-23.el7.x86_64 | ||
- | Installing : boost-program-options-1.53.0-23.el7.x86_64 | ||
- | Installing : yaml-cpp-0.5.1-6.el7.x86_64 | ||
- | Installing : libstemmer-0-2.585svn.el7.x86_64 | ||
- | Installing : 1: | ||
- | Installing : 14: | ||
- | Installing : libunwind-1.1-10.el7.x86_64 | ||
- | Installing : gperftools-libs-2.4-5.el7.x86_64 | ||
- | Installing : mongodb-server-2.6.11-1.el7.x86_64 | ||
- | Installing : mongodb-2.6.11-1.el7.x86_64 | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | Verifying | ||
- | |||
- | Installed: | ||
- | mongodb.x86_64 0: | ||
- | |||
- | Dependency Installed: | ||
- | boost-filesystem.x86_64 0: | ||
- | boost-program-options.x86_64 0: | ||
- | boost-system.x86_64 0: | ||
- | boost-thread.x86_64 0: | ||
- | gperftools-libs.x86_64 0: | ||
- | libpcap.x86_64 14: | ||
- | libstemmer.x86_64 0: | ||
- | libunwind.x86_64 0: | ||
- | v8.x86_64 1: | ||
- | yaml-cpp.x86_64 0: | ||
- | |||
- | Complete! | ||
- | </ | ||
- | |||
- | Mit nachfolgendem Befehl kann überprüft werden, welche Inhalte mit den Paket **'' | ||
- | < | ||
- | # rpm -qil mongodb-server | ||
- | Name : mongodb-server | ||
- | Version | ||
- | Release | ||
- | Architecture: | ||
- | Install Date: Tue 03 Nov 2015 12:24:22 PM CET | ||
- | Group : Applications/ | ||
- | Size : 20949371 | ||
- | License | ||
- | Signature | ||
- | Source RPM : mongodb-2.6.11-1.el7.src.rpm | ||
- | Build Date : Wed 19 Aug 2015 01:57:11 PM CEST | ||
- | Build Host : buildvm-08.phx2.fedoraproject.org | ||
- | Relocations : (not relocatable) | ||
- | Packager | ||
- | Vendor | ||
- | URL : http:// | ||
- | Summary | ||
- | Description : | ||
- | This package provides the mongo server software, mongo sharding server | ||
- | software, default configuration files, and init scripts. | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | </ | ||
- | |||
- | Mit nachfolgendem Befehl kann überprüft werden, welche Inhalte mit den Paket **'' | ||
- | < | ||
- | # rpm -qil mongodb | ||
- | Name : mongodb | ||
- | Version | ||
- | Release | ||
- | Architecture: | ||
- | Install Date: Tue 03 Nov 2015 12:24:31 PM CET | ||
- | Group : Applications/ | ||
- | Size : 137519320 | ||
- | License | ||
- | Signature | ||
- | Source RPM : mongodb-2.6.11-1.el7.src.rpm | ||
- | Build Date : Wed 19 Aug 2015 01:57:11 PM CEST | ||
- | Build Host : buildvm-08.phx2.fedoraproject.org | ||
- | Relocations : (not relocatable) | ||
- | Packager | ||
- | Vendor | ||
- | URL : http:// | ||
- | Summary | ||
- | Description : | ||
- | Mongo (from " | ||
- | document-oriented database. MongoDB is written in C++ and offers the following | ||
- | features: | ||
- | * Collection oriented storage: easy storage of object/ | ||
- | * Dynamic queries | ||
- | * Full index support, including on inner objects and embedded arrays | ||
- | * Query profiling | ||
- | * Replication and fail-over support | ||
- | * Efficient storage of binary data including large objects (e.g. photos | ||
- | and videos) | ||
- | * Auto-sharding for cloud-level scalability (currently in early alpha) | ||
- | * Commercial Support Available | ||
- | |||
- | A key goal of MongoDB is to bridge the gap between key/value stores (which are | ||
- | fast and highly scalable) and traditional RDBMS systems (which are deep in | ||
- | functionality). | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | </ | ||
- | |||
- | ==== MongoDB: Dienst/ | ||
- | |||
- | Um das Datenbank-System [[https:// | ||
- | < | ||
- | # systemctl enable mongod.service | ||
- | ln -s '/ | ||
- | </ | ||
- | |||
- | Eine Überprüfung, | ||
- | < | ||
- | # systemctl list-unit-files --type=service | grep -e mongod.service | ||
- | mongod.service | ||
- | </ | ||
- | bzw. | ||
- | < | ||
- | # systemctl is-enabled mongod.service | ||
- | enabled | ||
- | </ | ||
- | |||
- | ===== Installation: | ||
- | |||
- | Mit nachfolgendem Befehl, kann das '' | ||
- | < | ||
- | # yum install rsyslog-gnutls | ||
- | Loaded plugins: changelog, priorities | ||
- | 271 packages excluded due to repository priority protections | ||
- | Resolving Dependencies | ||
- | --> Running transaction check | ||
- | ---> Package rsyslog-gnutls.x86_64 0: | ||
- | --> Finished Dependency Resolution | ||
- | |||
- | Changes in packages about to be updated: | ||
- | |||
- | |||
- | Dependencies Resolved | ||
- | |||
- | ================================================================================ | ||
- | | ||
- | ================================================================================ | ||
- | Installing: | ||
- | | ||
- | |||
- | Transaction Summary | ||
- | ================================================================================ | ||
- | Install | ||
- | |||
- | Total download size: 41 k | ||
- | Installed size: 37 k | ||
- | Is this ok [y/d/N]: y | ||
- | Downloading packages: | ||
- | rsyslog-gnutls-8.24.0-12.el7.x86_64.rpm | ||
- | Running transaction check | ||
- | Running transaction test | ||
- | Transaction test succeeded | ||
- | Running transaction | ||
- | Installing : rsyslog-gnutls-8.24.0-12.el7.x86_64 | ||
- | Verifying | ||
- | |||
- | Installed: | ||
- | rsyslog-gnutls.x86_64 0: | ||
- | |||
- | Complete! | ||
- | </ | ||
- | |||
- | Mit nachfolgendem Befehl kann überprüft werden, welche Inhalte mit den Paket **'' | ||
- | < | ||
- | # rpm -qil rsyslog-gnutls | ||
- | Name : rsyslog-gnutls | ||
- | Version | ||
- | Release | ||
- | Architecture: | ||
- | Install Date: Mon 30 Apr 2018 12:32:57 PM CEST | ||
- | Group : System Environment/ | ||
- | Size : 37936 | ||
- | License | ||
- | Signature | ||
- | Source RPM : rsyslog-8.24.0-12.el7.src.rpm | ||
- | Build Date : Mon 07 Aug 2017 02:56:12 AM CEST | ||
- | Build Host : c1bm.rdu2.centos.org | ||
- | Relocations : (not relocatable) | ||
- | Packager | ||
- | Vendor | ||
- | URL : http:// | ||
- | Summary | ||
- | Description : | ||
- | The rsyslog-gnutls package contains the rsyslog plugins that provide the | ||
- | ability to receive syslog messages via upcoming syslog-transport-tls | ||
- | IETF standard protocol. | ||
- | / | ||
- | </ | ||
- | |||
- | ===== Installation: | ||
- | |||
- | Mit nachfolgendem Befehl, kann das '' | ||
- | < | ||
- | # yum install gnutls-utils | ||
- | </ | ||
- | |||
- | Mit nachfolgendem Befehl kann überprüft werden, welche Inhalte mit den Paket **'' | ||
- | < | ||
- | # rpm -qil gnutls-utils | ||
- | Name : gnutls-utils | ||
- | Version | ||
- | Release | ||
- | Architecture: | ||
- | Install Date: Tue 19 Sep 2017 03:27:28 PM CEST | ||
- | Group : Applications/ | ||
- | Size : 922960 | ||
- | License | ||
- | Signature | ||
- | Source RPM : gnutls-3.3.26-9.el7.src.rpm | ||
- | Build Date : Sat 05 Aug 2017 01:58:17 AM CEST | ||
- | Build Host : c1bm.rdu2.centos.org | ||
- | Relocations : (not relocatable) | ||
- | Packager | ||
- | Vendor | ||
- | URL : http:// | ||
- | Summary | ||
- | Description : | ||
- | GnuTLS is a secure communications library implementing the SSL, TLS and DTLS | ||
- | protocols and technologies around them. It provides a simple C language | ||
- | application programming interface (API) to access the secure communications | ||
- | protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and | ||
- | other required structures. | ||
- | This package contains command line TLS client and server and certificate | ||
- | manipulation tools. | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | </ | ||
- | |||
- | ===== Konfiguration: | ||
- | |||
- | Nach der erfolgreichen Installation von [[https:// | ||
- | |||
- | ==== Benutzer: Administrator anlegen ==== | ||
- | |||
- | Zuerst muss in die [[https:// | ||
- | < | ||
- | # mongo | ||
- | MongoDB shell version: 2.6.11 | ||
- | connecting to: test | ||
- | Server has startup warnings: | ||
- | 2015-11-06T15: | ||
- | 2015-11-06T15: | ||
- | 2015-11-06T15: | ||
- | 2015-11-06T15: | ||
- | </ | ||
- | * // | ||
- | |||
- | Anschließend muss die in die interne Verwaltungsdatenbank von [https:// | ||
- | < | ||
- | > use admin | ||
- | switched to db admin | ||
- | </ | ||
- | |||
- | Nun soll ein **Administrationsbenutzer** für die [[https:// | ||
- | < | ||
- | db.createUser({user:" | ||
- | Successfully added user: { | ||
- | " | ||
- | " | ||
- | { | ||
- | " | ||
- | " | ||
- | } | ||
- | ] | ||
- | } | ||
- | </ | ||
- | |||
- | Abschließend wird die [[https:// | ||
- | < | ||
- | > exit | ||
- | bye | ||
- | </ | ||
- | |||
- | ==== Benutzer: " | ||
- | |||
- | Zuerst muss wieder in die [[https:// | ||
- | < | ||
- | # mongo --authenticationDatabase admin -u admin -p | ||
- | MongoDB shell version: 2.6.11 | ||
- | Enter password: | ||
- | connecting to: test | ||
- | Server has startup warnings: | ||
- | 2015-11-09T12: | ||
- | 2015-11-09T12: | ||
- | 2015-11-09T12: | ||
- | 2015-11-09T12: | ||
- | </ | ||
- | * // | ||
- | |||
- | Anschließend muss die Datenbank von [https:// | ||
- | < | ||
- | > use graylog | ||
- | switched to db graylog | ||
- | </ | ||
- | |||
- | Nun soll ein **" | ||
- | < | ||
- | db.createUser({user:" | ||
- | |||
- | Successfully added user: { " | ||
- | </ | ||
- | |||
- | Abschließend wird die [[https:// | ||
- | < | ||
- | > exit | ||
- | bye | ||
- | </ | ||
- | |||
- | ==== / | ||
- | |||
- | Nachfolgende Konfiguration verändert das Speicherverhalten der [[https:// | ||
- | |||
- | Nachfolgende Änderungen müssen dafür in der Konfigurationsdatei | ||
- | * ''/ | ||
- | durchgeführt werden: | ||
- | |||
- | (**Nur relevanter Ausschnitt**): | ||
- | <code ini> | ||
- | ... | ||
- | # Use a smaller default file size (false by default) | ||
- | # Tachtler | ||
- | # default: #smallfiles = true | ||
- | smallfiles = true | ||
- | ... | ||
- | </ | ||
- | |||
- | ==== / | ||
- | |||
- | Nachfolgende Konfiguration erzwingt die Authentifizieren gegen die [[https:// | ||
- | |||
- | :!: **HINWEIS** - **Zugriff auf die [[https:// | ||
- | |||
- | Nachfolgende Änderungen müssen dafür in der Konfigurationsdatei | ||
- | * ''/ | ||
- | durchgeführt werden: | ||
- | |||
- | (**Nur relevanter Ausschnitt**): | ||
- | <code ini> | ||
- | ... | ||
- | # Run with/ | ||
- | # Tachtler | ||
- | # default: #auth = true | ||
- | auth = true | ||
- | #noauth = true | ||
- | ... | ||
- | </ | ||
- | |||
- | ==== MongoDB: Erster Start ==== | ||
- | |||
- | Danach kann der **mongod**-Server mit nachfolgendem Befehle gestartet werden: | ||
- | < | ||
- | # systemctl start mongod | ||
- | </ | ||
- | |||
- | Mit nachfolgendem Befehl kann der Status des [[https:// | ||
- | < | ||
- | # systemctl status mongod | ||
- | mongod.service - High-performance, | ||
- | | ||
- | | ||
- | Process: 11678 ExecStart=/ | ||
- | Main PID: 11680 (mongod) | ||
- | | ||
- | | ||
- | |||
- | Nov 03 12:59:18 server11.idmz.tachtler.net systemd[1]: Starting High-performa... | ||
- | Nov 03 12:59:18 server11.idmz.tachtler.net mongod[11678]: | ||
- | Nov 03 12:59:18 server11.idmz.tachtler.net mongod[11678]: | ||
- | Nov 03 12:59:24 server11.idmz.tachtler.net mongod[11678]: | ||
- | Nov 03 12:59:24 server11.idmz.tachtler.net systemd[1]: Started High-performan... | ||
- | Hint: Some lines were ellipsized, use -l to show in full. | ||
- | </ | ||
- | |||
- | ==== MongoDB: Test ==== | ||
- | |||
- | Ein Verbindungstest kann durchgeführt werden, indem die [[https:// | ||
- | < | ||
- | # mongo | ||
- | MongoDB shell version: 2.6.11 | ||
- | connecting to: test | ||
- | Server has startup warnings: | ||
- | 2015-11-03T12: | ||
- | 2015-11-03T12: | ||
- | 2015-11-03T12: | ||
- | 2015-11-03T12: | ||
- | > exit | ||
- | bye | ||
- | </ | ||
- | |||
- | Die [[https:// | ||
- | |||
- | :!: **HINWEIS** - **Die Warnmeldungen können ignoriert werden.** | ||
- | |||
- | ===== Installation: | ||
- | |||
- | Nachdem das **Drittanbieter-Repository** | ||
- | * [[tachtler: | ||
- | erfolgreich eingebunden wurde, kann mit nachfolgendem Befehl, das '' | ||
- | < | ||
- | # yum install elasticsearch | ||
- | Loaded plugins: changelog, priorities | ||
- | 77 packages excluded due to repository priority protections | ||
- | Resolving Dependencies | ||
- | --> Running transaction check | ||
- | ---> Package elasticsearch.noarch 0:1.7.3-1 will be installed | ||
- | --> Finished Dependency Resolution | ||
- | |||
- | Changes in packages about to be updated: | ||
- | |||
- | |||
- | Dependencies Resolved | ||
- | |||
- | ================================================================================ | ||
- | | ||
- | ================================================================================ | ||
- | Installing: | ||
- | | ||
- | |||
- | Transaction Summary | ||
- | ================================================================================ | ||
- | Install | ||
- | |||
- | Total download size: 26 M | ||
- | Installed size: 30 M | ||
- | Is this ok [y/d/N]: y | ||
- | Downloading packages: | ||
- | elasticsearch-1.7.3.noarch.rpm | ||
- | Running transaction check | ||
- | Running transaction test | ||
- | Transaction test succeeded | ||
- | Running transaction | ||
- | Creating elasticsearch group... OK | ||
- | Creating elasticsearch user... OK | ||
- | Installing : elasticsearch-1.7.3-1.noarch | ||
- | ### NOT starting on installation, | ||
- | sudo systemctl daemon-reload | ||
- | sudo systemctl enable elasticsearch.service | ||
- | ### You can start elasticsearch service by executing | ||
- | sudo systemctl start elasticsearch.service | ||
- | Verifying | ||
- | |||
- | Installed: | ||
- | elasticsearch.noarch 0: | ||
- | |||
- | Complete! | ||
- | </ | ||
- | |||
- | Mit nachfolgendem Befehl kann überprüft werden, welche Inhalte mit den Paket **'' | ||
- | < | ||
- | # rpm -qil elasticsearch | ||
- | Name : elasticsearch | ||
- | Version | ||
- | Release | ||
- | Architecture: | ||
- | Install Date: Tue 03 Nov 2015 04:58:00 PM CET | ||
- | Group : Application/ | ||
- | Size : 31333594 | ||
- | License | ||
- | Signature | ||
- | Source RPM : elasticsearch-1.7.3-1.src.rpm | ||
- | Build Date : Thu 15 Oct 2015 11:16:48 AM CEST | ||
- | Build Host : ip-10-249-14-148.us-west-2.compute.internal | ||
- | Relocations : /usr | ||
- | Packager | ||
- | Summary | ||
- | Description : | ||
- | Elasticsearch - Open Source, Distributed, | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | </ | ||
- | |||
- | ==== Elasticsearch: | ||
- | |||
- | Um der Such-Server [[https:// | ||
- | < | ||
- | # systemctl daemon-reload | ||
- | </ | ||
- | < | ||
- | # systemctl enable elasticsearch.service | ||
- | ln -s '/ | ||
- | </ | ||
- | |||
- | Eine Überprüfung, | ||
- | < | ||
- | # systemctl list-unit-files --type=service | grep -e elasticsearch.service | ||
- | elasticsearch.service | ||
- | </ | ||
- | bzw. | ||
- | < | ||
- | # systemctl is-enabled elasticsearch.service | ||
- | enabled | ||
- | </ | ||
- | |||
- | ===== Konfiguration: | ||
- | |||
- | ==== / | ||
- | |||
- | Um den Speicherverbrauch von [[https:// | ||
- | * '' | ||
- | ggf. zu erhöhen. | ||
- | |||
- | Nachfolgende Abfrage zeigt den Standardwert von '' | ||
- | < | ||
- | # sysctl vm.max_map_count | ||
- | vm.max_map_count = 65530 | ||
- | </ | ||
- | |||
- | Der Speicher kann erhöht werden, in dem mit nachfolgender Befehl dieser auf den Wert **'' | ||
- | < | ||
- | # sysctl -w vm.max_map_count=262144 | ||
- | vm.max_map_count = 262144 | ||
- | </ | ||
- | |||
- | Um diesen Wert auch nach einem Neustart des Servers, permanent setzen zu können kann in der Konfigurationsdatei | ||
- | * ''/ | ||
- | dies ebenfalls eingetragen werden: | ||
- | |||
- | (**Komplette Konfigurationsdatei**): | ||
- | |||
- | <code bash> | ||
- | # System default settings live in / | ||
- | # To override those settings, enter new settings here, or in an / | ||
- | # | ||
- | # For more information, | ||
- | # | ||
- | # Tachtler - new - | ||
- | vm.max_map_count=262144 | ||
- | </ | ||
- | |||
- | ==== / | ||
- | |||
- | Bevor der Dienst/ | ||
- | * **''/ | ||
- | durchzuführen: | ||
- | |||
- | (**Nur relevanter Ausschnitt**): | ||
- | |||
- | <code yaml> | ||
- | ... | ||
- | ################################### | ||
- | |||
- | # Cluster name identifies your cluster for auto-discovery. If you're running | ||
- | # multiple clusters on the same network, make sure you're using unique names. | ||
- | # | ||
- | # Tachtler | ||
- | # default: # | ||
- | cluster.name: | ||
- | ... | ||
- | ... | ||
- | ... | ||
- | # 1. Disable multicast discovery (enabled by default): | ||
- | # | ||
- | # Tachtler | ||
- | # default: # | ||
- | discovery.zen.ping.multicast.enabled: | ||
- | # | ||
- | # 2. Configure an initial list of master nodes in the cluster | ||
- | # to perform discovery when new nodes (master or data) are started: | ||
- | # | ||
- | # Tachtler | ||
- | # default: # | ||
- | discovery.zen.ping.unicast.hosts: | ||
- | ... | ||
- | ... | ||
- | ... | ||
- | # Tachtler - ONLY BEFORE VERSION 2.x | ||
- | script.disable_dynamic: | ||
- | </ | ||
- | |||
- | **__Nachfolgende Änderungen wurden durchgeführt: | ||
- | |||
- | * <code yaml> | ||
- | |||
- | Setzen des **'' | ||
- | |||
- | :!: **HINWEIS** - Dies ist grundsätzlich die **__einzige__ relevante Änderung** die laut Dokumentation von [[https:// | ||
- | * Siehe auch externen Link: [[http:// | ||
- | |||
- | * <code yaml> | ||
- | |||
- | **Deaktivieren** des '' | ||
- | |||
- | * <code yaml> | ||
- | |||
- | **Aktivieren** der Verwendung einer **Unicast** IP-Adresse 127.0.0.1 und des Ports 9300 **anstelle** von **Multicast** über die IP-Adresse 224.0.0.0. | ||
- | |||
- | * <code yaml> | ||
- | |||
- | :!: **WICHTIG** - **__Nur__** erforderlich bei **Versionen __kleiner__ 2.x** !!! | ||
- | |||
- | **Deaktivieren** der Möglichkeit, | ||
- | |||
- | ==== Elasticsearch: | ||
- | |||
- | Danach kann der **elasticsearch**-Server mit nachfolgendem Befehle gestartet werden: | ||
- | < | ||
- | # systemctl start elasticsearch | ||
- | </ | ||
- | |||
- | Mit nachfolgendem Befehl kann der Status des [[https:// | ||
- | < | ||
- | # systemctl status elasticsearch | ||
- | elasticsearch.service - Elasticsearch | ||
- | | ||
- | | ||
- | Docs: http:// | ||
- | Main PID: 19264 (java) | ||
- | | ||
- | | ||
- | |||
- | Nov 03 17:06:27 server11.idmz.tachtler.net systemd[1]: Started Elasticsearch. | ||
- | </ | ||
- | |||
- | ==== Elasticsearch: | ||
- | |||
- | Ein Verbindungstest kann durchgeführt werden, in dem [[https:// | ||
- | < | ||
- | # curl -X GET http:// | ||
- | { | ||
- | " | ||
- | " | ||
- | " | ||
- | " | ||
- | " | ||
- | " | ||
- | " | ||
- | " | ||
- | " | ||
- | }, | ||
- | " | ||
- | } | ||
- | </ | ||
- | bzw. | ||
- | < | ||
- | # curl -X GET ' | ||
- | { | ||
- | " | ||
- | " | ||
- | " | ||
- | " | ||
- | " | ||
- | " | ||
- | " | ||
- | " | ||
- | " | ||
- | " | ||
- | " | ||
- | " | ||
- | " | ||
- | } | ||
- | </ | ||
- | |||
- | ===== Installation: | ||
- | |||
- | Nachdem das **Drittanbieter-Repository** | ||
- | * [[tachtler: | ||
- | erfolgreich eingebunden wurde, können mit nachfolgendem Befehl, die '' | ||
- | < | ||
- | # yum install graylog-server graylog-web | ||
- | Loaded plugins: changelog, priorities | ||
- | 77 packages excluded due to repository priority protections | ||
- | Resolving Dependencies | ||
- | --> Running transaction check | ||
- | ---> Package graylog-server.noarch 0:1.2.2-1 will be installed | ||
- | ---> Package graylog-web.noarch 0:1.2.2-1 will be installed | ||
- | --> Finished Dependency Resolution | ||
- | |||
- | Changes in packages about to be updated: | ||
- | |||
- | |||
- | Dependencies Resolved | ||
- | |||
- | ================================================================================ | ||
- | | ||
- | ================================================================================ | ||
- | Installing: | ||
- | | ||
- | | ||
- | |||
- | Transaction Summary | ||
- | ================================================================================ | ||
- | Install | ||
- | |||
- | Total download size: 104 M | ||
- | Installed size: 117 M | ||
- | Is this ok [y/d/N]: y | ||
- | Downloading packages: | ||
- | (1/2): graylog-web-1.2.2-1.noarch.rpm | ||
- | (2/2): graylog-server-1.2.2-1.noarch.rpm | ||
- | -------------------------------------------------------------------------------- | ||
- | Total 1.1 MB/s | 104 MB 01:31 | ||
- | Running transaction check | ||
- | Running transaction test | ||
- | Transaction test succeeded | ||
- | Running transaction | ||
- | Installing : graylog-server-1.2.2-1.noarch | ||
- | ln -s '/ | ||
- | Installing : graylog-web-1.2.2-1.noarch | ||
- | ln -s '/ | ||
- | Verifying | ||
- | Verifying | ||
- | |||
- | Installed: | ||
- | graylog-server.noarch 0: | ||
- | |||
- | Complete! | ||
- | </ | ||
- | |||
- | Mit nachfolgendem Befehl kann überprüft werden, welche Inhalte mit den Paket **'' | ||
- | < | ||
- | # rpm -qil graylog-server | ||
- | Name : graylog-server | ||
- | Version | ||
- | Release | ||
- | Architecture: | ||
- | Install Date: Tue 03 Nov 2015 02:43:48 PM CET | ||
- | Group : optional | ||
- | Size : 76426490 | ||
- | License | ||
- | Signature | ||
- | Source RPM : graylog-server-1.2.2-1.src.rpm | ||
- | Build Date : Mon 26 Oct 2015 05:47:02 PM CET | ||
- | Build Host : d725e9e9466f | ||
- | Relocations : / | ||
- | Packager | ||
- | Vendor | ||
- | URL : https:// | ||
- | Summary | ||
- | Description : | ||
- | Graylog server | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | |||
- | Mit nachfolgendem Befehl kann überprüft werden, welche Inhalte mit den Paket **'' | ||
- | < | ||
- | # rpm -qil graylog-web | ||
- | Name : graylog-web | ||
- | Version | ||
- | Release | ||
- | Architecture: | ||
- | Install Date: Tue 03 Nov 2015 02:43:50 PM CET | ||
- | Group : optional | ||
- | Size : 46265591 | ||
- | License | ||
- | Signature | ||
- | Source RPM : graylog-web-1.2.2-1.src.rpm | ||
- | Build Date : Mon 26 Oct 2015 05:48:27 PM CET | ||
- | Build Host : 254d018f7dab | ||
- | Relocations : / | ||
- | Packager | ||
- | Vendor | ||
- | URL : https:// | ||
- | Summary | ||
- | Description : | ||
- | Graylog web | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | </ | ||
- | |||
- | ==== Installation: | ||
- | |||
- | Nachdem das **Drittanbieter-Repository** | ||
- | * [[tachtler: | ||
- | erfolgreich eingebunden wurde, kann mit nachfolgendem Befehl, das '' | ||
- | < | ||
- | # yum install pwgen | ||
- | Loaded plugins: changelog, priorities | ||
- | 77 packages excluded due to repository priority protections | ||
- | Resolving Dependencies | ||
- | --> Running transaction check | ||
- | ---> Package pwgen.x86_64 0: | ||
- | --> Finished Dependency Resolution | ||
- | |||
- | Changes in packages about to be updated: | ||
- | |||
- | |||
- | Dependencies Resolved | ||
- | |||
- | ================================================================================ | ||
- | | ||
- | ================================================================================ | ||
- | Installing: | ||
- | | ||
- | |||
- | Transaction Summary | ||
- | ================================================================================ | ||
- | Install | ||
- | |||
- | Total download size: 24 k | ||
- | Installed size: 37 k | ||
- | Is this ok [y/d/N]: y | ||
- | Downloading packages: | ||
- | pwgen-2.07-1.el7.x86_64.rpm | ||
- | Running transaction check | ||
- | Running transaction test | ||
- | Transaction test succeeded | ||
- | Running transaction | ||
- | Installing : pwgen-2.07-1.el7.x86_64 | ||
- | Verifying | ||
- | |||
- | Installed: | ||
- | pwgen.x86_64 0: | ||
- | |||
- | Complete! | ||
- | </ | ||
- | |||
- | Mit nachfolgendem Befehl kann überprüft werden, welche Inhalte mit den Paket **'' | ||
- | < | ||
- | # rpm -qil pwgen | ||
- | Name : pwgen | ||
- | Version | ||
- | Release | ||
- | Architecture: | ||
- | Install Date: Tue 03 Nov 2015 02:53:20 PM CET | ||
- | Group : Applications/ | ||
- | Size : 37925 | ||
- | License | ||
- | Signature | ||
- | Source RPM : pwgen-2.07-1.el7.src.rpm | ||
- | Build Date : Fri 05 Dec 2014 06:56:18 PM CET | ||
- | Build Host : buildvm-08.phx2.fedoraproject.org | ||
- | Relocations : (not relocatable) | ||
- | Packager | ||
- | Vendor | ||
- | URL : http:// | ||
- | Summary | ||
- | Description : | ||
- | pwgen generates random, meaningless but pronounceable passwords. These | ||
- | passwords contain either only lowercase letters, or upper and lower case, or | ||
- | upper case, lower case and numeric digits. Upper case letters and numeric | ||
- | digits are placed in a way that eases memorizing the password. | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | / | ||
- | </ | ||
- | |||
- | ==== graylog-server: | ||
- | |||
- | Um der [[https:// | ||
- | |||
- | :!: **HINWEIS** - **Mit der Installation, | ||
- | |||
- | Eine Überprüfung, | ||
- | < | ||
- | # systemctl list-unit-files --type=service | grep -e graylog-server.service | ||
- | graylog-server.service | ||
- | </ | ||
- | bzw. | ||
- | < | ||
- | # systemctl is-enabled graylog-server.service | ||
- | enabled | ||
- | </ | ||
- | |||
- | ==== graylog-web.service: | ||
- | |||
- | Um der [[https:// | ||
- | |||
- | :!: **HINWEIS** - **Mit der Installation, | ||
- | |||
- | Eine Überprüfung, | ||
- | < | ||
- | # systemctl list-unit-files --type=service | grep -e graylog-server.service | ||
- | graylog-server.service | ||
- | </ | ||
- | bzw. | ||
- | < | ||
- | # systemctl is-enabled graylog-web.service | ||
- | enabled | ||
- | </ | ||
- | |||
- | ===== Konfiguration: | ||
- | |||
- | ==== / | ||
- | |||
- | Nachfolgende Konfigurationsdatei enthält die Startparameter für die JAVA virtuelle Maschine des [[https:// | ||
- | * ''/ | ||
- | |||
- | Nachfolgende Anpassung sollte durchgeführt werden, da ab OpenJDK **Version 1.8.0** die Parameter | ||
- | * '' | ||
- | * '' | ||
- | **__nicht__** merh unterstützt werden: | ||
- | |||
- | (**Komplette Konfigurationsdatei**): | ||
- | |||
- | <code bash> | ||
- | # Path to the java executable. | ||
- | JAVA=/ | ||
- | |||
- | # Default Java options for heap and garbage collection. | ||
- | # Tachtler | ||
- | # default: GRAYLOG_SERVER_JAVA_OPTS=" | ||
- | GRAYLOG_SERVER_JAVA_OPTS=" | ||
- | |||
- | # Pass some extra args to graylog-server. (i.e. " | ||
- | GRAYLOG_SERVER_ARGS="" | ||
- | |||
- | # Program that will be used to wrap the graylog-server command. Useful to | ||
- | # support programs like authbind. | ||
- | GRAYLOG_COMMAND_WRAPPER="" | ||
- | </ | ||
- | |||
- | **__Nachfolgende Einstellungen wurden durchgeführt__**: | ||
- | |||
- | * <code ini> | ||
- | |||
- | Entfernen der Parameter '' | ||
- | |||
- | ==== / | ||
- | |||
- | Nachfolgende Konfigurationsdatei ist die **Hauptkonfigurationsdatei** des [[https:// | ||
- | * ''/ | ||
- | |||
- | Nachfolgende Anpassungen sind erforderlich, | ||
- | |||
- | (**Komplette Konfigurationsdatei**): | ||
- | |||
- | <code ini> | ||
- | # If you are running more than one instances of graylog2-server you have to select one of these | ||
- | # instances as master. The master will perform some periodical tasks that non-masters won't perform. | ||
- | is_master = true | ||
- | |||
- | # The auto-generated node ID will be stored in this file and read after restarts. It is a good idea | ||
- | # to use an absolute file path here if you are starting graylog2-server from init scripts or similar. | ||
- | node_id_file = / | ||
- | |||
- | # You MUST set a secret to secure/ | ||
- | # Generate one by using for example: pwgen -N 1 -s 96 | ||
- | # Tachtler | ||
- | # default: password_secret = | ||
- | password_secret = uKyAHSUuCW4tUNUfX3XyaoxZQPeXXdS76MPn0KBxeZs7D1xXwTSoD7506oQwu9uISrcpBklodlXuswXMTZtwKEz5HM2zzGZL | ||
- | |||
- | # The default root user is named ' | ||
- | # Tachtler | ||
- | # default: # | ||
- | root_username = administrator | ||
- | |||
- | # You MUST specify a hash password for the root user (which you only need to initially set up the | ||
- | # system and in case you lose connectivity to your authentication backend) | ||
- | # This password cannot be changed using the API or via the web interface. If you need to change it, | ||
- | # modify it in this file. | ||
- | # Create one by using for example: echo -n yourpassword | shasum -a 256 | ||
- | # and put the resulting hash value into the following line | ||
- | # Tachtler | ||
- | # default: root_password_sha2 = | ||
- | root_password_sha2 = addb0f5e7826c857d7376d1bd9bc33c0c544790a2eac96144a8af22b1298c940 | ||
- | |||
- | # The email address of the root user. | ||
- | # Default is empty | ||
- | # Tachtler | ||
- | # default: #root_email = "" | ||
- | root_email = " | ||
- | |||
- | # The time zone setting of the root user. | ||
- | # The configured time zone must be parseable by http:// | ||
- | # Default is UTC | ||
- | # Tachtler | ||
- | # default: # | ||
- | root_timezone = Europe/ | ||
- | |||
- | # Set plugin directory here (relative or absolute) | ||
- | plugin_dir = / | ||
- | |||
- | # REST API listen URI. Must be reachable by other graylog2-server nodes if you run a cluster. | ||
- | # Tachtler | ||
- | # default: rest_listen_uri = http:// | ||
- | rest_listen_uri = http:// | ||
- | |||
- | # REST API transport address. Defaults to the value of rest_listen_uri. Exception: If rest_listen_uri | ||
- | # is set to a wildcard IP address (0.0.0.0) the first non-loopback IPv4 system address is used. | ||
- | # If set, his will be promoted in the cluster discovery APIs, so other nodes may try to connect on | ||
- | # this address and it is used to generate URLs addressing entities in the REST API. (see rest_listen_uri) | ||
- | # You will need to define this, if your Graylog server is running behind a HTTP proxy that is rewriting | ||
- | # the scheme, host name or URI. | ||
- | # Tachtler | ||
- | # default: # | ||
- | rest_transport_uri = http:// | ||
- | |||
- | # Enable CORS headers for REST API. This is necessary for JS-clients accessing the server directly. | ||
- | # If these are disabled, modern browsers will not be able to retrieve resources from the server. | ||
- | # This is disabled by default. Uncomment the next line to enable it. | ||
- | # Tachtler | ||
- | # default: # | ||
- | rest_enable_cors = true | ||
- | |||
- | # Enable GZIP support for REST API. This compresses API responses and therefore helps to reduce | ||
- | # overall round trip times. This is disabled by default. Uncomment the next line to enable it. | ||
- | # Tachtler | ||
- | # default: # | ||
- | rest_enable_gzip = true | ||
- | |||
- | # Enable HTTPS support for the REST API. This secures the communication with the REST API with | ||
- | # TLS to prevent request forgery and eavesdropping. This is disabled by default. Uncomment the | ||
- | # next line to enable it. | ||
- | # | ||
- | |||
- | # The X.509 certificate file to use for securing the REST API. | ||
- | # | ||
- | |||
- | # The private key to use for securing the REST API. | ||
- | # | ||
- | |||
- | # The password to unlock the private key used for securing the REST API. | ||
- | # | ||
- | |||
- | # The maximum size of a single HTTP chunk in bytes. | ||
- | # | ||
- | |||
- | # The maximum size of the HTTP request headers in bytes. | ||
- | # | ||
- | |||
- | # The maximal length of the initial HTTP/1.1 line in bytes. | ||
- | # | ||
- | |||
- | # The size of the execution handler thread pool used exclusively for serving the REST API. | ||
- | # | ||
- | |||
- | # The size of the worker thread pool used exclusively for serving the REST API. | ||
- | # | ||
- | |||
- | # Embedded Elasticsearch configuration file | ||
- | # pay attention to the working directory of the server, maybe use an absolute path here | ||
- | # | ||
- | |||
- | # Graylog will use multiple indices to store documents in. You can configured the strategy it uses to determine | ||
- | # when to rotate the currently active write index. | ||
- | # It supports multiple rotation strategies: | ||
- | # - " | ||
- | # - " | ||
- | # valid values are " | ||
- | # Tachtler | ||
- | # default: rotation_strategy = count | ||
- | rotation_strategy = time | ||
- | |||
- | # (Approximate) maximum number of documents in an Elasticsearch index before a new index | ||
- | # is being created, also see no_retention and elasticsearch_max_number_of_indices. | ||
- | # Configure this if you used ' | ||
- | # Tachtler | ||
- | # default: elasticsearch_max_docs_per_index = 20000000 | ||
- | # elasticsearch_max_docs_per_index = 20000000 | ||
- | |||
- | # (Approximate) maximum size in bytes per Elasticsearch index on disk before a new index is being created, also see | ||
- | # no_retention and elasticsearch_max_number_of_indices. Default is 1GB. | ||
- | # Configure this if you used ' | ||
- | # | ||
- | |||
- | # (Approximate) maximum time before a new Elasticsearch index is being created, also see | ||
- | # no_retention and elasticsearch_max_number_of_indices. Default is 1 day. | ||
- | # Configure this if you used ' | ||
- | # Please note that this rotation period does not look at the time specified in the received messages, but is | ||
- | # using the real clock value to decide when to rotate the index! | ||
- | # Specify the time using a duration and a suffix indicating which unit you want: | ||
- | # 1w = 1 week | ||
- | # 1d = 1 day | ||
- | # 12h = 12 hours | ||
- | # Permitted suffixes are: d for day, h for hour, m for minute, s for second. | ||
- | # Tachtler | ||
- | # default: # | ||
- | elasticsearch_max_time_per_index = 1d | ||
- | |||
- | # Disable checking the version of Elasticsearch for being compatible with this Graylog release. | ||
- | # WARNING: Using Graylog with unsupported and untested versions of Elasticsearch may lead to data loss! | ||
- | # | ||
- | |||
- | # Disable message retention on this node, i. e. disable Elasticsearch index rotation. | ||
- | # | ||
- | |||
- | # How many indices do you want to keep? | ||
- | # Tachtler | ||
- | # default: elasticsearch_max_number_of_indices = 20 | ||
- | elasticsearch_max_number_of_indices = 14 | ||
- | |||
- | # Decide what happens with the oldest indices when the maximum number of indices is reached. | ||
- | # The following strategies are availble: | ||
- | # - delete # Deletes the index completely (Default) | ||
- | # - close # Closes the index and hides it from the system. Can be re-opened later. | ||
- | retention_strategy = delete | ||
- | |||
- | # How many Elasticsearch shards and replicas should be used per index? Note that this only applies to newly created indices. | ||
- | # Tachtler | ||
- | # default: elasticsearch_shards = 4 | ||
- | elasticsearch_shards = 1 | ||
- | elasticsearch_replicas = 0 | ||
- | |||
- | # Prefix for all Elasticsearch indices and index aliases managed by Graylog. | ||
- | # Tachtler | ||
- | # default: elasticsearch_index_prefix = graylog2 | ||
- | elasticsearch_index_prefix = graylog | ||
- | |||
- | # Do you want to allow searches with leading wildcards? This can be extremely resource hungry and should only | ||
- | # be enabled with care. See also: https:// | ||
- | allow_leading_wildcard_searches = false | ||
- | |||
- | # Do you want to allow searches to be highlighted? | ||
- | # should only be enabled after making sure your Elasticsearch cluster has enough memory. | ||
- | allow_highlighting = false | ||
- | |||
- | # settings to be passed to elasticsearch' | ||
- | # all these | ||
- | # this must be the same as for your Elasticsearch cluster | ||
- | # Tachtler | ||
- | # default: # | ||
- | elasticsearch_cluster_name = graylog | ||
- | |||
- | # you could also leave this out, but makes it easier to identify the graylog2 client instance | ||
- | # Tachtler | ||
- | # default: # | ||
- | elasticsearch_node_name = graylog-server | ||
- | |||
- | # we don't want the graylog2 server to store any data, or be master node | ||
- | # | ||
- | # | ||
- | |||
- | # use a different port if you run multiple Elasticsearch nodes on one machine | ||
- | # | ||
- | |||
- | # we don't need to run the embedded HTTP server here | ||
- | # Tachtler | ||
- | # default: # | ||
- | elasticsearch_http_enabled = false | ||
- | |||
- | # Tachtler | ||
- | # default: # | ||
- | elasticsearch_discovery_zen_ping_multicast_enabled = false | ||
- | # Tachtler | ||
- | # default: # | ||
- | elasticsearch_discovery_zen_ping_unicast_hosts = 127.0.0.1: | ||
- | |||
- | # Change the following setting if you are running into problems with timeouts during Elasticsearch cluster discovery. | ||
- | # The setting is specified in milliseconds, | ||
- | # | ||
- | |||
- | # the following settings allow to change the bind addresses for the Elasticsearch client in graylog2 | ||
- | # these settings are empty by default, letting Elasticsearch choose automatically, | ||
- | # override them here or in the ' | ||
- | # refer to http:// | ||
- | # for special values here | ||
- | # | ||
- | # | ||
- | # | ||
- | |||
- | # The total amount of time discovery will look for other Elasticsearch nodes in the cluster | ||
- | # before giving up and declaring the current node master. | ||
- | # | ||
- | |||
- | # Analyzer (tokenizer) to use for message and full_message field. The " | ||
- | # All supported analyzers are: standard, simple, whitespace, stop, keyword, pattern, language, snowball, custom | ||
- | # Elasticsearch documentation: | ||
- | # Note that this setting only takes effect on newly created indices. | ||
- | elasticsearch_analyzer = standard | ||
- | |||
- | # Global request timeout for Elasticsearch requests (e. g. during search, index creation, or index time-range | ||
- | # calculations) based on a best-effort to restrict the runtime of Elasticsearch operations. | ||
- | # Default: 1m | ||
- | # | ||
- | |||
- | # Batch size for the Elasticsearch output. This is the maximum (!) number of messages the Elasticsearch output | ||
- | # module will get at once and write to Elasticsearch in a batch call. If the configured batch size has not been | ||
- | # reached within output_flush_interval seconds, everything that is available will be flushed at once. Remember | ||
- | # that every outputbuffer processor manages its own batch and performs its own batch write calls. | ||
- | # (" | ||
- | output_batch_size = 500 | ||
- | |||
- | # Flush interval (in seconds) for the Elasticsearch output. This is the maximum amount of time between two | ||
- | # batches of messages written to Elasticsearch. It is only effective at all if your minimum number of messages | ||
- | # for this time period is less than output_batch_size * outputbuffer_processors. | ||
- | output_flush_interval = 1 | ||
- | |||
- | # As stream outputs are loaded only on demand, an output which is failing to initialize will be tried over and | ||
- | # over again. To prevent this, the following configuration options define after how many faults an output will | ||
- | # not be tried again for an also configurable amount of seconds. | ||
- | output_fault_count_threshold = 5 | ||
- | output_fault_penalty_seconds = 30 | ||
- | |||
- | # The number of parallel running processors. | ||
- | # Raise this number if your buffers are filling up. | ||
- | processbuffer_processors = 5 | ||
- | outputbuffer_processors = 3 | ||
- | |||
- | # | ||
- | # | ||
- | # | ||
- | |||
- | # UDP receive buffer size for all message inputs (e. g. SyslogUDPInput). | ||
- | # | ||
- | |||
- | # Wait strategy describing how buffer processors wait on a cursor sequence. (default: sleeping) | ||
- | # Possible types: | ||
- | # - yielding | ||
- | # | ||
- | # - sleeping | ||
- | # | ||
- | # - blocking | ||
- | # High throughput, low latency, higher CPU usage. | ||
- | # - busy_spinning | ||
- | # | ||
- | processor_wait_strategy = blocking | ||
- | |||
- | # Size of internal ring buffers. Raise this if raising outputbuffer_processors does not help anymore. | ||
- | # For optimum performance your LogMessage objects in the ring buffer should fit in your CPU L3 cache. | ||
- | # Start server with --statistics flag to see buffer utilization. | ||
- | # Must be a power of 2. (512, 1024, 2048, ...) | ||
- | ring_size = 65536 | ||
- | |||
- | inputbuffer_ring_size = 65536 | ||
- | inputbuffer_processors = 2 | ||
- | inputbuffer_wait_strategy = blocking | ||
- | |||
- | # Enable the disk based message journal. | ||
- | message_journal_enabled = true | ||
- | |||
- | # The directory which will be used to store the message journal. The directory must me exclusively used by Graylog and | ||
- | # must not contain any other files than the ones created by Graylog itself. | ||
- | message_journal_dir = / | ||
- | |||
- | # Journal hold messages before they could be written to Elasticsearch. | ||
- | # For a maximum of 12 hours or 5 GB whichever happens first. | ||
- | # During normal operation the journal will be smaller. | ||
- | # | ||
- | # | ||
- | |||
- | # | ||
- | # | ||
- | # | ||
- | # | ||
- | |||
- | # Number of threads used exclusively for dispatching internal events. Default is 2. | ||
- | # | ||
- | |||
- | # EXPERIMENTAL: | ||
- | # Every failed indexing attempt is logged by default and made visible in the web-interface. You can enable | ||
- | # the experimental dead letters feature to write every message that was not successfully indexed into the | ||
- | # MongoDB " | ||
- | # letter should work fine already but it is not heavily tested yet and will get more features in future | ||
- | # releases. | ||
- | dead_letters_enabled = false | ||
- | |||
- | # How many seconds to wait between marking node as DEAD for possible load balancers and starting the actual | ||
- | # shutdown process. Set to 0 if you have no status checking load balancers in front. | ||
- | lb_recognition_period_seconds = 3 | ||
- | |||
- | # Every message is matched against the configured streams and it can happen that a stream contains rules which | ||
- | # take an unusual amount of time to run, for example if its using regular expressions that perform excessive backtracking. | ||
- | # This will impact the processing of the entire server. To keep such misbehaving stream rules from impacting other | ||
- | # streams, Graylog limits the execution time for each stream. | ||
- | # The default values are noted below, the timeout is in milliseconds. | ||
- | # If the stream matching for one stream took longer than the timeout value, and this happened more than " | ||
- | # that stream is disabled and a notification is shown in the web interface. | ||
- | # | ||
- | # | ||
- | |||
- | # Length of the interval in seconds in which the alert conditions for all streams should be checked | ||
- | # and alarms are being sent. | ||
- | # | ||
- | |||
- | # Since 0.21 the graylog2 server supports pluggable output modules. This means a single message can be written to multiple | ||
- | # outputs. The next setting defines the timeout for a single output module, including the default output module where all | ||
- | # messages end up. | ||
- | # | ||
- | # Time in milliseconds to wait for all message outputs to finish writing a single message. | ||
- | # | ||
- | |||
- | # Time in milliseconds after which a detected stale master node is being rechecked on startup. | ||
- | # | ||
- | |||
- | # Time in milliseconds which Graylog is waiting for all threads to stop on shutdown. | ||
- | # | ||
- | |||
- | # MongoDB connection string | ||
- | # See http:// | ||
- | # Tachtler | ||
- | # default: mongodb_uri = mongodb:// | ||
- | |||
- | # Authenticate against the MongoDB server | ||
- | # Tachtler | ||
- | # default: # | ||
- | mongodb_uri = mongodb:// | ||
- | |||
- | # Use a replica set instead of a single host | ||
- | # | ||
- | |||
- | # Increase this value according to the maximum connections your MongoDB server can handle from a single client | ||
- | # if you encounter MongoDB connection problems. | ||
- | mongodb_max_connections = 100 | ||
- | |||
- | # Number of threads allowed to be blocked by MongoDB connections multiplier. Default: 5 | ||
- | # If mongodb_max_connections is 100, and mongodb_threads_allowed_to_block_multiplier is 5, | ||
- | # then 500 threads can block. More than that and an exception will be thrown. | ||
- | # http:// | ||
- | mongodb_threads_allowed_to_block_multiplier = 5 | ||
- | |||
- | # Drools Rule File (Use to rewrite incoming log messages) | ||
- | # See: https:// | ||
- | #rules_file = / | ||
- | |||
- | # Email transport | ||
- | # Tachtler | ||
- | # default: # | ||
- | transport_email_enabled = true | ||
- | # Tachtler | ||
- | # default: # | ||
- | transport_email_hostname = localhost | ||
- | # Tachtler | ||
- | # default: # | ||
- | transport_email_port = 25 | ||
- | # Tachtler | ||
- | # default: # | ||
- | transport_email_use_auth = false | ||
- | # Tachtler | ||
- | # default: # | ||
- | transport_email_use_tls = true | ||
- | # Tachtler | ||
- | # default: # | ||
- | transport_email_use_ssl = false | ||
- | # | ||
- | # | ||
- | # Tachtler | ||
- | # default: # | ||
- | transport_email_subject_prefix = [graylog] | ||
- | # Tachtler | ||
- | # default: # | ||
- | transport_email_from_email = graylog@tachtler.net | ||
- | |||
- | # Specify and uncomment this if you want to include links to the stream in your stream alert mails. | ||
- | # This should define the fully qualified base url to your web interface exactly the same way as it is accessed by your users. | ||
- | # Tachtler | ||
- | # defautl: # | ||
- | transport_email_web_interface_url = https:// | ||
- | |||
- | # The default connect timeout for outgoing HTTP connections. | ||
- | # Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds). | ||
- | # Default: 5s | ||
- | # | ||
- | |||
- | # The default read timeout for outgoing HTTP connections. | ||
- | # Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds). | ||
- | # Default: 10s | ||
- | # | ||
- | |||
- | # The default write timeout for outgoing HTTP connections. | ||
- | # Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds). | ||
- | # Default: 10s | ||
- | # | ||
- | |||
- | # HTTP proxy for outgoing HTTP connections | ||
- | # | ||
- | |||
- | # Disable the optimization of Elasticsearch indices after index cycling. This may take some load from Elasticsearch | ||
- | # on heavily used systems with large indices, but it will decrease search performance. The default is to optimize | ||
- | # cycled indices. | ||
- | # | ||
- | |||
- | # Optimize the index down to <= index_optimization_max_num_segments. A higher number may take some load from Elasticsearch | ||
- | # on heavily used systems with large indices, but it will decrease search performance. The default is 1. | ||
- | # | ||
- | |||
- | # The threshold of the garbage collection runs. If GC runs take longer than this threshold, a system notification | ||
- | # will be generated to warn the administrator about possible problems with the system. Default is 1 second. | ||
- | # | ||
- | |||
- | # Connection timeout for a configured LDAP server (e. g. ActiveDirectory) in milliseconds. | ||
- | # | ||
- | |||
- | # Enable collection of Graylog-related metrics into MongoDB | ||
- | # WARNING: This will add *a lot* of data into your MongoDB database on a regular interval (1 second)! | ||
- | # DEPRECATED: This setting and the respective feature will be removed in a future version of Graylog. | ||
- | # | ||
- | |||
- | # Disable the use of SIGAR for collecting system stats | ||
- | # | ||
- | |||
- | # Amount of time of inactivity after which collectors are flagged as inactive (Default: 1 minute) | ||
- | # | ||
- | |||
- | # Amount of time after which inactive collectors are purged (Default: 14 days) | ||
- | # | ||
- | |||
- | # The default cache time for dashboard widgets. (Default: 10 seconds, minimum: 1 second) | ||
- | # | ||
- | </ | ||
- | |||
- | **__Nachfolgende Einstellungen wurden durchgeführt__**: | ||
- | |||
- | * <code ini> | ||
- | |||
- | Der Passwort-Hash dient als Referenz zur Verschlüsselung von Passwörtern der Benutzer. Der Passwort-Hash wurde mit Hilfe des nachfolgenden Befehls erstellt: | ||
- | < | ||
- | # pwgen -N 1 -s 96 | ||
- | uKyAHSUuCW4tUNUfX3XyaoxZQPeXXdS76MPn0KBxeZs7D1xXwTSoD7506oQwu9uISrcpBklodlXuswXMTZtwKEz5HM2zzGZL | ||
- | </ | ||
- | |||
- | * <code ini> | ||
- | |||
- | Setzen des Benutzernamens für den Benutzer mit Administratoren Rechten. | ||
- | |||
- | * <code ini> | ||
- | |||
- | Der Passwort-Hash ist das Passwort für den Benutzer mit Administratoren Rechten. Der Passwort-Hash wurde mit Hilfe des nachfolgenden Befehls erstellt: | ||
- | < | ||
- | # echo -n geheim | sha256sum | ||
- | addb0f5e7826c857d7376d1bd9bc33c0c544790a2eac96144a8af22b1298c940 | ||
- | </ | ||
- | |||
- | * <code ini> | ||
- | |||
- | E-Mail-Adresse des Benutzers mit den Administratoren Rechten. | ||
- | |||
- | * <code ini> | ||
- | |||
- | Anpassen der Zeitzone für den Benutzer mit Administratoren Rechten. Eine Liste möglicher Einstellungen kann unter nachfolgendem externen Link eingesehen werden: | ||
- | * [[http:// | ||
- | |||
- | * <code ini> | ||
- | |||
- | URI welche auf allen IP-Adressen des Servers lauschen soll, damit auch von außerhalb des Servers ein Zugriff (z.B. über einen Browser) möglich ist. | ||
- | |||
- | * <code ini> | ||
- | |||
- | URI welche als Anzeige hinter einem Proxy verwendet wird. Dies ist erforderlich, | ||
- | |||
- | * <code ini> | ||
- | |||
- | Aktiviert die Auslieferung von "CORS Headers" | ||
- | |||
- | * <code ini> | ||
- | |||
- | Aktiviert die Auslieferung von Daten in komprimierter Form, um die Laufzeit der Anfragen zu verringern. | ||
- | |||
- | * <code ini> | ||
- | |||
- | **Änderung der Rotations-Strategie** des Such-Servers [[https:// | ||
- | |||
- | * <code ini># elasticsearch_max_docs_per_index = 20000000</ | ||
- | |||
- | **Deaktivieren** der maximalen Anzahl an Dokumenten pro Index-Datei des Such-Servers [[https:// | ||
- | |||
- | * <code ini> | ||
- | |||
- | **Aktivieren** des maximalen Zeitintervalls der Index-Datei des Such-Servers [[https:// | ||
- | |||
- | * <code ini> | ||
- | |||
- | **Maximale Anzahl** der Index-Dateien des Such-Servers [[https:// | ||
- | |||
- | * <code ini> | ||
- | |||
- | Anzahl der **'' | ||
- | |||
- | * <code ini> | ||
- | |||
- | **Prefix**, welcher für alle [[https:// | ||
- | |||
- | * <code ini> | ||
- | |||
- | **Name** des [[https:// | ||
- | |||
- | * < | ||
- | |||
- | **Name** des [[https:// | ||
- | |||
- | * <code ini> | ||
- | |||
- | **Deaktivieren** eines möglichen **embedded** [[https:// | ||
- | |||
- | * <code ini> | ||
- | |||
- | **Deaktivieren** des '' | ||
- | |||
- | * <code ini> | ||
- | |||
- | **Aktivieren** der Verwendung einer **Unicast** IP-Adresse 127.0.0.1 und des Ports 9300 **anstelle** von **Multicast** über die IP-Adresse 224.0.0.0. | ||
- | |||
- | * <code ini># mongodb_uri = mongodb:// | ||
- | |||
- | Verbindungs-URI zum [[https:// | ||
- | |||
- | * <code ini> | ||
- | |||
- | Verbindungs-URI zum [[https:// | ||
- | |||
- | * <code ini> | ||
- | |||
- | Definition einer URL, welche in e-Mails zur Generierung von URI's zur Verlinkung auf Inhalte herangezogen werden soll. | ||
- | |||
- | ==== graylog-server: | ||
- | |||
- | Danach kann der **graylog-server**-Server mit nachfolgendem Befehle gestartet werden: | ||
- | < | ||
- | # systemctl start graylog-server | ||
- | </ | ||
- | |||
- | Mit nachfolgendem Befehl kann der Status des [[https:// | ||
- | < | ||
- | # systemctl status graylog-server | ||
- | graylog-server.service - Graylog server | ||
- | | ||
- | | ||
- | Docs: http:// | ||
- | Main PID: 13052 (graylog-server) | ||
- | | ||
- | | ||
- | | ||
- | |||
- | Nov 03 16:32:58 server11.idmz.tachtler.net systemd[1]: Started Graylog server. | ||
- | </ | ||
- | |||
- | ==== graylog-server: | ||
- | |||
- | Nachfolgende LOG-Datei-Zeile sollte am Ende der LOG-Datei | ||
- | * ''/ | ||
- | erscheinen, womit sichergestellt ist, dass der Server korrekt funktioniert: | ||
- | < | ||
- | 2015-11-03T16: | ||
- | </ | ||
- | |||
- | ===== Konfiguration: | ||
- | |||
- | ==== / | ||
- | |||
- | Nachfolgende Konfigurationsdatei enthält die Startparameter für die JAVA virtuelle Maschine des [[https:// | ||
- | * ''/ | ||
- | |||
- | :!: **HINWEIS** - **Es sind keine Anpassungen erforderlich!** | ||
- | |||
- | (**Komplette Konfigurationsdatei**): | ||
- | |||
- | <code bash> | ||
- | # Path to the java executable. | ||
- | JAVA=/ | ||
- | |||
- | # HTTP server settings. | ||
- | GRAYLOG_WEB_HTTP_ADDRESS=" | ||
- | GRAYLOG_WEB_HTTP_PORT=" | ||
- | |||
- | # Might be used to adjust the Java heap size. (i.e. " | ||
- | GRAYLOG_WEB_JAVA_OPTS="" | ||
- | |||
- | # Pass some extra args to graylog-web. (i.e. " | ||
- | GRAYLOG_WEB_ARGS="" | ||
- | |||
- | # Program that will be used to wrap the graylog-web command. Useful to | ||
- | # support programs like authbind. | ||
- | GRAYLOG_COMMAND_WRAPPER="" | ||
- | </ | ||
- | |||
- | :!: **WICHTIG** - Eine Änderung des Ports auf dem der [[https:// | ||
- | |||
- | ==== / | ||
- | |||
- | Nachfolgende Konfigurationsdatei ist die **Hauptkonfigurationsdatei** des [[https:// | ||
- | * ''/ | ||
- | |||
- | Nachfolgende Anpassungen sind erforderlich, | ||
- | |||
- | (**Komplette Konfigurationsdatei**): | ||
- | |||
- | <code ini> | ||
- | # graylog2-server REST URIs (one or more, comma separated) For example: " | ||
- | # Tachtler | ||
- | # default: graylog2-server.uris="" | ||
- | graylog2-server.uris=" | ||
- | |||
- | # Learn how to configure custom logging in the documentation: | ||
- | # http:// | ||
- | |||
- | # Secret key | ||
- | # ~~~~~ | ||
- | # The secret key is used to secure cryptographics functions. Set this to a long and randomly generated string. | ||
- | # If you deploy your application to several instances be sure to use the same key! | ||
- | # Generate for example with: pwgen -N 1 -s 96 | ||
- | # Tachtler | ||
- | # default: application.secret="" | ||
- | application.secret=" | ||
- | |||
- | # Web interface timezone | ||
- | # Graylog stores all timestamps in UTC. To properly display times, set the default timezone of the interface. | ||
- | # If you leave this out, Graylog will pick your system default as the timezone. Usually you will want to configure it explicitly. | ||
- | # Tachtler | ||
- | # default: timezone=" | ||
- | timezone=" | ||
- | |||
- | # Message field limit | ||
- | # Your web interface can cause high load in your browser when you have a lot of different message fields. The default | ||
- | # limit of message fields is 100. Set it to 0 if you always want to get all fields. They are for example used in the | ||
- | # search result sidebar or for autocompletion of field names. | ||
- | field_list_limit=100 | ||
- | |||
- | # Use this to run Graylog with a path prefix | ||
- | # | ||
- | |||
- | # You usually do not want to change this. | ||
- | application.global=lib.Global | ||
- | |||
- | # Global timeout for communication with Graylog server nodes; default: 5s | ||
- | # | ||
- | |||
- | # Accept any server certificate without checking for validity; required if using self-signed certificates. | ||
- | # Default: true | ||
- | # graylog2.client.accept-any-certificate=true | ||
- | </ | ||
- | |||
- | **__Nachfolgende Einstellungen wurden durchgeführt__**: | ||
- | |||
- | * <code ini> | ||
- | |||
- | Angabe der URI, unter der der [[https:// | ||
- | |||
- | * <code ini> | ||
- | |||
- | Der Passwort-Hash dient als Referenz für den einsatz von kryptografischen Funktionen. Der Passwort-Hash wurde mit Hilfe des nachfolgenden Befehls erstellt: | ||
- | < | ||
- | # pwgen -N 1 -s 96 | ||
- | 0JO657guKnJQeGpDgAzsmLT5e7h5D2tRzIwhvKMXUmIOWxDmwLORGN9zRJddX7WhqLNufOL3PzAvchjZKzJbuz7AheVUgtnG | ||
- | </ | ||
- | |||
- | * <code ini> | ||
- | |||
- | Setzen der Zeitzone. Eine Liste möglicher Einstellungen kann unter nachfolgendem externen Link eingesehen werden: | ||
- | * [[http:// | ||
- | |||
- | ==== graylog-web: | ||
- | |||
- | Danach kann der **graylog-web**-Server mit nachfolgendem Befehle gestartet werden: | ||
- | < | ||
- | # systemctl start graylog-web | ||
- | </ | ||
- | |||
- | Mit nachfolgendem Befehl kann der Status des [[https:// | ||
- | < | ||
- | # systemctl status graylog-web | ||
- | graylog-web.service - Graylog web interface | ||
- | | ||
- | | ||
- | Docs: http:// | ||
- | Main PID: 21727 (graylog-web) | ||
- | | ||
- | | ||
- | | ||
- | |||
- | Nov 04 09:13:01 server11.idmz.tachtler.net systemd[1]: Starting Graylog web i... | ||
- | Nov 04 09:13:01 server11.idmz.tachtler.net systemd[1]: Started Graylog web in... | ||
- | Nov 04 09:13:02 server11.idmz.tachtler.net graylog-web[21727]: | ||
- | Hint: Some lines were ellipsized, use -l to show in full. | ||
- | </ | ||
- | |||
- | ==== graylog-web: | ||
- | |||
- | Durch Aufruf der URL des [[https:// | ||
- | * [[http:// | ||
- | sollte nachfolgende Ausgabe im Browser erscheinen: | ||
- | |||
- | {{: | ||
- | |||
- | ==== graylog-web: | ||
- | |||
- | Damit der [[https:// | ||
- | |||
- | Um die aktuellen '' | ||
- | < | ||
- | # iptables -L -nv --line-numbers | ||
- | Chain INPUT (policy ACCEPT 0 packets, 0 bytes) | ||
- | num pkts bytes target | ||
- | 1 0 0 ACCEPT | ||
- | 2 0 0 ACCEPT | ||
- | 3 0 0 ACCEPT | ||
- | 4 0 0 ACCEPT | ||
- | 5 0 0 REJECT | ||
- | |||
- | Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) | ||
- | num pkts bytes target | ||
- | 1 0 0 REJECT | ||
- | |||
- | Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) | ||
- | num pkts bytes target | ||
- | </ | ||
- | |||
- | Nachfolgender Befehl, fügt folgende '' | ||
- | * < | ||
- | * < | ||
- | und hier der Befehl: | ||
- | < | ||
- | # iptables -I INPUT 5 -p tcp --dport 80 -j ACCEPT | ||
- | # iptables -I INPUT 6 -p tcp --dport 443 -j ACCEPT | ||
- | </ | ||
- | |||
- | Ein erneute Abfrage des '' | ||
- | < | ||
- | # iptables -L -nv --line-numbers | ||
- | Chain INPUT (policy ACCEPT 0 packets, 0 bytes) | ||
- | num pkts bytes target | ||
- | 1 0 0 ACCEPT | ||
- | 2 0 0 ACCEPT | ||
- | 3 0 0 ACCEPT | ||
- | 4 0 0 ACCEPT | ||
- | 5 0 0 ACCEPT | ||
- | 6 0 0 ACCEPT | ||
- | state NEW | ||
- | 7 0 0 REJECT | ||
- | |||
- | Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) | ||
- | num pkts bytes target | ||
- | 1 0 0 REJECT | ||
- | |||
- | Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) | ||
- | num pkts bytes target | ||
- | </ | ||
- | |||
- | Die neuen Zeilen sind an **Position 5 (INPUT)** bis **Position 6 (INPUT)** zu sehen, hier nachfolgend zur Verdeutlichung noch einmal dargestellt (**nur relevanter Ausschnitt**): | ||
- | < | ||
- | ... | ||
- | 5 0 0 ACCEPT | ||
- | 6 0 0 ACCEPT | ||
- | ... | ||
- | </ | ||
- | |||
- | Um diese '' | ||
- | < | ||
- | # / | ||
- | </ | ||
- | |||
- | ==== graylog-web: | ||
- | |||
- | Damit [[https:// | ||
- | * **UDP** (Standard) | ||
- | * **Port: '' | ||
- | oder | ||
- | * **TCP** (TLS-Verschlüsselung) | ||
- | * **Port: '' | ||
- | durchgeführt werden. | ||
- | |||
- | :!: **WICHTIG** - **Grundsätzlich wird der [[https:// | ||
- | |||
- | Aufgrund der Tatsache, das der [[https:// | ||
- | |||
- | Da sich einige Router oder Switche jedoch **__nicht__** so konfigurieren lassen, das diese auf einem anderen Port als '' | ||
- | |||
- | Dazu ist nachfolgende **'' | ||
- | |||
- | **__UDP__**: | ||
- | < | ||
- | # iptables -t nat -A PREROUTING -i eth0 -p udp -m udp -d 192.168.0.110 --dport 514 -j DNAT --to-destination :10514 | ||
- | </ | ||
- | **__TCP__**: | ||
- | < | ||
- | # iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp -d 192.168.0.110 --dport 514 -j DNAT --to-destination :10514 | ||
- | </ | ||
- | |||
- | Eine Überprüfung, | ||
- | < | ||
- | # iptables --line-numbers -t nat -nvL PREROUTING | ||
- | Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) | ||
- | num pkts bytes target | ||
- | 1 0 0 DNAT | ||
- | 1 0 0 DNAT | ||
- | </ | ||
- | |||
- | ==== graylog-web: | ||
- | |||
- | Nachfolgend kann die Konfiguration des **Inputs** in der [[https:// | ||
- | |||
- | {{: | ||
- | |||
- | |||
- | ===== Konfiguration: | ||
- | |||
- | Nachfolgende Konfiguration soll den Datenserver der LOG-Daten vom jeweils **lokalen** - [[http:// | ||
- | |||
- | Des weiteren soll damit auch gewährleistet werden, das sich nur **autorisierte** [[http:// | ||
- | |||
- | Um die beiden Punkte | ||
- | * **Verschlüsselte** LOG-Datenübertragung und | ||
- | * **Autorisierte** LOG-Datenübertragung | ||
- | realisieren zu können, ist es erforderlich entsprechend **Zertifikate** zu erstellen. | ||
- | |||
- | Nachfolgende Zertifikate müssen dafür erstellt werden: | ||
- | |||
- | :!: **HINWEIS** - **Es sollen '' | ||
- | |||
- | Die Konfiguration beinhaltet | ||
- | - Erstellen einer **eignen CA** - **'' | ||
- | - Erstellen eines **'' | ||
- | - Erstellen eines **'' | ||
- | |||
- | ==== TLS: Eigene CA erstellen ==== | ||
- | |||
- | Nachfolgende Konfiguration erstellt eine **eigene CA**, aus der das **ROOT**-Zertifikat der CA erstellt wird, welche wiederum das **'' | ||
- | |||
- | Dazu sollen mit nachfolgenden Befehl in nachfolgendem Verzeichnis | ||
- | * ''/ | ||
- | die folgenden Verzeichnisse erstellt werden | ||
- | * ''/ | ||
- | * ''/ | ||
- | * ''/ | ||
- | * ''/ | ||
- | < | ||
- | # mkdir -p / | ||
- | </ | ||
- | |||
- | Ob die Verzeichnisse korrekt erstellt wurden, kann mit nachfolgendem Befehl überprüft werden: | ||
- | < | ||
- | # ll / | ||
- | / | ||
- | total 0 | ||
- | |||
- | / | ||
- | total 0 | ||
- | |||
- | / | ||
- | total 0 | ||
- | </ | ||
- | |||
- | Jetzt müssen jeweils ein | ||
- | * ''/ | ||
- | * ''/ | ||
- | mit nachfolgenden Befehlen erstellt werden: | ||
- | |||
- | **__1. Schritt__**: | ||
- | < | ||
- | # certtool --generate-privkey --bits=4096 --outfile / | ||
- | ** Note: Please use the --sec-param instead of --bits | ||
- | Generating a 4096 bit RSA private key... | ||
- | </ | ||
- | * //Die Meldung '' | ||
- | |||
- | **__2. Schritt__**: | ||
- | < | ||
- | # certtool --generate-self-signed --load-privkey / | ||
- | Generating a self signed certificate... | ||
- | Please enter the details of the certificate' | ||
- | Common name: Graylog CA | ||
- | UID: | ||
- | Organizational unit name: | ||
- | Organization name: Klaus Tachtler | ||
- | Locality name: Muenchen (Munich) | ||
- | State or province name: Bayern (Bavaria) | ||
- | Country name (2 chars): DE | ||
- | Enter the subject' | ||
- | This field should not be used in new certificates. | ||
- | E-mail: hostmaster@tachtler.net | ||
- | Enter the certificate' | ||
- | |||
- | |||
- | Activation/ | ||
- | The certificate will expire in (days): 3650 | ||
- | |||
- | |||
- | Extensions. | ||
- | Does the certificate belong to an authority? (y/N): y | ||
- | Path length constraint (decimal, -1 for no constraint): | ||
- | Is this a TLS web client certificate? | ||
- | Will the certificate be used for IPsec IKE operations? (y/ | ||
- | Is this a TLS web server certificate? | ||
- | Enter a dnsName of the subject of the certificate: | ||
- | Enter a URI of the subject of the certificate: | ||
- | Enter the IP address of the subject of the certificate: | ||
- | Enter the e-mail of the subject of the certificate: | ||
- | Will the certificate be used to sign OCSP requests? (y/ | ||
- | Will the certificate be used to sign code? (y/ | ||
- | Will the certificate be used for time stamping? (y/ | ||
- | Will the certificate be used to sign other certificates? | ||
- | Will the certificate be used to sign CRLs? (y/ | ||
- | Enter the URI of the CRL distribution point: | ||
- | X.509 Certificate Information: | ||
- | Version: 3 | ||
- | Serial Number (hex): 01 | ||
- | Validity: | ||
- | Not Before: Mon Apr 30 11:54:22 UTC 2018 | ||
- | Not After: Thu Apr 27 11:54:31 UTC 2028 | ||
- | Subject: CN=Graylog CA,O=Klaus Tachtler, | ||
- | (Bavaria), | ||
- | Subject Public Key Algorithm: RSA | ||
- | Algorithm Security Level: High (4096 bits) | ||
- | Modulus (bits 4096): | ||
- | 00: | ||
- | 0b: | ||
- | 07: | ||
- | 46: | ||
- | 46: | ||
- | 03: | ||
- | a2: | ||
- | 1a: | ||
- | 9f: | ||
- | 82: | ||
- | 60: | ||
- | 2a: | ||
- | f9: | ||
- | f0: | ||
- | c6: | ||
- | a8: | ||
- | 62: | ||
- | 89: | ||
- | 09: | ||
- | bf: | ||
- | ec: | ||
- | f9: | ||
- | 9b: | ||
- | ef: | ||
- | 11: | ||
- | ad: | ||
- | cf: | ||
- | ea: | ||
- | c5: | ||
- | ce: | ||
- | e9: | ||
- | 51: | ||
- | cd | ||
- | Exponent (bits 24): | ||
- | 01:00:01 | ||
- | Extensions: | ||
- | Basic Constraints (critical): | ||
- | Certificate Authority (CA): TRUE | ||
- | Subject Alternative Name (not critical): | ||
- | RFC822Name: hostmaster@tachtler.net | ||
- | Key Usage (critical): | ||
- | Certificate signing. | ||
- | Subject Key Identifier (not critical): | ||
- | 28584006a86a5f5cae8dcbea7d0af4e5d4d4e1fa | ||
- | Other Information: | ||
- | Public Key ID: | ||
- | 28584006a86a5f5cae8dcbea7d0af4e5d4d4e1fa | ||
- | Public key's random art: | ||
- | +--[ RSA 4096]----+ | ||
- | |oo+ . | | ||
- | |.. . o . | | ||
- | |. | ||
- | |. o oo . | | ||
- | |. ..o +oSo | | ||
- | |... .++. . | | ||
- | |. ....+. | ||
- | | .+o o | | ||
- | | .o.=+ | | ||
- | +-----------------+ | ||
- | |||
- | Is the above information ok? (y/N): y | ||
- | |||
- | |||
- | Signing certificate... | ||
- | </ | ||
- | |||
- | **__Getätigte Eingaben__**: | ||
- | |||
- | ^ Einstellung | ||
- | | Common name | '' | ||
- | | Organization name: | '' | ||
- | | Locality name: | '' | ||
- | | State or province name: | '' | ||
- | | Country name (2 chars): | ||
- | | E-mail: | ||
- | | Enter the certificate' | ||
- | | The certificate will expire in (days): | ||
- | | Does the certificate belong to an authority? (y/ | ||
- | | Enter the e-mail of the subject of the certificate: | ||
- | | Will the certificate be used to sign other certificates? | ||
- | | Is the above information ok? (y/ | ||
- | |||
- | Mit nachfolgendem Befehl kann nun überprüft werden, ob der **Schlüssel** und das **ROOT**-Zertifikat für die **eigene CA** erstellt wurden: | ||
- | < | ||
- | # ll / | ||
- | / | ||
- | total 4 | ||
- | -rw-r--r-- 1 root root 2175 Apr 30 14:09 graylog-ca-crt.pem | ||
- | |||
- | / | ||
- | total 0 | ||
- | |||
- | / | ||
- | total 12 | ||
- | -rw------- 1 root root 10996 Apr 30 14:06 graylog-ca-key.pem | ||
- | </ | ||
- | |||
- | ==== TLS: Server-Zertifikat erstellen ==== | ||
- | |||
- | Nachfolgende Befehle erstellen ein **'' | ||
- | |||
- | Jetzt müssen jeweils ein | ||
- | * ''/ | ||
- | * ''/ | ||
- | mit nachfolgenden Befehlen erstellt werden: | ||
- | |||
- | **__1. Schritt__**: | ||
- | < | ||
- | # certtool --generate-privkey --bits=4096 --outfile / | ||
- | ** Note: Please use the --sec-param instead of --bits | ||
- | Generating a 4096 bit RSA private key... | ||
- | </ | ||
- | * //Die Meldung '' | ||
- | |||
- | **__2. Schritt__**: | ||
- | < | ||
- | # certtool --generate-request --load-privkey / | ||
- | Generating a PKCS #10 certificate request... | ||
- | Common name: vml70110.idmz.tachtler.net | ||
- | Organizational unit name: | ||
- | Organization name: Klaus Tachtler | ||
- | Locality name: Muenchen (Munich) | ||
- | State or province name: Bayern (Bavaria) | ||
- | Country name (2 chars): DE | ||
- | Enter the subject' | ||
- | UID: | ||
- | Enter a dnsName of the subject of the certificate: | ||
- | Enter a URI of the subject of the certificate: | ||
- | Enter a URI of the subject of the certificate: | ||
- | Enter the IP address of the subject of the certificate: | ||
- | Enter the e-mail of the subject of the certificate: | ||
- | Enter a challenge password: | ||
- | Does the certificate belong to an authority? (y/N): n | ||
- | Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? | ||
- | Will the certificate be used for encryption (RSA ciphersuites)? | ||
- | Will the certificate be used to sign code? (y/ | ||
- | Will the certificate be used for time stamping? (y/ | ||
- | Will the certificate be used for IPsec IKE operations? (y/ | ||
- | Will the certificate be used to sign OCSP requests? (y/ | ||
- | Is this a TLS web client certificate? | ||
- | Is this a TLS web server certificate? | ||
- | </ | ||
- | |||
- | **__Getätigte Eingaben__**: | ||
- | |||
- | ^ Einstellung | ||
- | | Common name | '' | ||
- | | Organization name: | '' | ||
- | | Locality name: | '' | ||
- | | State or province name: | '' | ||
- | | Country name (2 chars): | ||
- | | Enter a URI of the subject of the certificate: | ||
- | | Enter the e-mail of the subject of the certificate: | ||
- | | Does the certificate belong to an authority? (y/ | ||
- | | Is this a TLS web client certificate? | ||
- | | Is this a TLS web server certificate? | ||
- | |||
- | Mit nachfolgendem Befehl kann nun überprüft werden, ob der **Schlüssel** und das **Zertifikats-Antrag (Request)** erstellt wurden: | ||
- | < | ||
- | # ls -la / | ||
- | / | ||
- | total 12 | ||
- | drwxr-xr-x 2 root root 60 Apr 30 15:10 . | ||
- | drwxr-xr-x 4 root root 32 Apr 30 13:21 .. | ||
- | -rw-r--r-- 1 root root 2175 Apr 30 14:56 graylog-ca-crt.pem | ||
- | -rw------- 1 root root 4337 Apr 30 15:11 graylog-server-csr.pem | ||
- | |||
- | / | ||
- | total 24 | ||
- | drwxr-xr-x 2 root root 60 Apr 30 14:56 . | ||
- | drwxr-xr-x 4 root root 32 Apr 30 13:21 .. | ||
- | -rw------- 1 root root 10999 Apr 30 14:52 graylog-ca-key.pem | ||
- | -rw------- 1 root root 11009 Apr 30 14:56 graylog-server-key.pem | ||
- | </ | ||
- | |||
- | Nachfolgender Befehl erstellt nun aus der **Graylog CA**-ROOT-Zertifikat, | ||
- | < | ||
- | # certtool --generate-certificate --load-request / | ||
- | Generating a signed certificate... | ||
- | Enter the certificate' | ||
- | |||
- | |||
- | Activation/ | ||
- | The certificate will expire in (days): 3649 | ||
- | |||
- | |||
- | Extensions. | ||
- | Do you want to honour the extensions from the request? (y/ | ||
- | Does the certificate belong to an authority? (y/N): n | ||
- | Is this a TLS web client certificate? | ||
- | Will the certificate be used for IPsec IKE operations? (y/ | ||
- | Is this a TLS web server certificate? | ||
- | Enter a dnsName of the subject of the certificate: | ||
- | Enter a dnsName of the subject of the certificate: | ||
- | Enter a URI of the subject of the certificate: | ||
- | Enter the IP address of the subject of the certificate: | ||
- | Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? | ||
- | Will the certificate be used for encryption (RSA ciphersuites)? | ||
- | Will the certificate be used to sign OCSP requests? (y/ | ||
- | Will the certificate be used to sign code? (y/ | ||
- | Will the certificate be used for time stamping? (y/ | ||
- | X.509 Certificate Information: | ||
- | Version: 3 | ||
- | Serial Number (hex): 02 | ||
- | Validity: | ||
- | Not Before: Mon Apr 30 13:02:52 UTC 2018 | ||
- | Not After: Wed Apr 26 13:03:00 UTC 2028 | ||
- | Subject: CN=vml70110.idmz.tachtler.net, | ||
- | Subject Public Key Algorithm: RSA | ||
- | Algorithm Security Level: High (4096 bits) | ||
- | Modulus (bits 4096): | ||
- | 00: | ||
- | 7b: | ||
- | 31: | ||
- | 95: | ||
- | 0d: | ||
- | 80: | ||
- | a8: | ||
- | dd: | ||
- | d5: | ||
- | 0c: | ||
- | 78: | ||
- | f5: | ||
- | e6: | ||
- | ce: | ||
- | 9d: | ||
- | 22: | ||
- | c1: | ||
- | a6: | ||
- | f0: | ||
- | 5f: | ||
- | 63: | ||
- | c9: | ||
- | bb: | ||
- | 0c: | ||
- | 79: | ||
- | bf: | ||
- | 9b: | ||
- | 8b: | ||
- | 1b: | ||
- | 9b: | ||
- | cd: | ||
- | 7c: | ||
- | cf | ||
- | Exponent (bits 24): | ||
- | 01:00:01 | ||
- | Extensions: | ||
- | Basic Constraints (critical): | ||
- | Certificate Authority (CA): FALSE | ||
- | Key Purpose (not critical): | ||
- | TLS WWW Client. | ||
- | TLS WWW Server. | ||
- | Subject Alternative Name (not critical): | ||
- | DNSname: vml70010.idmz.tachtler.net | ||
- | Key Usage (critical): | ||
- | Digital signature. | ||
- | Key encipherment. | ||
- | Subject Key Identifier (not critical): | ||
- | b8184e28caddf3b39110484a1b63e76ab4a1a890 | ||
- | Authority Key Identifier (not critical): | ||
- | f309922f43a2380911f8c61287109a2313dda319 | ||
- | Other Information: | ||
- | Public Key ID: | ||
- | b8184e28caddf3b39110484a1b63e76ab4a1a890 | ||
- | Public key's random art: | ||
- | +--[ RSA 4096]----+ | ||
- | | * . | | ||
- | | = * . | | ||
- | | o + o | | ||
- | |o.= | ||
- | |E= .. S | | ||
- | |+. | ||
- | |+ o . .o | | ||
- | |+o... ... | | ||
- | |.... o.oo | | ||
- | +-----------------+ | ||
- | |||
- | Is the above information ok? (y/N): y | ||
- | |||
- | |||
- | Signing certificate... | ||
- | </ | ||
- | |||
- | **__Getätigte Eingaben__**: | ||
- | |||
- | ^ Einstellung | ||
- | | Enter the certificate' | ||
- | | The certificate will expire in (days): | ||
- | | Does the certificate belong to an authority? (y/ | ||
- | | Is this a TLS web client certificate? | ||
- | | Is this a TLS web server certificate? | ||
- | | Enter a dnsName of the subject of the certificate: | ||
- | | Enter a URI of the subject of the certificate: | ||
- | | Is the above information ok? (y/ | ||
- | |||
- | Mit nachfolgendem Befehl kann nun überprüft werden, ob der **Schlüssel** und das **Zertifikats-Antrag (Request)** sowie das **Graylog Server**-Zertifikat erstellt wurden: | ||
- | < | ||
- | # ls -la / | ||
- | / | ||
- | total 16 | ||
- | drwxr-xr-x 2 root root 89 Apr 30 15:17 . | ||
- | drwxr-xr-x 4 root root 32 Apr 30 13:21 .. | ||
- | -rw-r--r-- 1 root root 2175 Apr 30 14:56 graylog-ca-crt.pem | ||
- | -rw-r--r-- 1 root root 2269 Apr 30 15:19 graylog-server-crt.pem | ||
- | -rw------- 1 root root 4337 Apr 30 15:11 graylog-server-csr.pem | ||
- | |||
- | / | ||
- | total 24 | ||
- | drwxr-xr-x 2 root root 60 Apr 30 14:56 . | ||
- | drwxr-xr-x 4 root root 32 Apr 30 13:21 .. | ||
- | -rw------- 1 root root 10999 Apr 30 14:52 graylog-ca-key.pem | ||
- | -rw------- 1 root root 11009 Apr 30 14:56 graylog-server-key.pem | ||
- | </ | ||
- | |||
- | :!: **WICHTIG** - Damit der **Zertifikats-Schlüssel (Certificate-Key)** geladen werden kann, muss dieser erst noch in das passende [[https:// | ||
- | <code java> | ||
- | 2018-04-30T16: | ||
- | java.lang.IllegalArgumentException: | ||
- | at org.graylog2.plugin.inputs.transports.util.KeyUtil.loadPrivateKey(KeyUtil.java: | ||
- | at org.graylog2.plugin.inputs.transports.util.KeyUtil.initKeyStore(KeyUtil.java: | ||
- | at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$1.createSslEngine(AbstractTcpTransport.java: | ||
- | at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$1.call(AbstractTcpTransport.java: | ||
- | at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$1.call(AbstractTcpTransport.java: | ||
- | at org.graylog2.plugin.inputs.transports.NettyTransport$1.getPipeline(NettyTransport.java: | ||
- | at org.jboss.netty.channel.socket.nio.NioServerBoss.registerAcceptedChannel(NioServerBoss.java: | ||
- | at org.jboss.netty.channel.socket.nio.NioServerBoss.process(NioServerBoss.java: | ||
- | at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java: | ||
- | at org.jboss.netty.channel.socket.nio.NioServerBoss.run(NioServerBoss.java: | ||
- | at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java: | ||
- | at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java: | ||
- | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java: | ||
- | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java: | ||
- | at java.lang.Thread.run(Thread.java: | ||
- | </ | ||
- | |||
- | Nachfolgender Befehl konvertiert den **Zertifikats-Schlüssel (Certificate-Key)** in das [[https:// | ||
- | < | ||
- | # openssl pkcs8 -topk8 -in / | ||
- | </ | ||
- | |||
- | :!: **WICHTIG** - Damit der **Zertifikats-Schlüssel (Certificate-Key)** geladen werden kann, müssen zusätzlich die **Besitz**- und **Datei**rechte entsprechend angepasst werden, da sonst nachfolgende Fehlermeldung mit nachfolgender Fehlersituation entstehen würde: | ||
- | <code java> | ||
- | 2018-04-30T16: | ||
- | java.nio.file.AccessDeniedException: | ||
- | at sun.nio.fs.UnixException.translateToIOException(UnixException.java: | ||
- | at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java: | ||
- | at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java: | ||
- | at sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java: | ||
- | at java.nio.file.Files.newByteChannel(Files.java: | ||
- | at java.nio.file.Files.newByteChannel(Files.java: | ||
- | at java.nio.file.spi.FileSystemProvider.newInputStream(FileSystemProvider.java: | ||
- | at java.nio.file.Files.newInputStream(Files.java: | ||
- | at org.graylog2.plugin.inputs.transports.util.KeyUtil.loadCertificates(KeyUtil.java: | ||
- | at org.graylog2.plugin.inputs.transports.util.KeyUtil.loadCertificates(KeyUtil.java: | ||
- | at org.graylog2.plugin.inputs.transports.util.KeyUtil.initTrustStore(KeyUtil.java: | ||
- | at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$1.createSslEngine(AbstractTcpTransport.java: | ||
- | at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$1.call(AbstractTcpTransport.java: | ||
- | at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$1.call(AbstractTcpTransport.java: | ||
- | at org.graylog2.plugin.inputs.transports.NettyTransport$1.getPipeline(NettyTransport.java: | ||
- | at org.jboss.netty.channel.socket.nio.NioServerBoss.registerAcceptedChannel(NioServerBoss.java: | ||
- | at org.jboss.netty.channel.socket.nio.NioServerBoss.process(NioServerBoss.java: | ||
- | at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java: | ||
- | at org.jboss.netty.channel.socket.nio.NioServerBoss.run(NioServerBoss.java: | ||
- | at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java: | ||
- | at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java: | ||
- | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java: | ||
- | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java: | ||
- | at java.lang.Thread.run(Thread.java: | ||
- | </ | ||
- | |||
- | Nachfolgende Befehle setzen noch die richtigen **Besitz**- und **Datei**rechte für die neu erstellte Datei **Zertifikats-Schlüssel (Certificate-Key)**: | ||
- | **__Besitz__rechte**: | ||
- | < | ||
- | # chown root: | ||
- | </ | ||
- | **__Datei__rechte**: | ||
- | < | ||
- | # chmod 640 / | ||
- | </ | ||
- | |||
- | Abschließend sollten noch die **Zertifikats-Anträge (Requests)** mit nachfolgendem Befehl gelöscht werden: | ||
- | < | ||
- | # rm -f / | ||
- | </ | ||
- | |||
- | ==== graylog-web: | ||
- | |||
- | Nachfolgend kann die Konfiguration des **Inputs** in der [[https:// | ||
- | |||
- | {{: | ||
- | |||
- | **__Nachfolgende Einstellungen sind dazu zu ergänzen__ (Nur relevante Änderungen/ | ||
- | |||
- | |||
- | ^ Einstellung | ||
- | | **Global input** (Standard on all nodes) | ||
- | | **Port** | ||
- | | **TLS cert file** (optional) | ||
- | | **TLS private key file** (optional) | ||
- | | **Enable TLS** (optional) | ||
- | | **Enable keepalive** (optional) | ||
- | |||
- | ==== TLS: Client-Zertifikat erstellen ==== | ||
- | |||
- | :!: **WICHTIG** - **Diese Schritte müssen für __JEDEN__ Client individuell wiederholt werden !!!** | ||
- | |||
- | Nachfolgende Befehle erstellen ein **'' | ||
- | |||
- | Jetzt müssen jeweils ein | ||
- | * ''/ | ||
- | * ''/ | ||
- | mit nachfolgenden Befehlen erstellt werden: | ||
- | |||
- | **__1. Schritt__**: | ||
- | < | ||
- | # certtool --generate-privkey --bits=4096 --outfile / | ||
- | ** Note: Please use the --sec-param instead of --bits | ||
- | Generating a 4096 bit RSA private key... | ||
- | </ | ||
- | * //Die Meldung '' | ||
- | |||
- | **__2. Schritt__**: | ||
- | < | ||
- | # certtool --generate-request --load-privkey / | ||
- | Generating a PKCS #10 certificate request... | ||
- | Common name: vml70010.idmz.tachtler.net | ||
- | Organizational unit name: | ||
- | Organization name: Klaus Tachtler | ||
- | Locality name: Muenchen (Munich) | ||
- | State or province name: Bayern (Bavaria) | ||
- | Country name (2 chars): DE | ||
- | Enter the subject' | ||
- | UID: | ||
- | Enter a dnsName of the subject of the certificate: | ||
- | Enter a URI of the subject of the certificate: | ||
- | Enter the IP address of the subject of the certificate: | ||
- | Enter the e-mail of the subject of the certificate: | ||
- | Enter a challenge password: | ||
- | Does the certificate belong to an authority? (y/N): n | ||
- | Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? | ||
- | Will the certificate be used for encryption (RSA ciphersuites)? | ||
- | Will the certificate be used to sign code? (y/ | ||
- | Will the certificate be used for time stamping? (y/ | ||
- | Will the certificate be used for IPsec IKE operations? (y/ | ||
- | Will the certificate be used to sign OCSP requests? (y/ | ||
- | Is this a TLS web client certificate? | ||
- | Is this a TLS web server certificate? | ||
- | </ | ||
- | |||
- | **__Getätigte Eingaben__**: | ||
- | |||
- | ^ Einstellung | ||
- | | Common name | '' | ||
- | | Organization name: | '' | ||
- | | Locality name: | '' | ||
- | | State or province name: | '' | ||
- | | Country name (2 chars): | ||
- | | Enter a URI of the subject of the certificate: | ||
- | | Enter the e-mail of the subject of the certificate: | ||
- | | Does the certificate belong to an authority? (y/ | ||
- | | Is this a TLS web client certificate? | ||
- | | Is this a TLS web server certificate? | ||
- | |||
- | Mit nachfolgendem Befehl kann nun überprüft werden, ob der **Schlüssel** und das **Zertifikats-Antrag (Request)** erstellt wurden: | ||
- | < | ||
- | # ls -la / | ||
- | / | ||
- | total 24 | ||
- | drwxr-xr-x 2 root root 138 Apr 30 15:30 . | ||
- | drwxr-xr-x 4 root root 32 Apr 30 13:21 .. | ||
- | -rw-r--r-- 1 root root 2175 Apr 30 14:56 graylog-ca-crt.pem | ||
- | -rw-r--r-- 1 root root 2269 Apr 30 15:19 graylog-server-crt.pem | ||
- | -rw------- 1 root root 4337 Apr 30 15:11 graylog-server-csr.pem | ||
- | -rw------- 1 root root 4257 Apr 30 15:31 graylog-vml70010.idmz.tachtler.net-csr.pem | ||
- | |||
- | / | ||
- | total 36 | ||
- | drwxr-xr-x 2 root root 109 Apr 30 15:27 . | ||
- | drwxr-xr-x 4 root root 32 Apr 30 13:21 .. | ||
- | -rw------- 1 root root 10999 Apr 30 14:52 graylog-ca-key.pem | ||
- | -rw------- 1 root root 11009 Apr 30 14:56 graylog-server-key.pem | ||
- | -rw------- 1 root root 10996 Apr 30 15:27 graylog-vml70010.idmz.tachtler.net-key.pem | ||
- | </ | ||
- | |||
- | Nachfolgender Befehl erstellt nun aus der **Graylog CA**-ROOT-Zertifikat, | ||
- | < | ||
- | # certtool --generate-certificate --load-request / | ||
- | Generating a signed certificate... | ||
- | Enter the certificate' | ||
- | |||
- | |||
- | Activation/ | ||
- | The certificate will expire in (days): 3649 | ||
- | |||
- | |||
- | Extensions. | ||
- | Do you want to honour the extensions from the request? (y/ | ||
- | Does the certificate belong to an authority? (y/N): n | ||
- | Is this a TLS web client certificate? | ||
- | Will the certificate be used for IPsec IKE operations? (y/ | ||
- | Is this a TLS web server certificate? | ||
- | Enter a dnsName of the subject of the certificate: | ||
- | Enter a dnsName of the subject of the certificate: | ||
- | Enter a URI of the subject of the certificate: | ||
- | Enter the IP address of the subject of the certificate: | ||
- | Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? | ||
- | Will the certificate be used for encryption (RSA ciphersuites)? | ||
- | Will the certificate be used to sign OCSP requests? (y/ | ||
- | Will the certificate be used to sign code? (y/ | ||
- | Will the certificate be used for time stamping? (y/ | ||
- | X.509 Certificate Information: | ||
- | Version: 3 | ||
- | Serial Number (hex): 03 | ||
- | Validity: | ||
- | Not Before: Mon Apr 30 13:32:18 UTC 2018 | ||
- | Not After: Wed Apr 26 13:32:27 UTC 2028 | ||
- | Subject: CN=vml70010.idmz.tachtler.net, | ||
- | Subject Public Key Algorithm: RSA | ||
- | Algorithm Security Level: High (4096 bits) | ||
- | Modulus (bits 4096): | ||
- | 00: | ||
- | b3: | ||
- | 2c: | ||
- | 44: | ||
- | 14: | ||
- | 98: | ||
- | 3c: | ||
- | b8: | ||
- | cc: | ||
- | ee: | ||
- | 15: | ||
- | 21: | ||
- | ba: | ||
- | 73: | ||
- | 5e: | ||
- | 2f: | ||
- | 06: | ||
- | ce: | ||
- | 5c: | ||
- | 1d: | ||
- | ea: | ||
- | 4d: | ||
- | fe: | ||
- | af: | ||
- | ff: | ||
- | 4d: | ||
- | 90: | ||
- | c2: | ||
- | 69: | ||
- | e6: | ||
- | 02: | ||
- | 4e: | ||
- | ad | ||
- | Exponent (bits 24): | ||
- | 01:00:01 | ||
- | Extensions: | ||
- | Basic Constraints (critical): | ||
- | Certificate Authority (CA): FALSE | ||
- | Key Purpose (not critical): | ||
- | TLS WWW Client. | ||
- | TLS WWW Server. | ||
- | Subject Alternative Name (not critical): | ||
- | DNSname: vml70010.idmz.tachtler.net | ||
- | Key Usage (critical): | ||
- | Digital signature. | ||
- | Key encipherment. | ||
- | Subject Key Identifier (not critical): | ||
- | 4cb652bc753ad41f5de71a57f46af13d1b3e8f3b | ||
- | Authority Key Identifier (not critical): | ||
- | f709872f43a1380411f8b61287109b4713ada319 | ||
- | Other Information: | ||
- | Public Key ID: | ||
- | 4cb652bc753ad41f5de71a57f46af13d1b3e8f3b | ||
- | Public key's random art: | ||
- | +--[ RSA 4096]----+ | ||
- | | | | ||
- | | | | ||
- | | | | ||
- | | . . .+| | ||
- | | S. . =*| | ||
- | | +... . .oO| | ||
- | | o.o .. ..oE| | ||
- | | | ||
- | | . .. o++| | ||
- | +-----------------+ | ||
- | |||
- | Is the above information ok? (y/N): y | ||
- | |||
- | |||
- | Signing certificate... | ||
- | </ | ||
- | |||
- | **__Getätigte Eingaben__**: | ||
- | |||
- | ^ Einstellung | ||
- | | Enter the certificate' | ||
- | | The certificate will expire in (days): | ||
- | | Does the certificate belong to an authority? (y/ | ||
- | | Is this a TLS web client certificate? | ||
- | | Is this a TLS web server certificate? | ||
- | | Enter a dnsName of the subject of the certificate: | ||
- | | Enter a URI of the subject of the certificate: | ||
- | | Is the above information ok? (y/ | ||
- | |||
- | Mit nachfolgendem Befehl kann nun überprüft werden, ob der **Schlüssel** und das **Zertifikats-Antrag (Request)** sowie das **Graylog Client**-Zertifikat erstellt wurden: | ||
- | < | ||
- | # ls -la / | ||
- | / | ||
- | total 24 | ||
- | drwxr-xr-x 2 root root 4096 Apr 30 15:32 . | ||
- | drwxr-xr-x 4 root root 32 Apr 30 13:21 .. | ||
- | -rw-r--r-- 1 root root 2175 Apr 30 14:56 graylog-ca-crt.pem | ||
- | -rw-r--r-- 1 root root 2269 Apr 30 15:19 graylog-server-crt.pem | ||
- | -rw-r--r-- 1 root root 2232 Apr 30 15:33 graylog-vml70010.idmz.tachtler.net-crt.pem | ||
- | -rw------- 1 root root 4257 Apr 30 15:31 graylog-vml70010.idmz.tachtler.net-csr.pem | ||
- | |||
- | / | ||
- | total 48 | ||
- | drwxr-xr-x 2 root root 109 Apr 30 15:27 . | ||
- | drwxr-xr-x 4 root root 32 Apr 30 13:21 .. | ||
- | -rw------- 1 root root 10999 Apr 30 14:52 graylog-ca-key.pem | ||
- | -rw------- 1 root root 11009 Apr 30 14:56 graylog-server-key.pem | ||
- | -rw-r--r-- 1 root root 11009 Apr 30 14:56 graylog-server-key-pkcs8.pem | ||
- | -rw------- 1 root root 10996 Apr 30 15:27 graylog-vml70010.idmz.tachtler.net-key.pem | ||
- | </ | ||
- | |||
- | Abschließend sollten noch die **Zertifikats-Anträge (Requests)** mit nachfolgendem Befehl gelöscht werden: | ||
- | < | ||
- | # rm -f / | ||
- | </ | ||
- | |||
- | ==== graylog-web: | ||
- | |||
- | Nachfolgend kann die Konfiguration des **Inputs** in der [[https:// | ||
- | |||
- | {{: | ||
- | |||
- | **__Nachfolgende Einstellungen sind dazu zu ergänzen__ (Nur relevante Änderungen/ | ||
- | |||
- | ^ Einstellung | ||
- | | **Global input** (Standard on all nodes) | ||
- | | **Port** | ||
- | | **TLS cert file** (optional) | ||
- | | **TLS private key file** (optional) | ||
- | | **Enable TLS** (optional) | ||
- | | **TLS client authentication** (optional) | ||
- | | **TLS Client Auth Trusted Certs** (optional) | **''/ | ||
- | | **Enable keepalive** (optional) | ||
- | |||
- | ===== Konfiguration: | ||
- | |||
- | Die Konfiguration von [[http:// | ||
- | |||
- | Nachfolgende Konfigurationen bewegt [[http:// | ||
- | |||
- | **__UDP: | ||
- | <code ini> | ||
- | $template GRAYLOGRFC5424,"< | ||
- | *.* @graylog.example.org: | ||
- | </ | ||
- | |||
- | :!: **HINWEIS** - Der einzige Unterschied zwischen **UDP** und TCP ist die Konfiguration @ anstelle von @@ bei der Ziel-Beschreibung. | ||
- | |||
- | Alternativ beherrscht [[http:// | ||
- | |||
- | **__UDP (RSYSLOG_SyslogProtocol23Format): | ||
- | <code ini> | ||
- | *.* @graylog.example.org: | ||
- | </ | ||
- | |||
- | ===== Konfiguration: | ||
- | |||
- | Die Konfiguration von [[http:// | ||
- | |||
- | Nachfolgende Konfigurationen bewegt [[http:// | ||
- | |||
- | __TCP:__ (:!: **__Nur__ bis [[https:// | ||
- | <code ini> | ||
- | $template GRAYLOGRFC5424,"< | ||
- | *.* @@graylog.example.org: | ||
- | </ | ||
- | |||
- | :!: **HINWEIS** - Der einzige Unterschied zwischen **UDP** und TCP ist die Konfiguration @ anstelle von @@ bei der Ziel-Beschreibung. | ||
- | |||
- | Alternativ beherrscht [[http:// | ||
- | |||
- | __TCP (RSYSLOG_SyslogProtocol23Format): | ||
- | <code ini> | ||
- | *.* @@graylog.example.org: | ||
- | </ | ||
- | |||
- | ==== rsyslog TCP mit Client-Zertifikat ==== | ||
- | |||
- | Nachfolgende Konfiguration soll den Datenserver der LOG-Daten vom jeweils **lokalen** - [[http:// | ||
- | |||
- | Des weiteren soll damit auch gewährleistet werden, das sich nur **autorisierte** [[http:// | ||
- | |||
- | Um die beiden Punkte | ||
- | * **Verschlüsselte** LOG-Datenübertragung und | ||
- | * **Autorisierte** LOG-Datenübertragung | ||
- | realisieren zu können, ist es erforderlich entsprechend **Zertifikate** zu erstellen. | ||
- | |||
- | Nachfolgende **zusätzliche** Konfigurationen sind erforderlich, | ||
- | |||
- | Dazu sollen mit nachfolgenden Befehl in nachfolgendem Verzeichnis | ||
- | * ''/ | ||
- | die folgenden Verzeichnisse erstellt werden | ||
- | * ''/ | ||
- | * ''/ | ||
- | * ''/ | ||
- | < | ||
- | # mkdir -p / | ||
- | </ | ||
- | |||
- | Ob die Verzeichnisse korrekt erstellt wurden, kann mit nachfolgendem Befehl überprüft werden: | ||
- | < | ||
- | # ll / | ||
- | / | ||
- | total 0 | ||
- | |||
- | / | ||
- | total 0 | ||
- | </ | ||
- | |||
- | Jetzt müssen jeweils ein | ||
- | * ''/ | ||
- | * ''/ | ||
- | * ''/ | ||
- | in das gerade eben neu erstellte Verzeichnis, | ||
- | < | ||
- | # scp / | ||
- | graylog-ca-crt.pem | ||
- | </ | ||
- | < | ||
- | # scp / | ||
- | graylog-vml70010.idmz.tachtler.net-crt.pem | ||
- | </ | ||
- | < | ||
- | # scp / | ||
- | graylog-vml70010.idmz.tachtler.net-key.pem | ||
- | </ | ||
- | |||
- | ==== / | ||
- | |||
- | Nachfolgende Änderungen bzw. Ergänzungen sind erforderlich, | ||
- | |||
- | (**Nur relevante Ausschnitte**): | ||
- | |||
- | <code ini> | ||
- | #### MODULES #### | ||
- | |||
- | # Tachtler - TLS - | ||
- | $DefaultNetstreamDriver gtls | ||
- | $DefaultNetstreamDriverCAFile / | ||
- | $DefaultNetstreamDriverCertFile / | ||
- | $DefaultNetstreamDriverKeyFile / | ||
- | |||
- | </ | ||
- | <code ini> | ||
- | #### RULES #### | ||
- | |||
- | # Tachtler - TLS - | ||
- | # Write all Log-Information to graylog | ||
- | #$template GRAYLOGRFC5424,"< | ||
- | #*.* | ||
- | *.* | ||
- | </ | ||
- | <code ini> | ||
- | #### RULES #### | ||
- | |||
- | # Tachtler - TLS - | ||
- | $ActionSendStreamDriverAuthMode x509/name | ||
- | $ActionSendStreamDriverPermittedPeer vml70110.idmz.tachtler.net | ||
- | $ActionSendStreamDriverMode 1 | ||
- | </ | ||
- | |||
- | ===== Einrichtung: | ||
- | |||
- | ==== Dashboard: Meldungen der letzten 24-Stunden ==== | ||
- | |||
- | Nachfolgend soll die Einrichtung eines " | ||
- | * von **vorgestern Mitternacht** | ||
- | * bis **gestern Mitternacht** | ||
- | gemeint sind. | ||
- | |||
- | Nach dem drücken der **Schaltfläche [Create dashboard]** können in dem sich öffnenden Dialogfenster, | ||
- | * Title: **Meldungen der letzten 24-Stunden** | ||
- | * Description: | ||
- | anschließend ist die **Schaltfläche [Save]** zu drücken. | ||
- | |||
- | Nachfolgendes " | ||
- | |||
- | {{: | ||
- | |||
- | === Dashboard: Meldungen der letzten 24-Stunden - Widget: Meldungen gesamt === | ||
- | |||
- | Als erstes **" | ||
- | ^ Beispiel | ||
- | | {{: | ||
- | | ::: | '' | ||
- | | ::: | '' | ||
- | | ::: | '' | ||
- | | ::: | '' | ||
- | | ::: | '' | ||
- | | ::: | '' | ||
- | | ::: | '' | ||
- | | ::: | '' | ||
- | | ::: | '' | ||
- | | ::: | '' | ||
- | |||
- | === Dashboard: Meldungen der letzten 24-Stunden - Widget: Gesamt Meldungen === | ||
- | |||
- | Als zweites **" | ||
- | ^ Beispiel | ||
- | | {{: | ||
- | | ::: | '' | ||
- | | ::: | '' | ||
- | | ::: | '' | ||
- | | ::: | '' | ||
- | | ::: | '' | ||
- | | ::: | '' | ||
- | |||
- | === Dashboard: Meldungen der letzten 24-Stunden - Widget: Problem Meldungen === | ||
- | |||
- | Als drittes **" | ||
- | ^ Beispiel | ||
- | | {{: | ||
- | | ::: | '' | ||
- | | ::: | '' | ||
- | | ::: | '' | ||
- | | ::: | '' | ||
- | | ::: | '' | ||
- | | ::: | '' | ||
- | |||