Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- tachtler:graylog [2018/05/04 10:53] – [TLS: Client-Zertifikat erstellen] klaus
+++ tachtler:graylog [Unbekanntes Datum] (aktuell) – gelöscht - Externe Bearbeitung (Unbekanntes Datum) 127.0.0.1
@@ Zeile 1: / Zeile 1: @@
-====== graylog ======
-[[https://www.graylog.org/|{{:tachtler:index:graylog-48x48.png }}]] [[https://www.graylog.org/|Graylog]] ist eine vollständig integrierte **Open-Source** Protokoll-Management-Plattform für die Erfassung, Indizierung und Analyse von strukturierten und unstrukturierten Daten aus nahezu jeder Quelle. [[https://www.graylog.org/|Graylog]] benötigt nachfolgende **externe Komponenten**:
-  * [[https://www.mongodb.com/de|MongoDB]] zur Speicherung von **Metadaten**
-  * [[https://www.elastic.co/de/|Elasticsearch]] zur **Log-Datei Speicherung** und **Textsuche**
-^ Beschreibung  ^ Externer Link                                                                   ^
-| Homepage      | [[https://www.graylog.org/]]                                                    |
-| Dokumentation | [[http://docs.graylog.org/en/1.2/]]                                             |
-| Download      | [[https://www.graylog.org/download-graylog/]]                                   |
-Ab hier werden zur Ausführung nachfolgender Befehle **''root''**-Rechte benötigt. Um der Benutzer ''root'' zu werden, melden Sie sich bitte als ''root''-Benutzer am System an, oder wechseln mit nachfolgendem Befehl zum Benutzer ''root'':
-<code>
-$ su -
-Password:
-</code>
-===== Voraussetzungen =====
-Nachfolgende Voraussetzungen müssen **__vor__** der Installation von [[https://www.graylog.org/|Graylog]] erfüllt sein, damit [[https://www.graylog.org/|Graylog]] betrieben werden kann:
-  * Installiertes JAVA z.B. OpenJDK **ab der Version 1.7.0**
-  * Lauffähiger Datenbank-Server [[https://www.mongodb.com/de|MongoDB]] **ab der Version 2.0** oder höher
-  * Lauffähiger Such-Server [[https://www.elastic.co/de/|Elasticsearch]] **ab der Version 1.7.x**
-===== Vorbereitung =====
-Zur Installation von [[https://www.graylog.org/|Graylog]] als **''rpm''**-Paket, müssen nachfolgende Repositories genutzt bzw. eingebunden werden:
-  * Installation von OpenJDK
-    * [[http://centos.org|CentOS]]-Repository
-  * Installation von [[https://www.mongodb.com/de|MongoDB]]
-    * [[https://fedoraproject.org/wiki/EPEL|EPEL]]-Repository
-  * Installation von [[https://www.elastic.co/de/|Elasticsearch]]
-    * [[https://download.elastic.co/elasticsearch/elasticsearch/elasticsearch-1.7.3.noarch.rpm|Elasticsearch Download RPM]]
-  * Installation von [[https://www.graylog.org/|Graylog]]
-    * [[https://packages.graylog2.org/repo/packages/graylog-1.2-repository-el7_latest.rpm|graylog für CentOS-7]]-Repository
-Die Einbindung der einzelnen Repositories wird nachfolgend beschrieben:
-  * [[https://fedoraproject.org/wiki/EPEL|EPEL]]-Repository
-  * [[https://www.elastic.co/de/|Elasticsearch]]
-  * [[https://www.graylog.org/|Graylog]]
-==== Repository: EPEL ====
-Nachfolgende Beschreibung bindet das Drittanbieter-Repository von [[https://fedoraproject.org/wiki/EPEL|EPEL]] ein, damit darüber die Installation von [[https://www.mongodb.com/de|MongoDB]] erfolgen kann.
-  * **Siehe nachfolgenden internen Link: [[tachtler:epel_centos_7|EPEL CentOS 7]]**
-:!: **HINWEIS** - Auf das Einbinden des eigenen [[https://www.mongodb.com/de|MongoDB]]-Repositorys soll hier verzichtet werden, da bei dem [[https://www.mongodb.com/de|MongoDB]]-Repository keine Unterstützung für **''systemd''** unter [[http://www.centos.org|CentOS]] in der **Version 7.x** gegeben ist und sich Änderungen im Bereich der Daemon/Dienst-Starts ab [[https://www.mongodb.com/de|MongoDB]] in der **Version 3.0.7** ergeben haben!
-==== Repository: Elasticsearch ====
-Nachfolgende Beschreibung bindet das Drittanbieter-Repository von [[https://www.elastic.co/de/|Elasticsearch]] ein, damit darüber die Installation von [[https://www.elastic.co/de/|Elasticsearch]] erfolgen kann.
-Mit nachfolgendem Befehl muss in nachfolgendem Verzeichnis mit nachfolgendem Namen eine Konfigurationsdatei erstellt werden
-  * ''/etc/yum.repos.d/elasticsearch.repo''
-<code>
-# touch /etc/yum.repos.d/elasticsearch.repo
-</code>
-welche nachfolgenden Inhalt aufweisen sollte:
-<code>
-[elasticsearch-1.7]
-name=Elasticsearch repository for 1.7.x packages
-baseurl=http://packages.elastic.co/elasticsearch/1.7/centos
-gpgcheck=1
-gpgkey=http://packages.elastic.co/GPG-KEY-elasticsearch
-enabled=1
-</code>
-Zur Absicherung der Installation aus den richtigen Quellen, sollte mit nachfolgendem Befehl der **GPG-Schlüssel** heruntergeladen werden
-<code>
-# wget -P /etc/pki/rpm-gpg https://packages.elastic.co/GPG-KEY-elasticsearch
---2015-11-03 09:52:08--  https://packages.elastic.co/GPG-KEY-elasticsearch
-Resolving packages.elastic.co (packages.elastic.co)... 107.22.245.230, 184.73.233.109, 204.236.238.177, ...
-Connecting to packages.elastic.co (packages.elastic.co)|107.22.245.230|:443... connected.
-HTTP request sent, awaiting response... 200 OK
-Length: 1768 (1.7K) [binary/octet-stream]
-Saving to: ‘/etc/pki/rpm-gpg/GPG-KEY-elasticsearch’
-%[======================================>] 1,768       --.-K/s   in 0s
--11-03 09:52:10 (134 MB/s) - ‘/etc/pki/rpm-gpg/GPG-KEY-elasticsearch’ saved [1768/1768]
-</code>
-und anschließend mit nachfolgendem Befehl **importiert** werden
-<code>
-# rpm --import /etc/pki/rpm-gpg/GPG-KEY-elasticsearch
-</code>
-* //Es erfolgt keine Ausgabe, falls der Befehl __ohne__ Fehler ausgeführt wurde!//
-Anschließend sollten gespeicherte Informationen über die Installationsquellen zurückgesetzt werden, indem nachfolgender Befehl diese Informationen löscht:
-<code>
-# yum clean all
-Loaded plugins: changelog, priorities
-Cleaning repos: base elasticsearch-1.7 epel extras updates
-Cleaning up everything
-</code>
-Eine Überprüfung mit nachfolgendem Befehl, sollte die korrekte Einbindung des Repositorys bestätigen und in etwa eine Ausgabe wie die nachfolgende zur Anzeige bringen:
-<code>
-# yum list elasticsearch
-Loaded plugins: changelog, priorities
-packages excluded due to repository priority protections
-Available Packages
-elasticsearch.noarch               1.7.3-1                  elasticsearch-1.7
-</code>
-==== Repository: graylog ====
-Nachfolgende Beschreibung bindet das Drittanbieter-Repository von [[https://www.graylog.org/|Graylog]] ein, damit darüber die Installation von [[https://www.graylog.org/|Graylog]] erfolgen kann.
-Zur Installation des Drittanbieter-Repositorys von [[https://www.graylog.org/|Graylog]] kann eine **''rpm''**-Paket mit nachfolgendem Befehl heruntergeladen werden:
-<code>
-# wget -P /tmp https://packages.graylog2.org/repo/packages/graylog-1.2-repository-el7_latest.rpm
---2015-11-03 11:51:41--  https://packages.graylog2.org/repo/packages/graylog-1.2-repository-el7_latest.rpm
-Resolving packages.graylog2.org (packages.graylog2.org)... 54.247.96.254
-Connecting to packages.graylog2.org (packages.graylog2.org)|54.247.96.254|:443... connected.
-HTTP request sent, awaiting response... 302 Found
-Location: https://graylog2-package-repository.s3.amazonaws.com/packages/graylog-1.2-repository-el7_latest.rpm?AWSAccessKeyId=AKIAIJSI6MCSPXFVDPIA&Expires=1446548501&Signature=5ynJzKX5n4lsNRqCpWfzl4K33AY%3D [following]
---2015-11-03 11:51:41--  https://graylog2-package-repository.s3.amazonaws.com/packages/graylog-1.2-repository-el7_latest.rpm?AWSAccessKeyId=AKIAIJSI6MCSPXFVDPIA&Expires=1446548501&Signature=5ynJzKX5n4lsNRqCpWfzl4K33AY%3D
-Resolving graylog2-package-repository.s3.amazonaws.com (graylog2-package-repository.s3.amazonaws.com)... 54.231.129.48
-Connecting to graylog2-package-repository.s3.amazonaws.com (graylog2-package-repository.s3.amazonaws.com)|54.231.129.48|:443... connected.
-HTTP request sent, awaiting response... 200 OK
-Length: 3108 (3.0K) [application/x-rpm]
-Saving to: ‘/tmp/graylog-1.2-repository-el7_latest.rpm’
-%[======================================>] 3,108       --.-K/s   in 0.001s
--11-03 11:51:41 (3.28 MB/s) - ‘/tmp/graylog-1.2-repository-el7_latest.rpm’ saved [3108/3108]
-</code>
-Das soeben heruntergeladene **''rpm''**-Paket **''graylog-1.2-repository-el7_latest.rpm''** kann dann mit nachfolgendem Befehl installiert werden:
-<code>
-# yum localinstall /tmp/graylog-1.2-repository-el7_latest.rpm
-Loaded plugins: changelog, priorities
-Examining /tmp/graylog-1.2-repository-el7_latest.rpm: graylog-1.2-repository-el7-1.2.0-4.noarch
-Marking /tmp/graylog-1.2-repository-el7_latest.rpm to be installed
-Resolving Dependencies
---> Running transaction check
----> Package graylog-1.2-repository-el7.noarch 0:1.2.0-4 will be installed
---> Finished Dependency Resolution
-Changes in packages about to be updated:
-Dependencies Resolved
-================================================================================
- Package                Arch   Version Repository                          Size
-================================================================================
-Installing:
- graylog-1.2-repository-el7
-                        noarch 1.2.0-4 /graylog-1.2-repository-el7_latest 1.1 k
-Transaction Summary
-================================================================================
-Install  1 Package
-Total size: 1.1 k
-Installed size: 1.1 k
-Is this ok [y/d/N]: y
-Downloading packages:
-Running transaction check
-Running transaction test
-Transaction test succeeded
-Running transaction
-  Installing : graylog-1.2-repository-el7-1.2.0-4.noarch                    1/1
-  Verifying  : graylog-1.2-repository-el7-1.2.0-4.noarch                    1/1
-Installed:
-  graylog-1.2-repository-el7.noarch 0:1.2.0-4
-Complete!
-</code>
-Der Inhalt des **''rpm''**-Pakets - **''graylog-1.2-repository-el7.noarch''** kann mit nachfolgendem Befehl zur Ansicht gebracht werden:
-<code>
-# rpm -qil graylog-1.2-repository-el7.noarch
-Name        : graylog-1.2-repository-el7
-Version     : 1.2.0
-Release     : 4
-Architecture: noarch
-Install Date: Tue 03 Nov 2015 11:54:16 AM CET
-Group       : optional
-Size        : 1096
-License     : GPLv3
-Signature   : (none)
-Source RPM  : graylog-1.2-repository-el7-1.2.0-4.src.rpm
-Build Date  : Mon 26 Oct 2015 05:49:46 PM CET
-Build Host  : eda1ecbf991f
-Relocations : /
-Packager    : Graylog, Inc. <hello@graylog.org>
-Vendor      : graylog
-URL         : https://www.graylog.org/
-Summary     : Package to install Graylog 1.2 GPG key and repository
-Description :
-Package to install Graylog 1.2 GPG key and repository
-/etc/pki/rpm-gpg/RPM-GPG-KEY-graylog
-/etc/yum.repos.d/graylog.repo
-</code>
-Zur Absicherung der Installation aus den richtigen Quellen, sollte mit nachfolgendem Befehl der **GPG-Schlüssel** nun **importiert** werden
-<code>
-# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-graylog
-</code>
-* //Es erfolgt keine Ausgabe, falls der Befehl __ohne__ Fehler ausgeführt wurde!//
-Anschließend sollten gespeicherte Informationen über die Installationsquellen zurückgesetzt werden, indem nachfolgender Befehl diese Informationen löscht:
-<code>
-# yum clean all
-Loaded plugins: changelog, priorities
-Cleaning repos: base elasticsearch-2.0 epel extras graylog updates
-Cleaning up everything
-</code>
-Eine Überprüfung mit nachfolgendem Befehl, sollte die korrekte Einbindung des Repositorys bestätigen und in etwa eine Ausgabe wie die nachfolgende zur Anzeige bringen:
-<code>
-# yum list graylog-server graylog-web
-Loaded plugins: changelog, priorities
-packages excluded due to repository priority protections
-Available Packages
-graylog-server.noarch                      1.2.2-1                       graylog
-graylog-web.noarch                         1.2.2-1                       graylog
-</code>
-===== Installation: OpenJDK =====
-Mit nachfolgendem Befehl, kann das ''rpm''-Paket - **''java-1.8.0-openjdk''** installiert werden:
-<code>
-# yum install java-1.8.0-openjdk
-Loaded plugins: changelog, priorities
-packages excluded due to repository priority protections
-Resolving Dependencies
---> Running transaction check
----> Package java-1.8.0-openjdk.x86_64 1:1.8.0.65-2.b17.el7_1 will be installed
---> Processing Dependency: java-1.8.0-openjdk-headless = 1:1.8.0.65-2.b17.el7_1 for package: 1:java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64
---> Processing Dependency: xorg-x11-fonts-Type1 for package: 1:java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64
---> Processing Dependency: libpng15.so.15(PNG15_0)(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64
---> Processing Dependency: libjvm.so(SUNWprivate_1.1)(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64
---> Processing Dependency: libjpeg.so.62(LIBJPEG_6.2)(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64
---> Processing Dependency: libjli.so(SUNWprivate_1.1)(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64
---> Processing Dependency: libjava.so(SUNWprivate_1.1)(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64
---> Processing Dependency: fontconfig for package: 1:java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64
---> Processing Dependency: libpng15.so.15()(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64
---> Processing Dependency: libjvm.so()(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64
---> Processing Dependency: libjpeg.so.62()(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64
---> Processing Dependency: libjli.so()(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64
---> Processing Dependency: libjava.so()(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64
---> Processing Dependency: libgif.so.4()(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64
---> Processing Dependency: libawt.so()(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64
---> Processing Dependency: libXtst.so.6()(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64
---> Processing Dependency: libXrender.so.1()(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64
---> Processing Dependency: libXi.so.6()(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64
---> Processing Dependency: libXext.so.6()(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64
---> Processing Dependency: libX11.so.6()(64bit) for package: 1:java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64
---> Running transaction check
----> Package fontconfig.x86_64 0:2.10.95-7.el7 will be installed
---> Processing Dependency: fontpackages-filesystem for package: fontconfig-2.10.95-7.el7.x86_64
----> Package giflib.x86_64 0:4.1.6-9.el7 will be installed
---> Processing Dependency: libSM.so.6()(64bit) for package: giflib-4.1.6-9.el7.x86_64
---> Processing Dependency: libICE.so.6()(64bit) for package: giflib-4.1.6-9.el7.x86_64
----> Package java-1.8.0-openjdk-headless.x86_64 1:1.8.0.65-2.b17.el7_1 will be installed
---> Processing Dependency: tzdata-java for package: 1:java-1.8.0-openjdk-headless-1.8.0.65-2.b17.el7_1.x86_64
---> Processing Dependency: jpackage-utils for package: 1:java-1.8.0-openjdk-headless-1.8.0.65-2.b17.el7_1.x86_64
----> Package libX11.x86_64 0:1.6.0-2.1.el7 will be installed
---> Processing Dependency: libX11-common = 1.6.0-2.1.el7 for package: libX11-1.6.0-2.1.el7.x86_64
---> Processing Dependency: libxcb.so.1()(64bit) for package: libX11-1.6.0-2.1.el7.x86_64
----> Package libXext.x86_64 0:1.3.2-2.1.el7 will be installed
----> Package libXi.x86_64 0:1.7.2-2.1.el7 will be installed
----> Package libXrender.x86_64 0:0.9.8-2.1.el7 will be installed
----> Package libXtst.x86_64 0:1.2.2-2.1.el7 will be installed
----> Package libjpeg-turbo.x86_64 0:1.2.90-5.el7 will be installed
----> Package libpng.x86_64 2:1.5.13-5.el7 will be installed
----> Package xorg-x11-fonts-Type1.noarch 0:7.5-9.el7 will be installed
---> Processing Dependency: ttmkfdir for package: xorg-x11-fonts-Type1-7.5-9.el7.noarch
---> Processing Dependency: ttmkfdir for package: xorg-x11-fonts-Type1-7.5-9.el7.noarch
---> Processing Dependency: mkfontdir for package: xorg-x11-fonts-Type1-7.5-9.el7.noarch
---> Processing Dependency: mkfontdir for package: xorg-x11-fonts-Type1-7.5-9.el7.noarch
---> Running transaction check
----> Package fontpackages-filesystem.noarch 0:1.44-8.el7 will be installed
----> Package javapackages-tools.noarch 0:3.4.1-6.el7_0 will be installed
---> Processing Dependency: python-javapackages = 3.4.1-6.el7_0 for package: javapackages-tools-3.4.1-6.el7_0.noarch
---> Processing Dependency: libxslt for package: javapackages-tools-3.4.1-6.el7_0.noarch
----> Package libICE.x86_64 0:1.0.8-7.el7 will be installed
----> Package libSM.x86_64 0:1.2.1-7.el7 will be installed
----> Package libX11-common.noarch 0:1.6.0-2.1.el7 will be installed
----> Package libxcb.x86_64 0:1.9-5.el7 will be installed
---> Processing Dependency: libXau.so.6()(64bit) for package: libxcb-1.9-5.el7.x86_64
----> Package ttmkfdir.x86_64 0:3.0.9-41.el7 will be installed
----> Package tzdata-java.noarch 0:2015g-1.el7 will be installed
----> Package xorg-x11-font-utils.x86_64 1:7.5-18.1.el7 will be installed
---> Processing Dependency: libfontenc.so.1()(64bit) for package: 1:xorg-x11-font-utils-7.5-18.1.el7.x86_64
---> Processing Dependency: libXfont.so.1()(64bit) for package: 1:xorg-x11-font-utils-7.5-18.1.el7.x86_64
---> Running transaction check
----> Package libXau.x86_64 0:1.0.8-2.1.el7 will be installed
----> Package libXfont.x86_64 0:1.4.7-3.el7_1 will be installed
----> Package libfontenc.x86_64 0:1.1.1-5.el7 will be installed
----> Package libxslt.x86_64 0:1.1.28-5.el7 will be installed
----> Package python-javapackages.noarch 0:3.4.1-6.el7_0 will be installed
---> Processing Dependency: python-lxml for package: python-javapackages-3.4.1-6.el7_0.noarch
---> Running transaction check
----> Package python-lxml.x86_64 0:3.2.1-4.el7 will be installed
---> Finished Dependency Resolution
-Changes in packages about to be updated:
-Dependencies Resolved
-================================================================================
- Package                      Arch    Version                    Repository
-                                                                           Size
-================================================================================
-Installing:
- java-1.8.0-openjdk           x86_64  1:1.8.0.65-2.b17.el7_1     updates  214 k
-Installing for dependencies:
- fontconfig                   x86_64  2.10.95-7.el7              base     228 k
- fontpackages-filesystem      noarch  1.44-8.el7                 base     9.9 k
- giflib                       x86_64  4.1.6-9.el7                base      40 k
- java-1.8.0-openjdk-headless  x86_64  1:1.8.0.65-2.b17.el7_1     updates   31 M
- javapackages-tools           noarch  3.4.1-6.el7_0              base      72 k
- libICE                       x86_64  1.0.8-7.el7                base      63 k
- libSM                        x86_64  1.2.1-7.el7                base      38 k
- libX11                       x86_64  1.6.0-2.1.el7              base     605 k
- libX11-common                noarch  1.6.0-2.1.el7              base     181 k
- libXau                       x86_64  1.0.8-2.1.el7              base      29 k
- libXext                      x86_64  1.3.2-2.1.el7              base      38 k
- libXfont                     x86_64  1.4.7-3.el7_1              updates  145 k
- libXi                        x86_64  1.7.2-2.1.el7              base      39 k
- libXrender                   x86_64  0.9.8-2.1.el7              base      25 k
- libXtst                      x86_64  1.2.2-2.1.el7              base      20 k
- libfontenc                   x86_64  1.1.1-5.el7                base      29 k
- libjpeg-turbo                x86_64  1.2.90-5.el7               base     134 k
- libpng                       x86_64  2:1.5.13-5.el7             base     212 k
- libxcb                       x86_64  1.9-5.el7                  base     169 k
- libxslt                      x86_64  1.1.28-5.el7               base     242 k
- python-javapackages          noarch  3.4.1-6.el7_0              base      31 k
- python-lxml                  x86_64  3.2.1-4.el7                base     758 k
- ttmkfdir                     x86_64  3.0.9-41.el7               base      47 k
- tzdata-java                  noarch  2015g-1.el7                updates  176 k
- xorg-x11-font-utils          x86_64  1:7.5-18.1.el7             base      87 k
- xorg-x11-fonts-Type1         noarch  7.5-9.el7                  base     521 k
-Transaction Summary
-================================================================================
-Install  1 Package (+26 Dependent packages)
-Total download size: 35 M
-Installed size: 114 M
-Is this ok [y/d/N]: y
-Downloading packages:
-(1/27): fontpackages-filesystem-1.44-8.el7.noarch.rpm      | 9.9 kB   00:00
-(2/27): fontconfig-2.10.95-7.el7.x86_64.rpm                | 228 kB   00:00
-(3/27): giflib-4.1.6-9.el7.x86_64.rpm                      |  40 kB   00:00
-(4/27): javapackages-tools-3.4.1-6.el7_0.noarch.rpm        |  72 kB   00:00
-(5/27): libSM-1.2.1-7.el7.x86_64.rpm                       |  38 kB   00:00
-(6/27): libICE-1.0.8-7.el7.x86_64.rpm                      |  63 kB   00:00
-(7/27): libX11-1.6.0-2.1.el7.x86_64.rpm                    | 605 kB   00:00
-(8/27): libX11-common-1.6.0-2.1.el7.noarch.rpm             | 181 kB   00:00
-(9/27): libXau-1.0.8-2.1.el7.x86_64.rpm                    |  29 kB   00:00
-(10/27): java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64.rp | 214 kB   00:00
-(11/27): libXext-1.3.2-2.1.el7.x86_64.rpm                  |  38 kB   00:00
-(12/27): libXfont-1.4.7-3.el7_1.x86_64.rpm                 | 145 kB   00:00
-(13/27): libXi-1.7.2-2.1.el7.x86_64.rpm                    |  39 kB   00:00
-(14/27): libXrender-0.9.8-2.1.el7.x86_64.rpm               |  25 kB   00:00
-(15/27): libXtst-1.2.2-2.1.el7.x86_64.rpm                  |  20 kB   00:00
-(16/27): libfontenc-1.1.1-5.el7.x86_64.rpm                 |  29 kB   00:00
-(17/27): java-1.8.0-openjdk-headless-1.8.0.65-2.b17.el7_1. |  31 MB   00:01
-(18/27): libpng-1.5.13-5.el7.x86_64.rpm                    | 212 kB   00:00
-(19/27): libjpeg-turbo-1.2.90-5.el7.x86_64.rpm             | 134 kB   00:00
-(20/27): libxcb-1.9-5.el7.x86_64.rpm                       | 169 kB   00:00
-(21/27): python-javapackages-3.4.1-6.el7_0.noarch.rpm      |  31 kB   00:00
-(22/27): python-lxml-3.2.1-4.el7.x86_64.rpm                | 758 kB   00:00
-(23/27): ttmkfdir-3.0.9-41.el7.x86_64.rpm                  |  47 kB   00:00
-(24/27): xorg-x11-font-utils-7.5-18.1.el7.x86_64.rpm       |  87 kB   00:00
-(25/27): xorg-x11-fonts-Type1-7.5-9.el7.noarch.rpm         | 521 kB   00:00
-(26/27): libxslt-1.1.28-5.el7.x86_64.rpm                   | 242 kB   00:00
-(27/27): tzdata-java-2015g-1.el7.noarch.rpm                | 176 kB   00:00
---------------------------------------------------------------------------------
-Total                                               16 MB/s |  35 MB  00:02
-Running transaction check
-Running transaction test
-Transaction test succeeded
-Running transaction
-  Installing : libfontenc-1.1.1-5.el7.x86_64                               1/27
-  Installing : libICE-1.0.8-7.el7.x86_64                                   2/27
-  Installing : libxslt-1.1.28-5.el7.x86_64                                 3/27
-  Installing : libjpeg-turbo-1.2.90-5.el7.x86_64                           4/27
-  Installing : python-lxml-3.2.1-4.el7.x86_64                              5/27
-  Installing : python-javapackages-3.4.1-6.el7_0.noarch                    6/27
-  Installing : javapackages-tools-3.4.1-6.el7_0.noarch                     7/27
-  Installing : libSM-1.2.1-7.el7.x86_64                                    8/27
-  Installing : libXfont-1.4.7-3.el7_1.x86_64                               9/27
-  Installing : 1:xorg-x11-font-utils-7.5-18.1.el7.x86_64                  10/27
-  Installing : libXau-1.0.8-2.1.el7.x86_64                                11/27
-  Installing : libxcb-1.9-5.el7.x86_64                                    12/27
-  Installing : ttmkfdir-3.0.9-41.el7.x86_64                               13/27
-  Installing : 2:libpng-1.5.13-5.el7.x86_64                               14/27
-  Installing : fontpackages-filesystem-1.44-8.el7.noarch                  15/27
-  Installing : fontconfig-2.10.95-7.el7.x86_64                            16/27
-  Installing : xorg-x11-fonts-Type1-7.5-9.el7.noarch                      17/27
-  Installing : tzdata-java-2015g-1.el7.noarch                             18/27
-  Installing : 1:java-1.8.0-openjdk-headless-1.8.0.65-2.b17.el7_1.x86_6   19/27
-  Installing : libX11-common-1.6.0-2.1.el7.noarch                         20/27
-  Installing : libX11-1.6.0-2.1.el7.x86_64                                21/27
-  Installing : libXext-1.3.2-2.1.el7.x86_64                               22/27
-  Installing : libXi-1.7.2-2.1.el7.x86_64                                 23/27
-  Installing : libXtst-1.2.2-2.1.el7.x86_64                               24/27
-  Installing : giflib-4.1.6-9.el7.x86_64                                  25/27
-  Installing : libXrender-0.9.8-2.1.el7.x86_64                            26/27
-  Installing : 1:java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64           27/27
-  Verifying  : giflib-4.1.6-9.el7.x86_64                                   1/27
-  Verifying  : libjpeg-turbo-1.2.90-5.el7.x86_64                           2/27
-  Verifying  : libX11-common-1.6.0-2.1.el7.noarch                          3/27
-  Verifying  : libXtst-1.2.2-2.1.el7.x86_64                                4/27
-  Verifying  : python-lxml-3.2.1-4.el7.x86_64                              5/27
-  Verifying  : 1:xorg-x11-font-utils-7.5-18.1.el7.x86_64                   6/27
-  Verifying  : tzdata-java-2015g-1.el7.noarch                              7/27
-  Verifying  : fontpackages-filesystem-1.44-8.el7.noarch                   8/27
-  Verifying  : libXi-1.7.2-2.1.el7.x86_64                                  9/27
-  Verifying  : 2:libpng-1.5.13-5.el7.x86_64                               10/27
-  Verifying  : 1:java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64           11/27
-  Verifying  : libXrender-0.9.8-2.1.el7.x86_64                            12/27
-  Verifying  : javapackages-tools-3.4.1-6.el7_0.noarch                    13/27
-  Verifying  : libxcb-1.9-5.el7.x86_64                                    14/27
-  Verifying  : 1:java-1.8.0-openjdk-headless-1.8.0.65-2.b17.el7_1.x86_6   15/27
-  Verifying  : python-javapackages-3.4.1-6.el7_0.noarch                   16/27
-  Verifying  : xorg-x11-fonts-Type1-7.5-9.el7.noarch                      17/27
-  Verifying  : ttmkfdir-3.0.9-41.el7.x86_64                               18/27
-  Verifying  : libxslt-1.1.28-5.el7.x86_64                                19/27
-  Verifying  : libICE-1.0.8-7.el7.x86_64                                  20/27
-  Verifying  : libSM-1.2.1-7.el7.x86_64                                   21/27
-  Verifying  : libX11-1.6.0-2.1.el7.x86_64                                22/27
-  Verifying  : libXfont-1.4.7-3.el7_1.x86_64                              23/27
-  Verifying  : libfontenc-1.1.1-5.el7.x86_64                              24/27
-  Verifying  : libXau-1.0.8-2.1.el7.x86_64                                25/27
-  Verifying  : libXext-1.3.2-2.1.el7.x86_64                               26/27
-  Verifying  : fontconfig-2.10.95-7.el7.x86_64                            27/27
-Installed:
-  java-1.8.0-openjdk.x86_64 1:1.8.0.65-2.b17.el7_1
-Dependency Installed:
-  fontconfig.x86_64 0:2.10.95-7.el7
-  fontpackages-filesystem.noarch 0:1.44-8.el7
-  giflib.x86_64 0:4.1.6-9.el7
-  java-1.8.0-openjdk-headless.x86_64 1:1.8.0.65-2.b17.el7_1
-  javapackages-tools.noarch 0:3.4.1-6.el7_0
-  libICE.x86_64 0:1.0.8-7.el7
-  libSM.x86_64 0:1.2.1-7.el7
-  libX11.x86_64 0:1.6.0-2.1.el7
-  libX11-common.noarch 0:1.6.0-2.1.el7
-  libXau.x86_64 0:1.0.8-2.1.el7
-  libXext.x86_64 0:1.3.2-2.1.el7
-  libXfont.x86_64 0:1.4.7-3.el7_1
-  libXi.x86_64 0:1.7.2-2.1.el7
-  libXrender.x86_64 0:0.9.8-2.1.el7
-  libXtst.x86_64 0:1.2.2-2.1.el7
-  libfontenc.x86_64 0:1.1.1-5.el7
-  libjpeg-turbo.x86_64 0:1.2.90-5.el7
-  libpng.x86_64 2:1.5.13-5.el7
-  libxcb.x86_64 0:1.9-5.el7
-  libxslt.x86_64 0:1.1.28-5.el7
-  python-javapackages.noarch 0:3.4.1-6.el7_0
-  python-lxml.x86_64 0:3.2.1-4.el7
-  ttmkfdir.x86_64 0:3.0.9-41.el7
-  tzdata-java.noarch 0:2015g-1.el7
-  xorg-x11-font-utils.x86_64 1:7.5-18.1.el7
-  xorg-x11-fonts-Type1.noarch 0:7.5-9.el7
-Complete!
-</code>
-Mit nachfolgendem Befehl kann überprüft werden, welche Inhalte mit den Paket **''java-1.8.0-openjdk''** installiert wurden.
-<code>
-# rpm -qil java-1.8.0-openjdk
-Name        : java-1.8.0-openjdk
-Epoch       : 1
-Version     : 1.8.0.65
-Release     : 2.b17.el7_1
-Architecture: x86_64
-Install Date: Tue 03 Nov 2015 12:08:57 PM CET
-Group       : Development/Languages
-Size        : 512647
-License     : ASL 1.1 and ASL 2.0 and GPL+ and GPLv2 and GPLv2 with exceptions and LGPL+ and LGPLv2 and MPLv1.0 and MPLv1.1 and Public Domain and W3C
-Signature   : RSA/SHA256, Thu 22 Oct 2015 01:12:20 AM CEST, Key ID 24c6a8a7f4a80eb5
-Source RPM  : java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.src.rpm
-Build Date  : Wed 21 Oct 2015 10:27:39 PM CEST
-Build Host  : worker1.bsys.centos.org
-Relocations : (not relocatable)
-Packager    : CentOS BuildSystem <http://bugs.centos.org>
-Vendor      : CentOS
-URL         : http://openjdk.java.net/
-Summary     : OpenJDK Runtime Environment
-Description :
-The OpenJDK runtime environment.
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64/jre/bin/policytool
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64/jre/lib/amd64/libawt_xawt.so
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64/jre/lib/amd64/libjawt.so
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64/jre/lib/amd64/libjsoundalsa.so
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64/jre/lib/amd64/libsplashscreen.so
-/usr/share/applications/java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64-policytool.desktop
-/usr/share/icons/hicolor/16x16/apps/java-1.8.0.png
-/usr/share/icons/hicolor/24x24/apps/java-1.8.0.png
-/usr/share/icons/hicolor/32x32/apps/java-1.8.0.png
-/usr/share/icons/hicolor/48x48/apps/java-1.8.0.png
-</code>
-* //Entscheidend sind hier die Abhängigkeiten !//
-Mit nachfolgendem Befehl kann nun überprüft werden, ob die Installation korrekt durchgeführt wurde:
-<code>
-# java -version
-openjdk version "1.8.0_65"
-OpenJDK Runtime Environment (build 1.8.0_65-b17)
-OpenJDK 64-Bit Server VM (build 25.65-b01, mixed mode)
-</code>
-bzw.
-<code>
-# alternatives --display java
-java - status is auto.
- link currently points to /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64/jre/bin/java
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64/jre/bin/java - priority 53
- slave jre: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64/jre
- slave jre_exports: /usr/lib/jvm-exports/jre-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64
- slave jjs: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64/jre/bin/jjs
- slave keytool: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64/jre/bin/keytool
- slave orbd: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64/jre/bin/orbd
- slave pack200: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64/jre/bin/pack200
- slave rmid: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64/jre/bin/rmid
- slave rmiregistry: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64/jre/bin/rmiregistry
- slave servertool: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64/jre/bin/servertool
- slave tnameserv: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64/jre/bin/tnameserv
- slave unpack200: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64/jre/bin/unpack200
- slave java.1.gz: /usr/share/man/man1/java-java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64.1.gz
- slave jjs.1.gz: /usr/share/man/man1/jjs-java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64.1.gz
- slave policytool: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64/jre/bin/policytool
- slave keytool.1.gz: /usr/share/man/man1/keytool-java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64.1.gz
- slave orbd.1.gz: /usr/share/man/man1/orbd-java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64.1.gz
- slave pack200.1.gz: /usr/share/man/man1/pack200-java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64.1.gz
- slave rmid.1.gz: /usr/share/man/man1/rmid-java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64.1.gz
- slave rmiregistry.1.gz: /usr/share/man/man1/rmiregistry-java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64.1.gz
- slave servertool.1.gz: /usr/share/man/man1/servertool-java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64.1.gz
- slave tnameserv.1.gz: /usr/share/man/man1/tnameserv-java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64.1.gz
- slave unpack200.1.gz: /usr/share/man/man1/unpack200-java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64.1.gz
-Current `best' version is /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.65-2.b17.el7_1.x86_64/jre/bin/java.
-</code>
-===== Installation: MongoDB =====
-Nachdem das **Drittanbieter-Repository**
-  * [[tachtler:epel_centos_7|EPEL CentOS 7]]
-erfolgreich eingebunden wurde, können mit nachfolgendem Befehl, die ''rpm''-Pakete - **''mongodb-server''** und **''mongodb''** installiert werden:
-<code>
-# yum install mongodb-server mongodb
-Loaded plugins: changelog, priorities
-packages excluded due to repository priority protections
-Resolving Dependencies
---> Running transaction check
----> Package mongodb.x86_64 0:2.6.11-1.el7 will be installed
---> Processing Dependency: v8 >= 3.14.5.10 for package: mongodb-2.6.11-1.el7.x86_64
---> Processing Dependency: libyaml-cpp.so.0.5()(64bit) for package: mongodb-2.6.11-1.el7.x86_64
---> Processing Dependency: libv8.so.3()(64bit) for package: mongodb-2.6.11-1.el7.x86_64
---> Processing Dependency: libtcmalloc.so.4()(64bit) for package: mongodb-2.6.11-1.el7.x86_64
---> Processing Dependency: libstemmer.so.0()(64bit) for package: mongodb-2.6.11-1.el7.x86_64
---> Processing Dependency: libpcap.so.1()(64bit) for package: mongodb-2.6.11-1.el7.x86_64
---> Processing Dependency: libboost_thread-mt.so.1.53.0()(64bit) for package: mongodb-2.6.11-1.el7.x86_64
---> Processing Dependency: libboost_system-mt.so.1.53.0()(64bit) for package: mongodb-2.6.11-1.el7.x86_64
---> Processing Dependency: libboost_program_options-mt.so.1.53.0()(64bit) for package: mongodb-2.6.11-1.el7.x86_64
---> Processing Dependency: libboost_filesystem-mt.so.1.53.0()(64bit) for package: mongodb-2.6.11-1.el7.x86_64
----> Package mongodb-server.x86_64 0:2.6.11-1.el7 will be installed
---> Running transaction check
----> Package boost-filesystem.x86_64 0:1.53.0-23.el7 will be installed
----> Package boost-program-options.x86_64 0:1.53.0-23.el7 will be installed
----> Package boost-system.x86_64 0:1.53.0-23.el7 will be installed
----> Package boost-thread.x86_64 0:1.53.0-23.el7 will be installed
----> Package gperftools-libs.x86_64 0:2.4-5.el7 will be installed
---> Processing Dependency: libunwind.so.8()(64bit) for package: gperftools-libs-2.4-5.el7.x86_64
----> Package libpcap.x86_64 14:1.5.3-4.el7_1.2 will be installed
----> Package libstemmer.x86_64 0:0-2.585svn.el7 will be installed
----> Package v8.x86_64 1:3.14.5.10-17.el7 will be installed
----> Package yaml-cpp.x86_64 0:0.5.1-6.el7 will be installed
---> Running transaction check
----> Package libunwind.x86_64 0:1.1-10.el7 will be installed
---> Finished Dependency Resolution
-Changes in packages about to be updated:
-Dependencies Resolved
-================================================================================
- Package                   Arch       Version                 Repository   Size
-================================================================================
-Installing:
- mongodb                   x86_64     2.6.11-1.el7            epel         43 M
- mongodb-server            x86_64     2.6.11-1.el7            epel        6.6 M
-Installing for dependencies:
- boost-filesystem          x86_64     1.53.0-23.el7           base         67 k
- boost-program-options     x86_64     1.53.0-23.el7           base        155 k
- boost-system              x86_64     1.53.0-23.el7           base         39 k
- boost-thread              x86_64     1.53.0-23.el7           base         56 k
- gperftools-libs           x86_64     2.4-5.el7               epel        279 k
- libpcap                   x86_64     14:1.5.3-4.el7_1.2      updates     137 k
- libstemmer                x86_64     0-2.585svn.el7          epel         67 k
- libunwind                 x86_64     1.1-10.el7              epel         63 k
- v8                        x86_64     1:3.14.5.10-17.el7      epel        3.0 M
- yaml-cpp                  x86_64     0.5.1-6.el7             epel        176 k
-Transaction Summary
-================================================================================
-Install  2 Packages (+10 Dependent packages)
-Total download size: 54 M
-Installed size: 165 M
-Is this ok [y/d/N]: y
-Downloading packages:
-(1/12): boost-filesystem-1.53.0-23.el7.x86_64.rpm          |  67 kB   00:00
-(2/12): boost-program-options-1.53.0-23.el7.x86_64.rpm     | 155 kB   00:00
-(3/12): boost-system-1.53.0-23.el7.x86_64.rpm              |  39 kB   00:00
-(4/12): boost-thread-1.53.0-23.el7.x86_64.rpm              |  56 kB   00:00
-(5/12): gperftools-libs-2.4-5.el7.x86_64.rpm               | 279 kB   00:00
-(6/12): libstemmer-0-2.585svn.el7.x86_64.rpm               |  67 kB   00:00
-(7/12): libunwind-1.1-10.el7.x86_64.rpm                    |  63 kB   00:00
-(8/12): libpcap-1.5.3-4.el7_1.2.x86_64.rpm                 | 137 kB   00:00
-(9/12): mongodb-server-2.6.11-1.el7.x86_64.rpm             | 6.6 MB   00:00
-(10/12): v8-3.14.5.10-17.el7.x86_64.rpm                    | 3.0 MB   00:00
-(11/12): yaml-cpp-0.5.1-6.el7.x86_64.rpm                   | 176 kB   00:00
-(12/12): mongodb-2.6.11-1.el7.x86_64.rpm                   |  43 MB   00:01
---------------------------------------------------------------------------------
-Total                                               29 MB/s |  54 MB  00:01
-Running transaction check
-Running transaction test
-Transaction test succeeded
-Running transaction
-  Installing : boost-system-1.53.0-23.el7.x86_64                           1/12
-  Installing : boost-filesystem-1.53.0-23.el7.x86_64                       2/12
-  Installing : boost-thread-1.53.0-23.el7.x86_64                           3/12
-  Installing : boost-program-options-1.53.0-23.el7.x86_64                  4/12
-  Installing : yaml-cpp-0.5.1-6.el7.x86_64                                 5/12
-  Installing : libstemmer-0-2.585svn.el7.x86_64                            6/12
-  Installing : 1:v8-3.14.5.10-17.el7.x86_64                                7/12
-  Installing : 14:libpcap-1.5.3-4.el7_1.2.x86_64                           8/12
-  Installing : libunwind-1.1-10.el7.x86_64                                 9/12
-  Installing : gperftools-libs-2.4-5.el7.x86_64                           10/12
-  Installing : mongodb-server-2.6.11-1.el7.x86_64                         11/12
-  Installing : mongodb-2.6.11-1.el7.x86_64                                12/12
-  Verifying  : boost-filesystem-1.53.0-23.el7.x86_64                       1/12
-  Verifying  : gperftools-libs-2.4-5.el7.x86_64                            2/12
-  Verifying  : 1:v8-3.14.5.10-17.el7.x86_64                                3/12
-  Verifying  : libunwind-1.1-10.el7.x86_64                                 4/12
-  Verifying  : 14:libpcap-1.5.3-4.el7_1.2.x86_64                           5/12
-  Verifying  : mongodb-server-2.6.11-1.el7.x86_64                          6/12
-  Verifying  : libstemmer-0-2.585svn.el7.x86_64                            7/12
-  Verifying  : boost-thread-1.53.0-23.el7.x86_64                           8/12
-  Verifying  : yaml-cpp-0.5.1-6.el7.x86_64                                 9/12
-  Verifying  : mongodb-2.6.11-1.el7.x86_64                                10/12
-  Verifying  : boost-system-1.53.0-23.el7.x86_64                          11/12
-  Verifying  : boost-program-options-1.53.0-23.el7.x86_64                 12/12
-Installed:
-  mongodb.x86_64 0:2.6.11-1.el7       mongodb-server.x86_64 0:2.6.11-1.el7
-Dependency Installed:
-  boost-filesystem.x86_64 0:1.53.0-23.el7
-  boost-program-options.x86_64 0:1.53.0-23.el7
-  boost-system.x86_64 0:1.53.0-23.el7
-  boost-thread.x86_64 0:1.53.0-23.el7
-  gperftools-libs.x86_64 0:2.4-5.el7
-  libpcap.x86_64 14:1.5.3-4.el7_1.2
-  libstemmer.x86_64 0:0-2.585svn.el7
-  libunwind.x86_64 0:1.1-10.el7
-  v8.x86_64 1:3.14.5.10-17.el7
-  yaml-cpp.x86_64 0:0.5.1-6.el7
-Complete!
-</code>
-Mit nachfolgendem Befehl kann überprüft werden, welche Inhalte mit den Paket **''mongodb-server''** installiert wurden.
-<code>
-# rpm -qil mongodb-server
-Name        : mongodb-server
-Version     : 2.6.11
-Release     : 1.el7
-Architecture: x86_64
-Install Date: Tue 03 Nov 2015 12:24:22 PM CET
-Group       : Applications/Databases
-Size        : 20949371
-License     : AGPLv3 and zlib and ASL 2.0
-Signature   : RSA/SHA256, Thu 20 Aug 2015 07:37:34 PM CEST, Key ID 6a2faea2352c64e5
-Source RPM  : mongodb-2.6.11-1.el7.src.rpm
-Build Date  : Wed 19 Aug 2015 01:57:11 PM CEST
-Build Host  : buildvm-08.phx2.fedoraproject.org
-Relocations : (not relocatable)
-Packager    : Fedora Project
-Vendor      : Fedora Project
-URL         : http://www.mongodb.org
-Summary     : MongoDB server, sharding server and support scripts
-Description :
-This package provides the mongo server software, mongo sharding server
-software, default configuration files, and init scripts.
-/etc/logrotate.d/mongodb
-/etc/mongod.conf
-/etc/mongos.conf
-/etc/sysconfig/mongod
-/etc/sysconfig/mongos
-/usr/bin/mongod
-/usr/bin/mongos
-/usr/lib/systemd/system/mongod.service
-/usr/lib/systemd/system/mongos.service
-/usr/lib/tmpfiles.d/mongodb.conf
-/usr/share/man/man1/mongod.1.gz
-/usr/share/man/man1/mongos.1.gz
-/var/lib/mongodb
-/var/log/mongodb
-/var/run/mongodb
-</code>
-Mit nachfolgendem Befehl kann überprüft werden, welche Inhalte mit den Paket **''mongodb''** installiert wurden.
-<code>
-# rpm -qil mongodb
-Name        : mongodb
-Version     : 2.6.11
-Release     : 1.el7
-Architecture: x86_64
-Install Date: Tue 03 Nov 2015 12:24:31 PM CET
-Group       : Applications/Databases
-Size        : 137519320
-License     : AGPLv3 and zlib and ASL 2.0
-Signature   : RSA/SHA256, Thu 20 Aug 2015 07:39:20 PM CEST, Key ID 6a2faea2352c64e5
-Source RPM  : mongodb-2.6.11-1.el7.src.rpm
-Build Date  : Wed 19 Aug 2015 01:57:11 PM CEST
-Build Host  : buildvm-08.phx2.fedoraproject.org
-Relocations : (not relocatable)
-Packager    : Fedora Project
-Vendor      : Fedora Project
-URL         : http://www.mongodb.org
-Summary     : High-performance, schema-free document-oriented database
-Description :
-Mongo (from "humongous") is a high-performance, open source, schema-free
-document-oriented database. MongoDB is written in C++ and offers the following
-features:
-    * Collection oriented storage: easy storage of object/JSON-style data
-    * Dynamic queries
-    * Full index support, including on inner objects and embedded arrays
-    * Query profiling
-    * Replication and fail-over support
-    * Efficient storage of binary data including large objects (e.g. photos
-    and videos)
-    * Auto-sharding for cloud-level scalability (currently in early alpha)
-    * Commercial Support Available
-A key goal of MongoDB is to bridge the gap between key/value stores (which are
-fast and highly scalable) and traditional RDBMS systems (which are deep in
-functionality).
-/usr/bin/bsondump
-/usr/bin/mongo
-/usr/bin/mongodump
-/usr/bin/mongoexport
-/usr/bin/mongofiles
-/usr/bin/mongoimport
-/usr/bin/mongooplog
-/usr/bin/mongoperf
-/usr/bin/mongorestore
-/usr/bin/mongosniff
-/usr/bin/mongostat
-/usr/bin/mongotop
-/usr/share/doc/mongodb-2.6.11
-/usr/share/doc/mongodb-2.6.11/README
-/usr/share/licenses/mongodb-2.6.11
-/usr/share/licenses/mongodb-2.6.11/APACHE-2.0.txt
-/usr/share/licenses/mongodb-2.6.11/GNU-AGPL-3.0.txt
-/usr/share/man/man1/bsondump.1.gz
-/usr/share/man/man1/mongo.1.gz
-/usr/share/man/man1/mongodump.1.gz
-/usr/share/man/man1/mongoexport.1.gz
-/usr/share/man/man1/mongofiles.1.gz
-/usr/share/man/man1/mongoimport.1.gz
-/usr/share/man/man1/mongooplog.1.gz
-/usr/share/man/man1/mongoperf.1.gz
-/usr/share/man/man1/mongorestore.1.gz
-/usr/share/man/man1/mongosniff.1.gz
-/usr/share/man/man1/mongostat.1.gz
-/usr/share/man/man1/mongotop.1.gz
-</code>
-==== MongoDB: Dienst/Deamon-Start einrichten ====
-Um das Datenbank-System [[https://www.mongodb.com/de|MongoDB]], welches als Dienst/Deamon als Hintergrundprozess läuft, auch nach einem Neustart des Servers zur Verfügung zu haben, soll der Dienst/Daemon mit dem Server mit gestartet werden, was mit nachfolgendem Befehl realisiert werden kann:
-<code>
-# systemctl enable mongod.service
-ln -s '/usr/lib/systemd/system/mongod.service' '/etc/systemd/system/multi-user.target.wants/mongod.service'
-</code>
-Eine Überprüfung, ob beim Neustart des Server der ''mongod''-Dienst/Deamon wirklich mit gestartet wird, kann mit nachfolgendem Befehl erfolgen und sollte eine Anzeige, wie ebenfalls nachfolgend dargestellt ausgeben:
-<code>
-# systemctl list-unit-files --type=service | grep -e mongod.service
-mongod.service                         enabled
-</code>
-bzw.
-<code>
-# systemctl is-enabled mongod.service
-enabled
-</code>
-===== Installation: rsyslog-gnutls =====
-Mit nachfolgendem Befehl, kann das ''rpm''-Paket - **''rsyslog-gnutls''** installiert werden:
-<code>
-# yum install rsyslog-gnutls
-Loaded plugins: changelog, priorities
-packages excluded due to repository priority protections
-Resolving Dependencies
---> Running transaction check
----> Package rsyslog-gnutls.x86_64 0:8.24.0-12.el7 will be installed
---> Finished Dependency Resolution
-Changes in packages about to be updated:
-Dependencies Resolved
-================================================================================
- Package                Arch           Version               Repository    Size
-================================================================================
-Installing:
- rsyslog-gnutls         x86_64         8.24.0-12.el7         base          41 k
-Transaction Summary
-================================================================================
-Install  1 Package
-Total download size: 41 k
-Installed size: 37 k
-Is this ok [y/d/N]: y
-Downloading packages:
-rsyslog-gnutls-8.24.0-12.el7.x86_64.rpm                    |  41 kB   00:00
-Running transaction check
-Running transaction test
-Transaction test succeeded
-Running transaction
-  Installing : rsyslog-gnutls-8.24.0-12.el7.x86_64                          1/1
-  Verifying  : rsyslog-gnutls-8.24.0-12.el7.x86_64                          1/1
-Installed:
-  rsyslog-gnutls.x86_64 0:8.24.0-12.el7
-Complete!
-</code>
-Mit nachfolgendem Befehl kann überprüft werden, welche Inhalte mit den Paket **''rsyslog-gnutls''** installiert wurden.
-<code>
-# rpm -qil rsyslog-gnutls
-Name        : rsyslog-gnutls
-Version     : 8.24.0
-Release     : 12.el7
-Architecture: x86_64
-Install Date: Mon 30 Apr 2018 12:32:57 PM CEST
-Group       : System Environment/Daemons
-Size        : 37936
-License     : (GPLv3+ and ASL 2.0)
-Signature   : RSA/SHA256, Thu 10 Aug 2017 09:43:39 PM CEST, Key ID 24c6a8a7f4a80eb5
-Source RPM  : rsyslog-8.24.0-12.el7.src.rpm
-Build Date  : Mon 07 Aug 2017 02:56:12 AM CEST
-Build Host  : c1bm.rdu2.centos.org
-Relocations : (not relocatable)
-Packager    : CentOS BuildSystem <http://bugs.centos.org>
-Vendor      : CentOS
-URL         : http://www.rsyslog.com/
-Summary     : TLS protocol support for rsyslog
-Description :
-The rsyslog-gnutls package contains the rsyslog plugins that provide the
-ability to receive syslog messages via upcoming syslog-transport-tls
-IETF standard protocol.
-/usr/lib64/rsyslog/lmnsd_gtls.so
-</code>
-===== Installation: gnutls-utils =====
-Mit nachfolgendem Befehl, kann das ''rpm''-Paket - **''gnutls-utils''** installiert werden:
-<code>
-# yum install gnutls-utils
-</code>
-Mit nachfolgendem Befehl kann überprüft werden, welche Inhalte mit den Paket **''gnutls-utils''** installiert wurden.
-<code>
-# rpm -qil gnutls-utils
-Name        : gnutls-utils
-Version     : 3.3.26
-Release     : 9.el7
-Architecture: x86_64
-Install Date: Tue 19 Sep 2017 03:27:28 PM CEST
-Group       : Applications/System
-Size        : 922960
-License     : GPLv3+
-Signature   : RSA/SHA256, Thu 10 Aug 2017 06:24:54 PM CEST, Key ID 24c6a8a7f4a80eb5
-Source RPM  : gnutls-3.3.26-9.el7.src.rpm
-Build Date  : Sat 05 Aug 2017 01:58:17 AM CEST
-Build Host  : c1bm.rdu2.centos.org
-Relocations : (not relocatable)
-Packager    : CentOS BuildSystem <http://bugs.centos.org>
-Vendor      : CentOS
-URL         : http://www.gnutls.org/
-Summary     : Command line tools for TLS protocol
-Description :
-GnuTLS is a secure communications library implementing the SSL, TLS and DTLS
-protocols and technologies around them. It provides a simple C language
-application programming interface (API) to access the secure communications
-protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and
-other required structures.
-This package contains command line TLS client and server and certificate
-manipulation tools.
-/usr/bin/certtool
-/usr/bin/crywrap
-/usr/bin/danetool
-/usr/bin/gnutls-cli
-/usr/bin/gnutls-cli-debug
-/usr/bin/gnutls-serv
-/usr/bin/ocsptool
-/usr/bin/p11tool
-/usr/bin/psktool
-/usr/bin/tpmtool
-/usr/share/doc/gnutls-utils-3.3.26
-/usr/share/doc/gnutls-utils-3.3.26/certtool.cfg
-/usr/share/man/man1/certtool.1.gz
-/usr/share/man/man1/danetool.1.gz
-/usr/share/man/man1/gnutls-cli-debug.1.gz
-/usr/share/man/man1/gnutls-cli.1.gz
-/usr/share/man/man1/gnutls-serv.1.gz
-/usr/share/man/man1/ocsptool.1.gz
-/usr/share/man/man1/p11tool.1.gz
-/usr/share/man/man1/psktool.1.gz
-/usr/share/man/man1/tpmtool.1.gz
-</code>
-===== Konfiguration: MongoDB =====
-Nach der erfolgreichen Installation von [[https://www.mongodb.com/de|MongoDB]] sollte noch ein Administrator für alle [[https://www.mongodb.com/de|MongoDB]]-Server-Datenbanken erstellt werden **und** ein spezieller Benutzer, welcher über **Lese-** und **Schreibrechte** für die [[https://www.mongodb.com/de|MongoDB]]-Datenbank **''graylog''** erhalten soll, damit über diesen eine **Authentifizierung** an der [[https://www.mongodb.com/de|MongoDB]] erfolgten kann und dies **__nicht mehr ohne Benutzernamen und Passwort__** erfolgen kann.
-==== Benutzer: Administrator anlegen ====
-Zuerst muss in die [[https://www.mongodb.com/de|MongoDB]]-Console mithilfe des nachfolgenden Befehls gewechselt werden, damit Datenbank spezifische Befehle gegen die [https://www.mongodb.com/de|MongoDB]] abgesetzt werden können:
-<code>
-# mongo
-MongoDB shell version: 2.6.11
-connecting to: test
-Server has startup warnings:
--11-06T15:39:45.750+0100 [initandlisten]
--11-06T15:39:45.750+0100 [initandlisten] ** WARNING: Readahead for /var/lib/mongodb is set to 4096KB
--11-06T15:39:45.750+0100 [initandlisten] **          We suggest setting it to 256KB (512 sectors) or less
--11-06T15:39:45.750+0100 [initandlisten] **          http://dochub.mongodb.org/core/readahead
-</code>
-* //Nachfolgende **WARNING** (Warnung) kann hierbei ignoriert werden!//
-Anschließend muss die in die interne Verwaltungsdatenbank von [https://www.mongodb.com/de|MongoDB]] gewechselt werden, was mit nachfolgendem Befehl durchgeführt werden kann:
-<code>
-> use admin
-switched to db admin
-</code>
-Nun soll ein **Administrationsbenutzer** für die [[https://www.mongodb.com/de|MongoDB]]-Server angelegt, was mit nachfolgendem Befehl durchgeführt werden kann:
-<code>
-db.createUser({user:"admin",pwd:"geheim",roles:[{role:"root",db:"admin"}]})
-Successfully added user: {
-	"user" : "admin",
-	"roles" : [
-		{
-			"role" : "root",
-			"db" : "admin"
-		}
-	]
-}
-</code>
-Abschließend wird die [[https://www.mongodb.com/de|MongoDB]]-Console mithilfe des nachfolgenden Befehls beendet:
-<code>
-> exit
-bye
-</code>
-==== Benutzer: "graylog" anlegen ====
-Zuerst muss wieder in die [[https://www.mongodb.com/de|MongoDB]]-Console mithilfe des nachfolgenden Befehls gewechselt werden, damit Datenbank spezifische Befehle gegen die [https://www.mongodb.com/de|MongoDB]] abgesetzt werden können:
-<code>
-# mongo --authenticationDatabase admin -u admin -p
-MongoDB shell version: 2.6.11
-Enter password:
-connecting to: test
-Server has startup warnings:
--11-09T12:21:58.328+0100 [initandlisten]
--11-09T12:21:58.328+0100 [initandlisten] ** WARNING: Readahead for /var/lib/mongodb is set to 4096KB
--11-09T12:21:58.328+0100 [initandlisten] **          We suggest setting it to 256KB (512 sectors) or less
--11-09T12:21:58.328+0100 [initandlisten] **          http://dochub.mongodb.org/core/readahead
-</code>
-* //Nachfolgende **WARNING** (Warnung) kann hierbei ignoriert werden!//
-Anschließend muss die Datenbank von [https://www.mongodb.com/de|MongoDB]] gewechselt werden, für die eine Benutzer mit Passwort angelegt werden soll, was mit nachfolgendem Befehl durchgeführt werden kann:
-<code>
-> use graylog
-switched to db graylog
-</code>
-Nun soll ein **"graylog"-Benutzer** für die [[https://www.mongodb.com/de|MongoDB]]-Server angelegt, was mit nachfolgendem Befehl durchgeführt werden kann:
-<code>
-db.createUser({user:"grayloguser",pwd:"geheim",roles:["readWrite"]})
-Successfully added user: { "user" : "grayloguser", "roles" : [ "readWrite" ] }
-</code>
-Abschließend wird die [[https://www.mongodb.com/de|MongoDB]]-Console mithilfe des nachfolgenden Befehls beendet:
-<code>
-> exit
-bye
-</code>
-==== /etc/mongod.conf - Datenbankgröße ====
-Nachfolgende Konfiguration verändert das Speicherverhalten der [[https://www.mongodb.com/de|MongoDB]] in dem diese eine **kleinere Standard Dateigröße** verwendet. Hierbei wird die initiale Datenbankgröße kleiner angesetzt und diese auch auf maximal **512 MegaByte** herabgesetzt. Ebenso wird die Standard ''journal''-Schreibung von der Größe her ebenfalls beschränkt und zwar von 1 GigaByte auf **128 MegaByte**.
-Nachfolgende Änderungen müssen dafür in der Konfigurationsdatei
-  * ''/etc/mongod.conf''
-durchgeführt werden:
-(**Nur relevanter Ausschnitt**):
-<code ini>
-...
-# Use a smaller default file size (false by default)
-# Tachtler
-# default: #smallfiles = true
-smallfiles = true
-...
-</code>
-==== /etc/mongod.conf - Authentifizierung erzwingen ====
-Nachfolgende Konfiguration erzwingt die Authentifizieren gegen die [[https://www.mongodb.com/de|MongoDB]].
-:!: **HINWEIS** - **Zugriff auf die [[https://www.mongodb.com/de|MongoDB]] __ohne__ Benutzername und dazugehörigen Passwort, sollten danach __nicht__ mehr möglich sein!**
-Nachfolgende Änderungen müssen dafür in der Konfigurationsdatei
-  * ''/etc/mongod.conf''
-durchgeführt werden:
-(**Nur relevanter Ausschnitt**):
-<code ini>
-...
-# Run with/without security (without by default)
-# Tachtler
-# default: #auth = true
-auth = true
-#noauth = true
-...
-</code>
-==== MongoDB: Erster Start ====
-Danach kann der **mongod**-Server mit nachfolgendem Befehle gestartet werden:
-<code>
-# systemctl start mongod
-</code>
-Mit nachfolgendem Befehl kann der Status des [[https://www.mongodb.com/de|MongoDB]]-Servers abgefragt werden:
-<code>
-# systemctl status mongod
-mongod.service - High-performance, schema-free document-oriented database
-   Loaded: loaded (/usr/lib/systemd/system/mongod.service; enabled)
-   Active: active (running) since Tue 2015-11-03 12:59:24 CET; 5s ago
-  Process: 11678 ExecStart=/usr/bin/mongod $OPTIONS run (code=exited, status=0/SUCCESS)
- Main PID: 11680 (mongod)
-   CGroup: /system.slice/mongod.service
-           └─11680 /usr/bin/mongod --quiet -f /etc/mongod.conf run
-Nov 03 12:59:18 server11.idmz.tachtler.net systemd[1]: Starting High-performa...
-Nov 03 12:59:18 server11.idmz.tachtler.net mongod[11678]: about to fork child...
-Nov 03 12:59:18 server11.idmz.tachtler.net mongod[11678]: forked process: 11680
-Nov 03 12:59:24 server11.idmz.tachtler.net mongod[11678]: child process start...
-Nov 03 12:59:24 server11.idmz.tachtler.net systemd[1]: Started High-performan...
-Hint: Some lines were ellipsized, use -l to show in full.
-</code>
-==== MongoDB: Test ====
-Ein Verbindungstest kann durchgeführt werden, indem die [[https://www.mongodb.com/de|MongoDB]]-''shell'' aufgerufen wird, was mit nachfolgendem Befehl durchgeführt werden kann:
-<code>
-# mongo
-MongoDB shell version: 2.6.11
-connecting to: test
-Server has startup warnings:
--11-03T12:59:18.916+0100 [initandlisten]
--11-03T12:59:18.916+0100 [initandlisten] ** WARNING: Readahead for /var/lib/mongodb is set to 4096KB
--11-03T12:59:18.916+0100 [initandlisten] **          We suggest setting it to 256KB (512 sectors) or less
--11-03T12:59:18.916+0100 [initandlisten] **          http://dochub.mongodb.org/core/readahead
-> exit
-bye
-</code>
-Die [[https://www.mongodb.com/de|MongoDB]]-''shell'' kann mit dem Befehl ''exit'' verlassen werden.
-:!: **HINWEIS** - **Die Warnmeldungen können ignoriert werden.**
-===== Installation: Elasticsearch =====
-Nachdem das **Drittanbieter-Repository**
-  * [[tachtler:graylog#repositoryelasticsearch|graylog - Repository: Elasticsearch]]
-erfolgreich eingebunden wurde, kann mit nachfolgendem Befehl, das ''rpm''-Paket **''elasticsearch''** installiert werden:
-<code>
-# yum install elasticsearch
-Loaded plugins: changelog, priorities
-packages excluded due to repository priority protections
-Resolving Dependencies
---> Running transaction check
----> Package elasticsearch.noarch 0:1.7.3-1 will be installed
---> Finished Dependency Resolution
-Changes in packages about to be updated:
-Dependencies Resolved
-================================================================================
- Package             Arch         Version         Repository               Size
-================================================================================
-Installing:
- elasticsearch       noarch       1.7.3-1         elasticsearch-1.7        26 M
-Transaction Summary
-================================================================================
-Install  1 Package
-Total download size: 26 M
-Installed size: 30 M
-Is this ok [y/d/N]: y
-Downloading packages:
-elasticsearch-1.7.3.noarch.rpm                             |  26 MB   00:24
-Running transaction check
-Running transaction test
-Transaction test succeeded
-Running transaction
-Creating elasticsearch group... OK
-Creating elasticsearch user... OK
-  Installing : elasticsearch-1.7.3-1.noarch                                 1/1
-### NOT starting on installation, please execute the following statements to configure elasticsearch service to start automatically using systemd
- sudo systemctl daemon-reload
- sudo systemctl enable elasticsearch.service
-### You can start elasticsearch service by executing
- sudo systemctl start elasticsearch.service
-  Verifying  : elasticsearch-1.7.3-1.noarch                                 1/1
-Installed:
-  elasticsearch.noarch 0:1.7.3-1
-Complete!
-</code>
-Mit nachfolgendem Befehl kann überprüft werden, welche Inhalte mit den Paket **''elasticsearch''** installiert wurden.
-<code>
-# rpm -qil elasticsearch
-Name        : elasticsearch
-Version     : 1.7.3
-Release     : 1
-Architecture: noarch
-Install Date: Tue 03 Nov 2015 04:58:00 PM CET
-Group       : Application/Internet
-Size        : 31333594
-License     : (c) 2009
-Signature   : RSA/SHA1, Thu 15 Oct 2015 11:16:52 AM CEST, Key ID d27d666cd88e42b4
-Source RPM  : elasticsearch-1.7.3-1.src.rpm
-Build Date  : Thu 15 Oct 2015 11:16:48 AM CEST
-Build Host  : ip-10-249-14-148.us-west-2.compute.internal
-Relocations : /usr
-Packager    : Elasticsearch
-Summary     : elasticsearch
-Description :
-Elasticsearch - Open Source, Distributed, RESTful Search Engine
-/etc/elasticsearch
-/etc/elasticsearch/elasticsearch.yml
-/etc/elasticsearch/logging.yml
-/etc/init.d/elasticsearch
-/etc/sysconfig/elasticsearch
-/tmp/elasticsearch
-/usr/lib/sysctl.d
-/usr/lib/sysctl.d/elasticsearch.conf
-/usr/lib/systemd/system/elasticsearch.service
-/usr/lib/tmpfiles.d
-/usr/lib/tmpfiles.d/elasticsearch.conf
-/usr/share/elasticsearch/LICENSE.txt
-/usr/share/elasticsearch/NOTICE.txt
-/usr/share/elasticsearch/README.textile
-/usr/share/elasticsearch/bin
-/usr/share/elasticsearch/bin/elasticsearch
-/usr/share/elasticsearch/bin/elasticsearch.in.sh
-/usr/share/elasticsearch/bin/plugin
-/usr/share/elasticsearch/lib/antlr-runtime-3.5.jar
-/usr/share/elasticsearch/lib/apache-log4j-extras-1.2.17.jar
-/usr/share/elasticsearch/lib/asm-4.1.jar
-/usr/share/elasticsearch/lib/asm-commons-4.1.jar
-/usr/share/elasticsearch/lib/elasticsearch-1.7.3.jar
-/usr/share/elasticsearch/lib/groovy-all-2.4.4.jar
-/usr/share/elasticsearch/lib/jna-4.1.0.jar
-/usr/share/elasticsearch/lib/jts-1.13.jar
-/usr/share/elasticsearch/lib/log4j-1.2.17.jar
-/usr/share/elasticsearch/lib/lucene-analyzers-common-4.10.4.jar
-/usr/share/elasticsearch/lib/lucene-core-4.10.4.jar
-/usr/share/elasticsearch/lib/lucene-expressions-4.10.4.jar
-/usr/share/elasticsearch/lib/lucene-grouping-4.10.4.jar
-/usr/share/elasticsearch/lib/lucene-highlighter-4.10.4.jar
-/usr/share/elasticsearch/lib/lucene-join-4.10.4.jar
-/usr/share/elasticsearch/lib/lucene-memory-4.10.4.jar
-/usr/share/elasticsearch/lib/lucene-misc-4.10.4.jar
-/usr/share/elasticsearch/lib/lucene-queries-4.10.4.jar
-/usr/share/elasticsearch/lib/lucene-queryparser-4.10.4.jar
-/usr/share/elasticsearch/lib/lucene-sandbox-4.10.4.jar
-/usr/share/elasticsearch/lib/lucene-spatial-4.10.4.jar
-/usr/share/elasticsearch/lib/lucene-suggest-4.10.4.jar
-/usr/share/elasticsearch/lib/sigar
-/usr/share/elasticsearch/lib/sigar/libsigar-amd64-linux.so
-/usr/share/elasticsearch/lib/sigar/libsigar-ia64-linux.so
-/usr/share/elasticsearch/lib/sigar/libsigar-x86-linux.so
-/usr/share/elasticsearch/lib/sigar/sigar-1.6.4.jar
-/usr/share/elasticsearch/lib/spatial4j-0.4.1.jar
-/usr/share/elasticsearch/plugins
-/var/lib/elasticsearch
-/var/log/elasticsearch
-/var/run/elasticsearch
-</code>
-==== Elasticsearch: Dienst/Deamon-Start einrichten ====
-Um der Such-Server [[https://www.elastic.co/de/|Elasticsearch]], welcher als Dienst/Deamon als Hintergrundprozess läuft, auch nach einem Neustart des Servers zur Verfügung zu haben, soll der Dienst/Daemon mit dem Server mit gestartet werden, was mit nachfolgendem Befehl realisiert werden kann:
-<code>
-# systemctl daemon-reload
-</code>
-<code>
-# systemctl enable elasticsearch.service
-ln -s '/usr/lib/systemd/system/elasticsearch.service' '/etc/systemd/system/multi-user.target.wants/elasticsearch.service'
-</code>
-Eine Überprüfung, ob beim Neustart des Server der ''elasticsearch''-Dienst/Deamon wirklich mit gestartet wird, kann mit nachfolgendem Befehl erfolgen und sollte eine Anzeige, wie ebenfalls nachfolgend dargestellt ausgeben:
-<code>
-# systemctl list-unit-files --type=service | grep -e elasticsearch.service
-elasticsearch.service                  enabled
-</code>
-bzw.
-<code>
-# systemctl is-enabled elasticsearch.service
-enabled
-</code>
-===== Konfiguration: Elasticsearch =====
-==== /etc/sysctl.conf ====
-Um den Speicherverbrauch von [[https://www.elastic.co/de/|Elasticsearch]] Rechnung tragen zu können, ist es erforderlich den Wert
-  * ''vm.max_map_count''
-ggf. zu erhöhen.
-Nachfolgende Abfrage zeigt den Standardwert von ''vm.max_map_count'':
-<code>
-# sysctl vm.max_map_count
-vm.max_map_count = 65530
-</code>
-Der Speicher kann erhöht werden, in dem mit nachfolgender Befehl dieser auf den Wert **''262144''** gesetzt wird:
-<code>
-# sysctl -w vm.max_map_count=262144
-vm.max_map_count = 262144
-</code>
-Um diesen Wert auch nach einem Neustart des Servers, permanent setzen zu können kann in der Konfigurationsdatei
-  * ''/etc/sysctl.conf''
-dies ebenfalls eingetragen werden:
-(**Komplette Konfigurationsdatei**):
-<code bash>
-# System default settings live in /usr/lib/sysctl.d/00-system.conf.
-# To override those settings, enter new settings here, or in an /etc/sysctl.d/<name>.conf file
-#
-# For more information, see sysctl.conf(5) and sysctl.d(5).
-#
-# Tachtler - new -
-vm.max_map_count=262144
-</code>
-==== /etc/elasticsearch/elasticsearch.yml ====
-Bevor der Dienst/Daemon von [[https://www.elastic.co/de/|Elasticsearch]] gestartet werden kann, ist nachfolgende Konfiguration in der Konfigurationsdatei
-  * **''/etc/elasticsearch/elasticsearch.yml''**
-durchzuführen:
-(**Nur relevanter Ausschnitt**):
-<code yaml>
-...
-################################### Cluster ###################################
-# Cluster name identifies your cluster for auto-discovery. If you're running
-# multiple clusters on the same network, make sure you're using unique names.
-#
-# Tachtler
-# default: #cluster.name: elasticsearch
-cluster.name: graylog
-...
-...
-...
-# 1. Disable multicast discovery (enabled by default):
-#
-# Tachtler
-# default: #discovery.zen.ping.multicast.enabled: false
-discovery.zen.ping.multicast.enabled: false
-#
-# 2. Configure an initial list of master nodes in the cluster
-#    to perform discovery when new nodes (master or data) are started:
-#
-# Tachtler
-# default: #discovery.zen.ping.unicast.hosts: ["host1", "host2:port"]
-discovery.zen.ping.unicast.hosts: ["127.0.0.1:9300"]
-...
-...
-...
-# Tachtler - ONLY BEFORE VERSION 2.x
-script.disable_dynamic: true
-</code>
-**__Nachfolgende Änderungen wurden durchgeführt:__**
-  * <code yaml>cluster.name: graylog</code>
-Setzen des **''cluster''**-Namen für den Zugriff durch [[https://www.graylog.org/|Graylog]].
-:!: **HINWEIS** - Dies ist grundsätzlich die **__einzige__ relevante Änderung** die laut Dokumentation von [[https://www.graylog.org/|Graylog]] durchzuführen ist.
-  * Siehe auch externen Link: [[http://docs.graylog.org/en/latest/pages/installation/manual_setup.html|Docs » Installing Graylog » Manual Setup]]
-  * <code yaml>discovery.zen.ping.multicast.enabled: false</code>
-**Deaktivieren** des ''ping'''en via **Multicast** über die IP-Adresse 224.0.0.0- Dafür soll nachfolgend eine **Unicast** IP-Adresse 127.0.0.1 und der Port 9300 verwendet werden!
-  * <code yaml>discovery.zen.ping.unicast.hosts: ["127.0.0.1:9300"]</code>
-**Aktivieren** der Verwendung einer **Unicast** IP-Adresse 127.0.0.1 und des Ports 9300 **anstelle** von **Multicast** über die IP-Adresse 224.0.0.0.
-  * <code yaml>script.disable_dynamic: true</code>
-:!: **WICHTIG** - **__Nur__** erforderlich bei **Versionen __kleiner__ 2.x** !!!
-**Deaktivieren** der Möglichkeit, das [[https://www.elastic.co/de/|Elasticsearch]] Skripte via **''remote''** Fernausführung dynamisch ausführen kann, **was ein Sicherheitsrisiko darstellen würde!**.
-==== Elasticsearch: Erster Start ====
-Danach kann der **elasticsearch**-Server mit nachfolgendem Befehle gestartet werden:
-<code>
-# systemctl start elasticsearch
-</code>
-Mit nachfolgendem Befehl kann der Status des [[https://www.elastic.co/de/|Elasticsearch]]-Servers abgefragt werden:
-<code>
-# systemctl status elasticsearch
-elasticsearch.service - Elasticsearch
-   Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled)
-   Active: active (running) since Tue 2015-11-03 17:06:27 CET; 8s ago
-     Docs: http://www.elastic.co
- Main PID: 19264 (java)
-   CGroup: /system.slice/elasticsearch.service
-           └─19264 /bin/java -Xms256m -Xmx1g -Djava.awt.headless=true -XX:+Us...
-Nov 03 17:06:27 server11.idmz.tachtler.net systemd[1]: Started Elasticsearch.
-</code>
-==== Elasticsearch: Test ====
-Ein Verbindungstest kann durchgeführt werden, in dem [[https://www.elastic.co/de/|Elasticsearch]] über den Kommunikationsurl und -port **''http://localhost:9200''** entsprechend aufgerufen wird, was mit nachfolgendem Befehl durchgeführt werden kann:
-<code>
-# curl -X GET http://localhost:9200
-{
-  "status" : 200,
-  "name" : "Black Marvel",
-  "cluster_name" : "graylog",
-  "version" : {
-    "number" : "1.7.3",
-    "build_hash" : "05d4530971ef0ea46d0f4fa6ee64dbc8df659682",
-    "build_timestamp" : "2015-10-15T09:14:17Z",
-    "build_snapshot" : false,
-    "lucene_version" : "4.10.4"
-  },
-  "tagline" : "You Know, for Search"
-}
-</code>
-bzw.
-<code>
-# curl -X GET 'http://localhost:9200/_cluster/health?pretty=true'
-{
-  "cluster_name" : "graylog",
-  "status" : "green",
-  "timed_out" : false,
-  "number_of_nodes" : 2,
-  "number_of_data_nodes" : 1,
-  "active_primary_shards" : 1,
-  "active_shards" : 1,
-  "relocating_shards" : 0,
-  "initializing_shards" : 0,
-  "unassigned_shards" : 0,
-  "delayed_unassigned_shards" : 0,
-  "number_of_pending_tasks" : 0,
-  "number_of_in_flight_fetch" : 0
-}
-</code>
-===== Installation: graylog =====
-Nachdem das **Drittanbieter-Repository**
-  * [[tachtler:graylog#repositorygraylog|graylog - Repository: graylog]]
-erfolgreich eingebunden wurde, können mit nachfolgendem Befehl, die ''rpm''-Pakete - **''graylog-server''** und **''graylog-web''** installiert werden:
-<code>
-# yum install graylog-server graylog-web
-Loaded plugins: changelog, priorities
-packages excluded due to repository priority protections
-Resolving Dependencies
---> Running transaction check
----> Package graylog-server.noarch 0:1.2.2-1 will be installed
----> Package graylog-web.noarch 0:1.2.2-1 will be installed
---> Finished Dependency Resolution
-Changes in packages about to be updated:
-Dependencies Resolved
-================================================================================
- Package                Arch           Version            Repository       Size
-================================================================================
-Installing:
- graylog-server         noarch         1.2.2-1            graylog          64 M
- graylog-web            noarch         1.2.2-1            graylog          39 M
-Transaction Summary
-================================================================================
-Install  2 Packages
-Total download size: 104 M
-Installed size: 117 M
-Is this ok [y/d/N]: y
-Downloading packages:
-(1/2): graylog-web-1.2.2-1.noarch.rpm                      |  39 MB   01:01
-(2/2): graylog-server-1.2.2-1.noarch.rpm                   |  64 MB   01:31
---------------------------------------------------------------------------------
-Total                                              1.1 MB/s | 104 MB  01:31
-Running transaction check
-Running transaction test
-Transaction test succeeded
-Running transaction
-  Installing : graylog-server-1.2.2-1.noarch                                1/2
-ln -s '/usr/lib/systemd/system/graylog-server.service' '/etc/systemd/system/multi-user.target.wants/graylog-server.service'
-  Installing : graylog-web-1.2.2-1.noarch                                   2/2
-ln -s '/usr/lib/systemd/system/graylog-web.service' '/etc/systemd/system/multi-user.target.wants/graylog-web.service'
-  Verifying  : graylog-web-1.2.2-1.noarch                                   1/2
-  Verifying  : graylog-server-1.2.2-1.noarch                                2/2
-Installed:
-  graylog-server.noarch 0:1.2.2-1          graylog-web.noarch 0:1.2.2-1
-Complete!
-</code>
-Mit nachfolgendem Befehl kann überprüft werden, welche Inhalte mit den Paket **''graylog-server''** installiert wurden.
-<code>
-# rpm -qil graylog-server
-Name        : graylog-server
-Version     : 1.2.2
-Release     : 1
-Architecture: noarch
-Install Date: Tue 03 Nov 2015 02:43:48 PM CET
-Group       : optional
-Size        : 76426490
-License     : GPLv3
-Signature   : RSA/SHA1, Mon 26 Oct 2015 05:47:21 PM CET, Key ID d44c1d8db1606f22
-Source RPM  : graylog-server-1.2.2-1.src.rpm
-Build Date  : Mon 26 Oct 2015 05:47:02 PM CET
-Build Host  : d725e9e9466f
-Relocations : /
-Packager    : Graylog, Inc. <hello@graylog.org>
-Vendor      : graylog
-URL         : https://www.graylog.org/
-Summary     : Graylog server
-Description :
-Graylog server
-/etc/graylog/server/log4j.xml
-/etc/graylog/server/server.conf
-/etc/sysconfig/graylog-server
-/usr/lib/systemd/system/graylog-server.service
-/usr/share/graylog-server/bin/graylog-es-timestamp-fixup
-/usr/share/graylog-server/bin/graylog-server
-/usr/share/graylog-server/graylog.jar
-/usr/share/graylog-server/lib/sigar/libsigar-amd64-linux.so
-/usr/share/graylog-server/lib/sigar/libsigar-x86-linux.so
-/usr/share/graylog-server/plugin/usage-statistics-1.1.1.jar</code>
-Mit nachfolgendem Befehl kann überprüft werden, welche Inhalte mit den Paket **''graylog-web''** installiert wurden.
-<code>
-# rpm -qil graylog-web
-Name        : graylog-web
-Version     : 1.2.2
-Release     : 1
-Architecture: noarch
-Install Date: Tue 03 Nov 2015 02:43:50 PM CET
-Group       : optional
-Size        : 46265591
-License     : GPLv3
-Signature   : RSA/SHA1, Mon 26 Oct 2015 05:48:39 PM CET, Key ID d44c1d8db1606f22
-Source RPM  : graylog-web-1.2.2-1.src.rpm
-Build Date  : Mon 26 Oct 2015 05:48:27 PM CET
-Build Host  : 254d018f7dab
-Relocations : /
-Packager    : Graylog, Inc. <hello@graylog.org>
-Vendor      : graylog
-URL         : https://www.graylog.org/
-Summary     : Graylog web
-Description :
-Graylog web
-/etc/graylog/web/application.conf
-/etc/graylog/web/logback.xml
-/etc/graylog/web/play.plugins
-/etc/graylog/web/web.conf
-/etc/sysconfig/graylog-web
-/usr/lib/systemd/system/graylog-web.service
-/usr/share/graylog-web/README.md
-/usr/share/graylog-web/bin/graylog-web
-/usr/share/graylog-web/bin/graylog-web-interface
-/usr/share/graylog-web/conf
-/usr/share/graylog-web/lib/aopalliance.aopalliance-1.0.jar
-/usr/share/graylog-web/lib/ch.qos.logback.logback-classic-1.1.1.jar
-/usr/share/graylog-web/lib/ch.qos.logback.logback-core-1.1.1.jar
-/usr/share/graylog-web/lib/com.fasterxml.classmate-1.0.0.jar
-/usr/share/graylog-web/lib/com.fasterxml.jackson.core.jackson-annotations-2.6.0.jar
-/usr/share/graylog-web/lib/com.fasterxml.jackson.core.jackson-core-2.6.0.jar
-/usr/share/graylog-web/lib/com.fasterxml.jackson.core.jackson-databind-2.6.0.jar
-/usr/share/graylog-web/lib/com.fasterxml.jackson.datatype.jackson-datatype-guava-2.6.0.jar
-/usr/share/graylog-web/lib/com.fasterxml.jackson.datatype.jackson-datatype-joda-2.6.0.jar
-/usr/share/graylog-web/lib/com.github.fdimuccio.play2-sockjs_2.10-0.3.1.jar
-/usr/share/graylog-web/lib/com.google.code.findbugs.jsr305-3.0.0.jar
-/usr/share/graylog-web/lib/com.google.guava.guava-18.0.jar
-/usr/share/graylog-web/lib/com.google.inject.extensions.guice-assistedinject-4.0.jar
-/usr/share/graylog-web/lib/com.google.inject.guice-4.0.jar
-/usr/share/graylog-web/lib/com.ning.async-http-client-1.9.31.jar
-/usr/share/graylog-web/lib/com.squareup.okhttp.okhttp-2.4.0.jar
-/usr/share/graylog-web/lib/com.squareup.okio.okio-1.4.0.jar
-/usr/share/graylog-web/lib/com.typesafe.akka.akka-actor_2.10-2.3.5.jar
-/usr/share/graylog-web/lib/com.typesafe.akka.akka-slf4j_2.10-2.3.4.jar
-/usr/share/graylog-web/lib/com.typesafe.config-1.2.1.jar
-/usr/share/graylog-web/lib/com.typesafe.netty.netty-http-pipelining-1.1.2.jar
-/usr/share/graylog-web/lib/com.typesafe.play.build-link-2.3.10.jar
-/usr/share/graylog-web/lib/com.typesafe.play.play-cache_2.10--2.3.10-2.3.10.jar
-/usr/share/graylog-web/lib/com.typesafe.play.play-datacommons_2.10-2.3.10.jar
-/usr/share/graylog-web/lib/com.typesafe.play.play-exceptions-2.3.10.jar
-/usr/share/graylog-web/lib/com.typesafe.play.play-functional_2.10-2.3.10.jar
-/usr/share/graylog-web/lib/com.typesafe.play.play-iteratees_2.10-2.3.10.jar
-/usr/share/graylog-web/lib/com.typesafe.play.play-java_2.10--2.3.10-2.3.10.jar
-/usr/share/graylog-web/lib/com.typesafe.play.play-json_2.10-2.3.10.jar
-/usr/share/graylog-web/lib/com.typesafe.play.play_2.10-2.3.10.jar
-/usr/share/graylog-web/lib/com.typesafe.play.twirl-api_2.10-1.0.2.jar
-/usr/share/graylog-web/lib/commons-beanutils.commons-beanutils-1.8.3.jar
-/usr/share/graylog-web/lib/commons-codec.commons-codec-1.9.jar
-/usr/share/graylog-web/lib/commons-logging.commons-logging-1.1.3.jar
-/usr/share/graylog-web/lib/dom4j.dom4j-1.6.1.jar
-/usr/share/graylog-web/lib/graylog-web-interface.graylog-web-interface-1.2.2-assets.jar
-/usr/share/graylog-web/lib/graylog-web-interface.graylog-web-interface-1.2.2.jar
-/usr/share/graylog-web/lib/io.netty.netty-3.10.4.Final.jar
-/usr/share/graylog-web/lib/javassist.javassist--3.12.1.GA-3.12.1.GA.jar
-/usr/share/graylog-web/lib/javax.el.javax.el-api-3.0.0.jar
-/usr/share/graylog-web/lib/javax.inject.javax.inject-1.jar
-/usr/share/graylog-web/lib/javax.transaction.jta-1.1.jar
-/usr/share/graylog-web/lib/javax.validation.validation-api-1.1.0.Final.jar
-/usr/share/graylog-web/lib/joda-time.joda-time-2.8.1.jar
-/usr/share/graylog-web/lib/net.sf.ehcache.ehcache-core-2.6.8.jar
-/usr/share/graylog-web/lib/org.apache.commons.commons-lang3-3.1.jar
-/usr/share/graylog-web/lib/org.apache.shiro.shiro-core-1.2.3.jar
-/usr/share/graylog-web/lib/org.apache.tomcat.tomcat-servlet-api-8.0.5.jar
-/usr/share/graylog-web/lib/org.graylog2.graylog2-rest-client--1.2.2-1.2.2.jar
-/usr/share/graylog-web/lib/org.graylog2.graylog2-rest-models-1.2.2.jar
-/usr/share/graylog-web/lib/org.graylog2.play2-graylog2_2.10-1.2.1.jar
-/usr/share/graylog-web/lib/org.hibernate.hibernate-validator-5.1.3.Final.jar
-/usr/share/graylog-web/lib/org.javassist.javassist-3.19.0-GA.jar
-/usr/share/graylog-web/lib/org.jboss.logging.jboss-logging-3.2.0.Final.jar
-/usr/share/graylog-web/lib/org.joda.joda-convert-1.6.jar
-/usr/share/graylog-web/lib/org.reflections.reflections-0.9.8.jar
-/usr/share/graylog-web/lib/org.scala-lang.scala-library-2.10.4.jar
-/usr/share/graylog-web/lib/org.scala-lang.scala-reflect-2.10.4.jar
-/usr/share/graylog-web/lib/org.scala-stm.scala-stm_2.10-0.7.jar
-/usr/share/graylog-web/lib/org.slf4j.jcl-over-slf4j-1.7.6.jar
-/usr/share/graylog-web/lib/org.slf4j.jul-to-slf4j-1.7.6.jar
-/usr/share/graylog-web/lib/org.slf4j.slf4j-api-1.7.12.jar
-/usr/share/graylog-web/lib/org.springframework.spring-aop--4.0.3.RELEASE-4.0.3.RELEASE.jar
-/usr/share/graylog-web/lib/org.springframework.spring-beans-4.0.3.RELEASE.jar
-/usr/share/graylog-web/lib/org.springframework.spring-context-4.0.3.RELEASE.jar
-/usr/share/graylog-web/lib/org.springframework.spring-core-4.0.3.RELEASE.jar
-/usr/share/graylog-web/lib/org.springframework.spring-expression--4.0.3.RELEASE-4.0.3.RELEASE.jar
-/usr/share/graylog-web/lib/org.yaml.snakeyaml-1.13.jar
-/usr/share/graylog-web/lib/xerces.xercesImpl-2.11.0.jar
-/usr/share/graylog-web/lib/xml-apis.xml-apis-1.4.01.jar
-</code>
-==== Installation: pwgen ====
-Nachdem das **Drittanbieter-Repository**
-  * [[tachtler:epel_centos_7|EPEL CentOS 7]]
-erfolgreich eingebunden wurde, kann mit nachfolgendem Befehl, das ''rpm''-Paket - **''pwgen''** installiert werden:
-<code>
-# yum install pwgen
-Loaded plugins: changelog, priorities
-packages excluded due to repository priority protections
-Resolving Dependencies
---> Running transaction check
----> Package pwgen.x86_64 0:2.07-1.el7 will be installed
---> Finished Dependency Resolution
-Changes in packages about to be updated:
-Dependencies Resolved
-================================================================================
- Package          Arch              Version               Repository       Size
-================================================================================
-Installing:
- pwgen            x86_64            2.07-1.el7            epel             24 k
-Transaction Summary
-================================================================================
-Install  1 Package
-Total download size: 24 k
-Installed size: 37 k
-Is this ok [y/d/N]: y
-Downloading packages:
-pwgen-2.07-1.el7.x86_64.rpm                                |  24 kB   00:00
-Running transaction check
-Running transaction test
-Transaction test succeeded
-Running transaction
-  Installing : pwgen-2.07-1.el7.x86_64                                      1/1
-  Verifying  : pwgen-2.07-1.el7.x86_64                                      1/1
-Installed:
-  pwgen.x86_64 0:2.07-1.el7
-Complete!
-</code>
-Mit nachfolgendem Befehl kann überprüft werden, welche Inhalte mit den Paket **''pwgen''** installiert wurden.
-<code>
-# rpm -qil pwgen
-Name        : pwgen
-Version     : 2.07
-Release     : 1.el7
-Architecture: x86_64
-Install Date: Tue 03 Nov 2015 02:53:20 PM CET
-Group       : Applications/System
-Size        : 37925
-License     : GPL+
-Signature   : RSA/SHA256, Sat 06 Dec 2014 03:49:56 PM CET, Key ID 6a2faea2352c64e5
-Source RPM  : pwgen-2.07-1.el7.src.rpm
-Build Date  : Fri 05 Dec 2014 06:56:18 PM CET
-Build Host  : buildvm-08.phx2.fedoraproject.org
-Relocations : (not relocatable)
-Packager    : Fedora Project
-Vendor      : Fedora Project
-URL         : http://sf.net/projects/pwgen
-Summary     : Automatic password generation
-Description :
-pwgen generates random, meaningless but pronounceable passwords. These
-passwords contain either only lowercase letters, or upper and lower case, or
-upper case, lower case and numeric digits. Upper case letters and numeric
-digits are placed in a way that eases memorizing the password.
-/usr/bin/pwgen
-/usr/share/doc/pwgen-2.07
-/usr/share/doc/pwgen-2.07/changelog
-/usr/share/doc/pwgen-2.07/copyright
-/usr/share/man/man1/pwgen.1.gz
-</code>
-==== graylog-server: Dienst/Deamon-Start einrichten ====
-Um der [[https://www.graylog.org/|Graylog]]-Server, welcher als Dienst/Deamon als Hintergrundprozess läuft, auch nach einem Neustart des Servers zur Verfügung zu haben, soll der Dienst/Daemon mit dem Server mit gestartet werden.
-:!: **HINWEIS** - **Mit der Installation, wurde der Dienst/Daemon bereits zum automatischen Start via ''systemd'' hinzugefügt!**
-Eine Überprüfung, ob beim Neustart des Server der ''graylog-server.service''-Dienst/Deamon wirklich mit gestartet wird, kann mit nachfolgendem Befehl erfolgen und sollte eine Anzeige, wie ebenfalls nachfolgend dargestellt ausgeben:
-<code>
-# systemctl list-unit-files --type=service | grep -e graylog-server.service
-graylog-server.service                 enabled
-</code>
-bzw.
-<code>
-# systemctl is-enabled graylog-server.service
-enabled
-</code>
-==== graylog-web.service: Dienst/Deamon-Start einrichten ====
-Um der [[https://www.graylog.org/|Graylog]]-Web-Server, welcher als Dienst/Deamon als Hintergrundprozess läuft, auch nach einem Neustart des Servers zur Verfügung zu haben, soll der Dienst/Daemon mit dem Server mit gestartet werden.
-:!: **HINWEIS** - **Mit der Installation, wurde der Dienst/Daemon bereits zum automatischen Start via ''systemd'' hinzugefügt!**
-Eine Überprüfung, ob beim Neustart des Server der ''graylog-web.service''-Dienst/Deamon wirklich mit gestartet wird, kann mit nachfolgendem Befehl erfolgen und sollte eine Anzeige, wie ebenfalls nachfolgend dargestellt ausgeben:
-<code>
-# systemctl list-unit-files --type=service | grep -e graylog-server.service
-graylog-server.service                 enabled
-</code>
-bzw.
-<code>
-# systemctl is-enabled graylog-web.service
-enabled
-</code>
-===== Konfiguration: graylog-server =====
-==== /etc/sysconfig/graylog-server ====
-Nachfolgende Konfigurationsdatei enthält die Startparameter für die JAVA virtuelle Maschine des  [[https://www.graylog.org/|Graylog]]-Servers:
-  * ''/etc/sysconfig/graylog-server''
-Nachfolgende Anpassung sollte durchgeführt werden, da ab OpenJDK **Version 1.8.0** die Parameter
-  * ''PermSize''
-  * ''MaxPermSize''
-**__nicht__** merh unterstützt werden:
-(**Komplette Konfigurationsdatei**):
-<code bash>
-# Path to the java executable.
-JAVA=/usr/bin/java
-# Default Java options for heap and garbage collection.
-# Tachtler
-# default: GRAYLOG_SERVER_JAVA_OPTS="-Xms1g -Xmx1g -XX:NewRatio=1 -XX:PermSize=128m -XX:MaxPermSize=256m -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow"
-GRAYLOG_SERVER_JAVA_OPTS="-Xms1g -Xmx1g -XX:NewRatio=1 -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow"
-# Pass some extra args to graylog-server. (i.e. "-d" to enable debug mode)
-GRAYLOG_SERVER_ARGS=""
-# Program that will be used to wrap the graylog-server command. Useful to
-# support programs like authbind.
-GRAYLOG_COMMAND_WRAPPER=""
-</code>
-**__Nachfolgende Einstellungen wurden durchgeführt__**:
-  * <code ini>GRAYLOG_SERVER_JAVA_OPTS="-Xms1g -Xmx1g -XX:NewRatio=1 -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow"</code>
-Entfernen der Parameter ''-XX:PermSize=128m'' und ''-XX:MaxPermSize=256m'' aus der [[https://www.graylog.org/|Graylog]]-Server **''GRAYLOG_SERVER_JAVA_OPTS''** Konfiguration.
-==== /etc/graylog/server/server.conf ====
-Nachfolgende Konfigurationsdatei ist die **Hauptkonfigurationsdatei** des [[https://www.graylog.org/|Graylog]]-Servers:
-  * ''/etc/graylog/server/server.conf''
-Nachfolgende Anpassungen sind erforderlich, damit der [[https://www.graylog.org/|Graylog]]-Server lauffähig ist:
-(**Komplette Konfigurationsdatei**):
-<code ini>
-# If you are running more than one instances of graylog2-server you have to select one of these
-# instances as master. The master will perform some periodical tasks that non-masters won't perform.
-is_master = true
-# The auto-generated node ID will be stored in this file and read after restarts. It is a good idea
-# to use an absolute file path here if you are starting graylog2-server from init scripts or similar.
-node_id_file = /etc/graylog/server/node-id
-# You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters.
-# Generate one by using for example: pwgen -N 1 -s 96
-# Tachtler
-# default: password_secret =
-password_secret = uKyAHSUuCW4tUNUfX3XyaoxZQPeXXdS76MPn0KBxeZs7D1xXwTSoD7506oQwu9uISrcpBklodlXuswXMTZtwKEz5HM2zzGZL
-# The default root user is named 'admin'
-# Tachtler
-# default: #root_username = admin
-root_username = administrator
-# You MUST specify a hash password for the root user (which you only need to initially set up the
-# system and in case you lose connectivity to your authentication backend)
-# This password cannot be changed using the API or via the web interface. If you need to change it,
-# modify it in this file.
-# Create one by using for example: echo -n yourpassword | shasum -a 256
-# and put the resulting hash value into the following line
-# Tachtler
-# default: root_password_sha2 =
-root_password_sha2 = addb0f5e7826c857d7376d1bd9bc33c0c544790a2eac96144a8af22b1298c940
-# The email address of the root user.
-# Default is empty
-# Tachtler
-# default: #root_email = ""
-root_email = "root@tachtler.net"
-# The time zone setting of the root user.
-# The configured time zone must be parseable by http://www.joda.org/joda-time/apidocs/org/joda/time/DateTimeZone.html#forID-java.lang.String-
-# Default is UTC
-# Tachtler
-# default: #root_timezone = UTC
-root_timezone = Europe/Berlin
-# Set plugin directory here (relative or absolute)
-plugin_dir = /usr/share/graylog-server/plugin
-# REST API listen URI. Must be reachable by other graylog2-server nodes if you run a cluster.
-# Tachtler
-# default: rest_listen_uri = http://127.0.0.1:12900/
-rest_listen_uri = http://0.0.0.0:12900/
-# REST API transport address. Defaults to the value of rest_listen_uri. Exception: If rest_listen_uri
-# is set to a wildcard IP address (0.0.0.0) the first non-loopback IPv4 system address is used.
-# If set, his will be promoted in the cluster discovery APIs, so other nodes may try to connect on
-# this address and it is used to generate URLs addressing entities in the REST API. (see rest_listen_uri)
-# You will need to define this, if your Graylog server is running behind a HTTP proxy that is rewriting
-# the scheme, host name or URI.
-# Tachtler
-# default: #rest_transport_uri = http://192.168.1.1:12900/
-rest_transport_uri = http://192.168.0.110:12900/
-# Enable CORS headers for REST API. This is necessary for JS-clients accessing the server directly.
-# If these are disabled, modern browsers will not be able to retrieve resources from the server.
-# This is disabled by default. Uncomment the next line to enable it.
-# Tachtler
-# default: #rest_enable_cors = true
-rest_enable_cors = true
-# Enable GZIP support for REST API. This compresses API responses and therefore helps to reduce
-# overall round trip times. This is disabled by default. Uncomment the next line to enable it.
-# Tachtler
-# default: #rest_enable_gzip = true
-rest_enable_gzip = true
-# Enable HTTPS support for the REST API. This secures the communication with the REST API with
-# TLS to prevent request forgery and eavesdropping. This is disabled by default. Uncomment the
-# next line to enable it.
-#rest_enable_tls = true
-# The X.509 certificate file to use for securing the REST API.
-#rest_tls_cert_file = /path/to/graylog2.crt
-# The private key to use for securing the REST API.
-#rest_tls_key_file = /path/to/graylog2.key
-# The password to unlock the private key used for securing the REST API.
-#rest_tls_key_password = secret
-# The maximum size of a single HTTP chunk in bytes.
-#rest_max_chunk_size = 8192
-# The maximum size of the HTTP request headers in bytes.
-#rest_max_header_size = 8192
-# The maximal length of the initial HTTP/1.1 line in bytes.
-#rest_max_initial_line_length = 4096
-# The size of the execution handler thread pool used exclusively for serving the REST API.
-#rest_thread_pool_size = 16
-# The size of the worker thread pool used exclusively for serving the REST API.
-#rest_worker_threads_max_pool_size = 16
-# Embedded Elasticsearch configuration file
-# pay attention to the working directory of the server, maybe use an absolute path here
-#elasticsearch_config_file = /etc/graylog/server/elasticsearch.yml
-# Graylog will use multiple indices to store documents in. You can configured the strategy it uses to determine
-# when to rotate the currently active write index.
-# It supports multiple rotation strategies:
-#   - "count" of messages per index, use elasticsearch_max_docs_per_index below to configure
-#   - "size" per index, use elasticsearch_max_size_per_index below to configure
-# valid values are "count", "size" and "time", default is "count"
-# Tachtler
-# default: rotation_strategy = count
-rotation_strategy = time
-# (Approximate) maximum number of documents in an Elasticsearch index before a new index
-# is being created, also see no_retention and elasticsearch_max_number_of_indices.
-# Configure this if you used 'rotation_strategy = count' above.
-# Tachtler
-# default: elasticsearch_max_docs_per_index = 20000000
-# elasticsearch_max_docs_per_index = 20000000
-# (Approximate) maximum size in bytes per Elasticsearch index on disk before a new index is being created, also see
-# no_retention and elasticsearch_max_number_of_indices. Default is 1GB.
-# Configure this if you used 'rotation_strategy = size' above.
-#elasticsearch_max_size_per_index = 1073741824
-# (Approximate) maximum time before a new Elasticsearch index is being created, also see
-# no_retention and elasticsearch_max_number_of_indices. Default is 1 day.
-# Configure this if you used 'rotation_strategy = time' above.
-# Please note that this rotation period does not look at the time specified in the received messages, but is
-# using the real clock value to decide when to rotate the index!
-# Specify the time using a duration and a suffix indicating which unit you want:
-#  1w  = 1 week
-#  1d  = 1 day
-#  12h = 12 hours
-# Permitted suffixes are: d for day, h for hour, m for minute, s for second.
-# Tachtler
-# default: #elasticsearch_max_time_per_index = 1d
-elasticsearch_max_time_per_index = 1d
-# Disable checking the version of Elasticsearch for being compatible with this Graylog release.
-# WARNING: Using Graylog with unsupported and untested versions of Elasticsearch may lead to data loss!
-#elasticsearch_disable_version_check = true
-# Disable message retention on this node, i. e. disable Elasticsearch index rotation.
-#no_retention = false
-# How many indices do you want to keep?
-# Tachtler
-# default: elasticsearch_max_number_of_indices = 20
-elasticsearch_max_number_of_indices = 14
-# Decide what happens with the oldest indices when the maximum number of indices is reached.
-# The following strategies are availble:
-#   - delete # Deletes the index completely (Default)
-#   - close # Closes the index and hides it from the system. Can be re-opened later.
-retention_strategy = delete
-# How many Elasticsearch shards and replicas should be used per index? Note that this only applies to newly created indices.
-# Tachtler
-# default: elasticsearch_shards = 4
-elasticsearch_shards = 1
-elasticsearch_replicas = 0
-# Prefix for all Elasticsearch indices and index aliases managed by Graylog.
-# Tachtler
-# default: elasticsearch_index_prefix = graylog2
-elasticsearch_index_prefix = graylog
-# Do you want to allow searches with leading wildcards? This can be extremely resource hungry and should only
-# be enabled with care. See also: https://www.graylog.org/documentation/general/queries/
-allow_leading_wildcard_searches = false
-# Do you want to allow searches to be highlighted? Depending on the size of your messages this can be memory hungry and
-# should only be enabled after making sure your Elasticsearch cluster has enough memory.
-allow_highlighting = false
-# settings to be passed to elasticsearch's client (overriding those in the provided elasticsearch_config_file)
-# all these
-# this must be the same as for your Elasticsearch cluster
-# Tachtler
-# default: #elasticsearch_cluster_name = graylog2
-elasticsearch_cluster_name = graylog
-# you could also leave this out, but makes it easier to identify the graylog2 client instance
-# Tachtler
-# default: #elasticsearch_node_name = graylog2-server
-elasticsearch_node_name = graylog-server
-# we don't want the graylog2 server to store any data, or be master node
-#elasticsearch_node_master = false
-#elasticsearch_node_data = false
-# use a different port if you run multiple Elasticsearch nodes on one machine
-#elasticsearch_transport_tcp_port = 9350
-# we don't need to run the embedded HTTP server here
-# Tachtler
-# default: #elasticsearch_http_enabled = false
-elasticsearch_http_enabled = false
-# Tachtler
-# default: #elasticsearch_discovery_zen_ping_multicast_enabled = false
-elasticsearch_discovery_zen_ping_multicast_enabled = false
-# Tachtler
-# default: #elasticsearch_discovery_zen_ping_unicast_hosts = 127.0.0.1:9300
-elasticsearch_discovery_zen_ping_unicast_hosts = 127.0.0.1:9300
-# Change the following setting if you are running into problems with timeouts during Elasticsearch cluster discovery.
-# The setting is specified in milliseconds, the default is 5000ms (5 seconds).
-#elasticsearch_cluster_discovery_timeout = 5000
-# the following settings allow to change the bind addresses for the Elasticsearch client in graylog2
-# these settings are empty by default, letting Elasticsearch choose automatically,
-# override them here or in the 'elasticsearch_config_file' if you need to bind to a special address
-# refer to http://www.elasticsearch.org/guide/en/elasticsearch/reference/0.90/modules-network.html
-# for special values here
-#elasticsearch_network_host =
-#elasticsearch_network_bind_host =
-#elasticsearch_network_publish_host =
-# The total amount of time discovery will look for other Elasticsearch nodes in the cluster
-# before giving up and declaring the current node master.
-#elasticsearch_discovery_initial_state_timeout = 3s
-# Analyzer (tokenizer) to use for message and full_message field. The "standard" filter usually is a good idea.
-# All supported analyzers are: standard, simple, whitespace, stop, keyword, pattern, language, snowball, custom
-# Elasticsearch documentation: http://www.elasticsearch.org/guide/reference/index-modules/analysis/
-# Note that this setting only takes effect on newly created indices.
-elasticsearch_analyzer = standard
-# Global request timeout for Elasticsearch requests (e. g. during search, index creation, or index time-range
-# calculations) based on a best-effort to restrict the runtime of Elasticsearch operations.
-# Default: 1m
-#elasticsearch_request_timeout = 1m
-# Batch size for the Elasticsearch output. This is the maximum (!) number of messages the Elasticsearch output
-# module will get at once and write to Elasticsearch in a batch call. If the configured batch size has not been
-# reached within output_flush_interval seconds, everything that is available will be flushed at once. Remember
-# that every outputbuffer processor manages its own batch and performs its own batch write calls.
-# ("outputbuffer_processors" variable)
-output_batch_size = 500
-# Flush interval (in seconds) for the Elasticsearch output. This is the maximum amount of time between two
-# batches of messages written to Elasticsearch. It is only effective at all if your minimum number of messages
-# for this time period is less than output_batch_size * outputbuffer_processors.
-output_flush_interval = 1
-# As stream outputs are loaded only on demand, an output which is failing to initialize will be tried over and
-# over again. To prevent this, the following configuration options define after how many faults an output will
-# not be tried again for an also configurable amount of seconds.
-output_fault_count_threshold = 5
-output_fault_penalty_seconds = 30
-# The number of parallel running processors.
-# Raise this number if your buffers are filling up.
-processbuffer_processors = 5
-outputbuffer_processors = 3
-#outputbuffer_processor_keep_alive_time = 5000
-#outputbuffer_processor_threads_core_pool_size = 3
-#outputbuffer_processor_threads_max_pool_size = 30
-# UDP receive buffer size for all message inputs (e. g. SyslogUDPInput).
-#udp_recvbuffer_sizes = 1048576
-# Wait strategy describing how buffer processors wait on a cursor sequence. (default: sleeping)
-# Possible types:
-#  - yielding
-#     Compromise between performance and CPU usage.
-#  - sleeping
-#     Compromise between performance and CPU usage. Latency spikes can occur after quiet periods.
-#  - blocking
-#     High throughput, low latency, higher CPU usage.
-#  - busy_spinning
-#     Avoids syscalls which could introduce latency jitter. Best when threads can be bound to specific CPU cores.
-processor_wait_strategy = blocking
-# Size of internal ring buffers. Raise this if raising outputbuffer_processors does not help anymore.
-# For optimum performance your LogMessage objects in the ring buffer should fit in your CPU L3 cache.
-# Start server with --statistics flag to see buffer utilization.
-# Must be a power of 2. (512, 1024, 2048, ...)
-ring_size = 65536
-inputbuffer_ring_size = 65536
-inputbuffer_processors = 2
-inputbuffer_wait_strategy = blocking
-# Enable the disk based message journal.
-message_journal_enabled = true
-# The directory which will be used to store the message journal. The directory must me exclusively used by Graylog and
-# must not contain any other files than the ones created by Graylog itself.
-message_journal_dir = /var/lib/graylog-server/journal
-# Journal hold messages before they could be written to Elasticsearch.
-# For a maximum of 12 hours or 5 GB whichever happens first.
-# During normal operation the journal will be smaller.
-#message_journal_max_age = 12h
-#message_journal_max_size = 5gb
-#message_journal_flush_age = 1m
-#message_journal_flush_interval = 1000000
-#message_journal_segment_age = 1h
-#message_journal_segment_size = 100mb
-# Number of threads used exclusively for dispatching internal events. Default is 2.
-#async_eventbus_processors = 2
-# EXPERIMENTAL: Dead Letters
-# Every failed indexing attempt is logged by default and made visible in the web-interface. You can enable
-# the experimental dead letters feature to write every message that was not successfully indexed into the
-# MongoDB "dead_letters" collection to make sure that you never lose a message. The actual writing of dead
-# letter should work fine already but it is not heavily tested yet and will get more features in future
-# releases.
-dead_letters_enabled = false
-# How many seconds to wait between marking node as DEAD for possible load balancers and starting the actual
-# shutdown process. Set to 0 if you have no status checking load balancers in front.
-lb_recognition_period_seconds = 3
-# Every message is matched against the configured streams and it can happen that a stream contains rules which
-# take an unusual amount of time to run, for example if its using regular expressions that perform excessive backtracking.
-# This will impact the processing of the entire server. To keep such misbehaving stream rules from impacting other
-# streams, Graylog limits the execution time for each stream.
-# The default values are noted below, the timeout is in milliseconds.
-# If the stream matching for one stream took longer than the timeout value, and this happened more than "max_faults" times
-# that stream is disabled and a notification is shown in the web interface.
-#stream_processing_timeout = 2000
-#stream_processing_max_faults = 3
-# Length of the interval in seconds in which the alert conditions for all streams should be checked
-# and alarms are being sent.
-#alert_check_interval = 60
-# Since 0.21 the graylog2 server supports pluggable output modules. This means a single message can be written to multiple
-# outputs. The next setting defines the timeout for a single output module, including the default output module where all
-# messages end up.
-#
-# Time in milliseconds to wait for all message outputs to finish writing a single message.
-#output_module_timeout = 10000
-# Time in milliseconds after which a detected stale master node is being rechecked on startup.
-#stale_master_timeout = 2000
-# Time in milliseconds which Graylog is waiting for all threads to stop on shutdown.
-#shutdown_timeout = 30000
-# MongoDB connection string
-# See http://docs.mongodb.org/manual/reference/connection-string/ for details
-# Tachtler
-# default: mongodb_uri = mongodb://localhost/graylog2
-# Authenticate against the MongoDB server
-# Tachtler
-# default: #mongodb_uri = mongodb://grayloguser:secret@localhost:27017/graylog2
-mongodb_uri = mongodb://grayloguser:geheim@localhost:27017/graylog
-# Use a replica set instead of a single host
-#mongodb_uri = mongodb://grayloguser:secret@localhost:27017,localhost:27018,localhost:27019/graylog2
-# Increase this value according to the maximum connections your MongoDB server can handle from a single client
-# if you encounter MongoDB connection problems.
-mongodb_max_connections = 100
-# Number of threads allowed to be blocked by MongoDB connections multiplier. Default: 5
-# If mongodb_max_connections is 100, and mongodb_threads_allowed_to_block_multiplier is 5,
-# then 500 threads can block. More than that and an exception will be thrown.
-# http://api.mongodb.org/java/current/com/mongodb/MongoOptions.html#threadsAllowedToBlockForConnectionMultiplier
-mongodb_threads_allowed_to_block_multiplier = 5
-# Drools Rule File (Use to rewrite incoming log messages)
-# See: https://www.graylog.org/documentation/general/rewriting/
-#rules_file = /etc/graylog/server/rules.drl
-# Email transport
-# Tachtler
-# default: #transport_email_enabled = false
-transport_email_enabled = true
-# Tachtler
-# default: #transport_email_hostname = mail.example.com
-transport_email_hostname = localhost
-# Tachtler
-# default: #transport_email_port = 587
-transport_email_port = 25
-# Tachtler
-# default: #transport_email_use_auth = true
-transport_email_use_auth = false
-# Tachtler
-# default: #transport_email_use_tls = true
-transport_email_use_tls = true
-# Tachtler
-# default: #transport_email_use_ssl = true
-transport_email_use_ssl = false
-#transport_email_auth_username = you@example.com
-#transport_email_auth_password = secret
-# Tachtler
-# default: #transport_email_subject_prefix = [graylog2]
-transport_email_subject_prefix = [graylog]
-# Tachtler
-# default: #transport_email_from_email = graylog2@example.com
-transport_email_from_email = graylog@tachtler.net
-# Specify and uncomment this if you want to include links to the stream in your stream alert mails.
-# This should define the fully qualified base url to your web interface exactly the same way as it is accessed by your users.
-# Tachtler
-# defautl: #transport_email_web_interface_url = https://graylog2.example.com
-transport_email_web_interface_url = https://graylog.tachtler.net
-# The default connect timeout for outgoing HTTP connections.
-# Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds).
-# Default: 5s
-#http_connect_timeout = 5s
-# The default read timeout for outgoing HTTP connections.
-# Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds).
-# Default: 10s
-#http_read_timeout = 10s
-# The default write timeout for outgoing HTTP connections.
-# Values must be a positive duration (and between 1 and 2147483647 when converted to milliseconds).
-# Default: 10s
-#http_write_timeout = 10s
-# HTTP proxy for outgoing HTTP connections
-#http_proxy_uri =
-# Disable the optimization of Elasticsearch indices after index cycling. This may take some load from Elasticsearch
-# on heavily used systems with large indices, but it will decrease search performance. The default is to optimize
-# cycled indices.
-#disable_index_optimization = true
-# Optimize the index down to <= index_optimization_max_num_segments. A higher number may take some load from Elasticsearch
-# on heavily used systems with large indices, but it will decrease search performance. The default is 1.
-#index_optimization_max_num_segments = 1
-# The threshold of the garbage collection runs. If GC runs take longer than this threshold, a system notification
-# will be generated to warn the administrator about possible problems with the system. Default is 1 second.
-#gc_warning_threshold = 1s
-# Connection timeout for a configured LDAP server (e. g. ActiveDirectory) in milliseconds.
-#ldap_connection_timeout = 2000
-# Enable collection of Graylog-related metrics into MongoDB
-# WARNING: This will add *a lot* of data into your MongoDB database on a regular interval (1 second)!
-# DEPRECATED: This setting and the respective feature will be removed in a future version of Graylog.
-#enable_metrics_collection = false
-# Disable the use of SIGAR for collecting system stats
-#disable_sigar = false
-# Amount of time of inactivity after which collectors are flagged as inactive (Default: 1 minute)
-#collector_inactive_threshold = 1m
-# Amount of time after which inactive collectors are purged (Default: 14 days)
-#collector_expiration_threshold = 14d
-# The default cache time for dashboard widgets. (Default: 10 seconds, minimum: 1 second)
-#dashboard_widget_default_cache_time = 10s
-</code>
-**__Nachfolgende Einstellungen wurden durchgeführt__**:
-  * <code ini>password_secret = uKyAHSUuCW4tUNUfX3XyaoxZQPeXXdS76MPn0KBxeZs7D1xXwTSoD7506oQwu9uISrcpBklodlXuswXMTZtwKEz5HM2zzGZL</code>
-Der Passwort-Hash dient als Referenz zur Verschlüsselung von Passwörtern der Benutzer. Der Passwort-Hash wurde mit Hilfe des nachfolgenden Befehls erstellt:
-<code>
-# pwgen -N 1 -s 96
-uKyAHSUuCW4tUNUfX3XyaoxZQPeXXdS76MPn0KBxeZs7D1xXwTSoD7506oQwu9uISrcpBklodlXuswXMTZtwKEz5HM2zzGZL
-</code>
-  * <code ini>root_username = administrator</code>
-Setzen des Benutzernamens für den Benutzer mit Administratoren Rechten.
-  * <code ini>root_password_sha2 = addb0f5e7826c857d7376d1bd9bc33c0c544790a2eac96144a8af22b1298c940</code>
-Der Passwort-Hash ist das Passwort für den Benutzer mit Administratoren Rechten. Der Passwort-Hash wurde mit Hilfe des nachfolgenden Befehls erstellt:
-<code>
-# echo -n geheim | sha256sum
-addb0f5e7826c857d7376d1bd9bc33c0c544790a2eac96144a8af22b1298c940
-</code>
-  * <code ini>root_email = "administrator@tachtler.net"</code>
-E-Mail-Adresse des Benutzers mit den Administratoren Rechten.
-  * <code ini>root_timezone = Europe/Berlin</code>
-Anpassen der Zeitzone für den Benutzer mit Administratoren Rechten. Eine Liste möglicher Einstellungen kann unter nachfolgendem externen Link eingesehen werden:
-  * [[http://www.joda.org/joda-time/timezones.html|Joda Time - Available Time Zones]]
-  * <code ini>rest_listen_uri = http://0.0.0.0:12900/</code>
-URI welche auf allen IP-Adressen des Servers lauschen soll, damit auch von außerhalb des Servers ein Zugriff (z.B. über einen Browser) möglich ist.
-  * <code ini>rest_transport_uri = http://192.168.0.110:12900/</code>
-URI welche als Anzeige hinter einem Proxy verwendet wird. Dies ist erforderlich, da sonst kein Zugriff von einem Browser außerhalb des Servers möglich wäre.
-  * <code ini>rest_enable_cors = true</code>
-Aktiviert die Auslieferung von "CORS Headers" für die REST API. Dies ist erforderlich wen JavaScript-Clients wie moderne Browser den Server direkt erreichen wollen.
-  * <code ini>rest_enable_cors = true</code>
-Aktiviert die Auslieferung von Daten in komprimierter Form, um die Laufzeit der Anfragen zu verringern.
-  * <code ini>rotation_strategy = time</code>
-**Änderung der Rotations-Strategie** des Such-Servers [[https://www.elastic.co/de/|Elasticsearch]] vom Standard ''count'' (Anzahl der Einträge) auf **''time''** (zeitliche Abgrenzung der Index-Datei).
-  * <code ini># elasticsearch_max_docs_per_index = 20000000</code>
-**Deaktivieren** der maximalen Anzahl an Dokumenten pro Index-Datei des Such-Servers [[https://www.elastic.co/de/|Elasticsearch]], da hier die **Rotations-Strategie** von Standard ''count'' (Anzahl der Einträge) auf **''time''** (zeitliche Abgrenzung der Index-Datei) abgeändert wurde!
-  * <code ini>elasticsearch_max_time_per_index = 1d</code>
-**Aktivieren** des maximalen Zeitintervalls der Index-Datei des Such-Servers [[https://www.elastic.co/de/|Elasticsearch]] (hier **1 Tag**), da hier die **Rotations-Strategie** von Standard ''count'' (Anzahl der Einträge) auf **''time''** (zeitliche Abgrenzung der Index-Datei) abgeändert wurde!
-  * <code ini>elasticsearch_max_number_of_indices = 14</code>
-**Maximale Anzahl** der Index-Dateien des Such-Servers [[https://www.elastic.co/de/|Elasticsearch]] (hier **14 Tage pro Index-Datei = 14 Index-Dateien**). Da hier die **Rotations-Strategie** von Standard ''count'' (Anzahl der Einträge) auf **''time''** (zeitliche Abgrenzung der Index-Datei) abgeändert wurde!
-  * <code ini>elasticsearch_shards = 1</code>
-Anzahl der **''shards''**, welchen der Anzahl der [[https://www.elastic.co/de/|Elasticsearch]] Such-Server entsprechen sollte.
-  * <code ini>elasticsearch_index_prefix = graylog</code>
-**Prefix**, welcher für alle [[https://www.elastic.co/de/|Elasticsearch]] Such-Server gelten soll, welche durch den [[https://www.graylog.org/|Graylog]]-Server verwaltet werden sollen.
-  * <code ini>elasticsearch_cluster_name = graylog</code>
-**Name** des [[https://www.elastic.co/de/|Elasticsearch]] Such-Servers welcher mit dem Namen in der Konfigurationsdatei des [[https://www.elastic.co/de/|Elasticsearch]] Such-Server - **''/etc/elasticsearch/elasticsearch.yml''** **übereinstimmen __muss__!**
-  * <code>elasticsearch_node_name = graylog-server</code>
-**Name** des [[https://www.elastic.co/de/|Elasticsearch]] Client-Instanz welcher mit dem Namen in der Konfigurationsdatei des [[https://www.elastic.co/de/|Elasticsearch]] Such-Server - **''/etc/elasticsearch/elasticsearch.yml''** **übereinstimmen __muss__!**
-  * <code ini>elasticsearch_http_enabled = false</code>
-**Deaktivieren** eines möglichen **embedded** [[https://www.elastic.co/de/|Elasticsearch]] Such-Servers.
-  * <code ini>elasticsearch_discovery_zen_ping_multicast_enabled = false</code>
-**Deaktivieren** des ''ping'''en via **Multicast** über die IP-Adresse 224.0.0.0. Dafür soll nachfolgend eine **Unicast** IP-Adresse 127.0.0.1 und der Port 9300 verwendet werden!
-  * <code ini>elasticsearch_discovery_zen_ping_unicast_hosts = 127.0.0.1:9300</code>
-**Aktivieren** der Verwendung einer **Unicast** IP-Adresse 127.0.0.1 und des Ports 9300 **anstelle** von **Multicast** über die IP-Adresse 224.0.0.0.
-  * <code ini># mongodb_uri = mongodb://localhost/graylog2</code>
-Verbindungs-URI zum [[https://www.mongodb.com/de|MongoDB]] Datenbank-Server, welche **__keinen__ Benutzernamen** und **__kein__ Passwort** benötigt - **__DEAKTIVIEREN__**!
-  * <code ini>mongodb_uri = mongodb://grayloguser:geheim@localhost:27017/graylog</code>
-Verbindungs-URI zum [[https://www.mongodb.com/de|MongoDB]] Datenbank-Server, welche **__einen__ Benutzernamen** und **__ein__ Passwort** benötigt - **__AKTIVIEREN__** und die Datenbank von ''graylog2'' auf **''graylog''** abändern!
-  * <code ini>transport_email_web_interface_url = http://graylog.tachtler.net</code>
-Definition einer URL, welche in e-Mails zur Generierung von URI's zur Verlinkung auf Inhalte herangezogen werden soll.
-==== graylog-server: Erster Start ====
-Danach kann der **graylog-server**-Server mit nachfolgendem Befehle gestartet werden:
-<code>
-# systemctl start graylog-server
-</code>
-Mit nachfolgendem Befehl kann der Status des [[https://www.graylog.org/|Graylog]]-Servers abgefragt werden:
-<code>
-# systemctl status graylog-server
-graylog-server.service - Graylog server
-   Loaded: loaded (/usr/lib/systemd/system/graylog-server.service; enabled)
-   Active: active (running) since Tue 2015-11-03 16:32:58 CET; 4s ago
-     Docs: http://docs.graylog.org/
- Main PID: 13052 (graylog-server)
-   CGroup: /system.slice/graylog-server.service
-           ├─13052 /bin/sh /usr/share/graylog-server/bin/graylog-server
-           └─13053 /usr/bin/java -Xms1g -Xmx1g -XX:NewRatio=1 -server -XX:+Re...
-Nov 03 16:32:58 server11.idmz.tachtler.net systemd[1]: Started Graylog server.
-</code>
-==== graylog-server: Test ====
-Nachfolgende LOG-Datei-Zeile sollte am Ende der LOG-Datei
-  * ''/var/log/graylog-server/server.log''
-erscheinen, womit sichergestellt ist, dass der Server korrekt funktioniert:
-<code>
--11-03T16:17:45.913+01:00 INFO  [ServerBootstrap] Graylog server up and running.
-</code>
-===== Konfiguration: graylog-web =====
-==== /etc/sysconfig/graylog-web ====
-Nachfolgende Konfigurationsdatei enthält die Startparameter für die JAVA virtuelle Maschine des  [[https://www.graylog.org/|Graylog]]-Web-Servers:
-  * ''/etc/sysconfig/graylog-web''
-:!: **HINWEIS** - **Es sind keine Anpassungen erforderlich!**
-(**Komplette Konfigurationsdatei**):
-<code bash>
-# Path to the java executable.
-JAVA=/usr/bin/java
-# HTTP server settings.
-GRAYLOG_WEB_HTTP_ADDRESS="0.0.0.0"
-GRAYLOG_WEB_HTTP_PORT="9000"
-# Might be used to adjust the Java heap size. (i.e. "-Xms1024m -Xmx2048m")
-GRAYLOG_WEB_JAVA_OPTS=""
-# Pass some extra args to graylog-web. (i.e. "-d" to enable debug mode)
-GRAYLOG_WEB_ARGS=""
-# Program that will be used to wrap the graylog-web command. Useful to
-# support programs like authbind.
-GRAYLOG_COMMAND_WRAPPER=""
-</code>
-:!: **WICHTIG** - Eine Änderung des Ports auf dem der [[https://www.graylog.org/|Graylog]]-Web-Server erreichbar ist von Port 9000 auf einen anderen Port, durch den Parameter **''GRAYLOG_WEB_HTTP_PORT''** in der Konfiguration, ist **__nur__** auf **__unprivilegierte__ Ports** möglich, da der [[https://www.graylog.org/|Graylog]]-Web-Server **__ohne__** ''root''-Benutzerrechte gestartet wird (Ports **__größer__ als 1024**).
-==== /etc/graylog/web/web.conf ====
-Nachfolgende Konfigurationsdatei ist die **Hauptkonfigurationsdatei** des [[https://www.graylog.org/|Graylog]]-Web-Servers:
-  * ''/etc/graylog/web/web.conf''
-Nachfolgende Anpassungen sind erforderlich, damit der [[https://www.graylog.org/|Graylog]]-Web-Server lauffähig ist:
-(**Komplette Konfigurationsdatei**):
-<code ini>
-# graylog2-server REST URIs (one or more, comma separated) For example: "http://127.0.0.1:12900/,http://127.0.0.1:12910/"
-# Tachtler
-# default: graylog2-server.uris=""
-graylog2-server.uris="http://127.0.0.1:12900"
-# Learn how to configure custom logging in the documentation:
-#    http://docs.graylog.org/en/latest/pages/installation.html#manual-setup-graylog-web-interface-on-linux
-# Secret key
-# ~~~~~
-# The secret key is used to secure cryptographics functions. Set this to a long and randomly generated string.
-# If you deploy your application to several instances be sure to use the same key!
-# Generate for example with: pwgen -N 1 -s 96
-# Tachtler
-# default: application.secret=""
-application.secret="0JO657guKnJQeGpDgAzsmLT5e7h5D2tRzIwhvKMXUmIOWxDmwLORGN9zRJddX7WhqLNufOL3PzAvchjZKzJbuz7AheVUgtnG"
-# Web interface timezone
-# Graylog stores all timestamps in UTC. To properly display times, set the default timezone of the interface.
-# If you leave this out, Graylog will pick your system default as the timezone. Usually you will want to configure it explicitly.
-# Tachtler
-# default: timezone="Europe/Berlin"
-timezone="Europe/Berlin"
-# Message field limit
-# Your web interface can cause high load in your browser when you have a lot of different message fields. The default
-# limit of message fields is 100. Set it to 0 if you always want to get all fields. They are for example used in the
-# search result sidebar or for autocompletion of field names.
-field_list_limit=100
-# Use this to run Graylog with a path prefix
-#application.context=/graylog2
-# You usually do not want to change this.
-application.global=lib.Global
-# Global timeout for communication with Graylog server nodes; default: 5s
-#timeout.DEFAULT=5s
-# Accept any server certificate without checking for validity; required if using self-signed certificates.
-# Default: true
-# graylog2.client.accept-any-certificate=true
-</code>
-**__Nachfolgende Einstellungen wurden durchgeführt__**:
-  * <code ini>graylog2-server.uris="http://127.0.0.1:12900"</code>
-Angabe der URI, unter der der [[https://www.graylog.org/|Graylog]]-**Server** erreichbar ist!
-  * <code ini>application.secret="0JO657guKnJQeGpDgAzsmLT5e7h5D2tRzIwhvKMXUmIOWxDmwLORGN9zRJddX7WhqLNufOL3PzAvchjZKzJbuz7AheVUgtnG"</code>
-Der Passwort-Hash dient als Referenz für den einsatz von kryptografischen Funktionen. Der Passwort-Hash wurde mit Hilfe des nachfolgenden Befehls erstellt:
-<code>
-# pwgen -N 1 -s 96
-JO657guKnJQeGpDgAzsmLT5e7h5D2tRzIwhvKMXUmIOWxDmwLORGN9zRJddX7WhqLNufOL3PzAvchjZKzJbuz7AheVUgtnG
-</code>
-  * <code ini>timezone="Europe/Berlin"</code>
-Setzen der Zeitzone. Eine Liste möglicher Einstellungen kann unter nachfolgendem externen Link eingesehen werden:
-  * [[http://www.joda.org/joda-time/timezones.html|Joda Time - Available Time Zones]]
-==== graylog-web: Erster Start ====
-Danach kann der **graylog-web**-Server mit nachfolgendem Befehle gestartet werden:
-<code>
-# systemctl start graylog-web
-</code>
-Mit nachfolgendem Befehl kann der Status des [[https://www.graylog.org/|Graylog]]-Web-Servers abgefragt werden:
-<code>
-# systemctl status graylog-web
-graylog-web.service - Graylog web interface
-   Loaded: loaded (/usr/lib/systemd/system/graylog-web.service; enabled)
-   Active: active (running) since Wed 2015-11-04 09:13:01 CET; 5s ago
-     Docs: http://docs.graylog.org/
- Main PID: 21727 (graylog-web)
-   CGroup: /system.slice/graylog-web.service
-           ├─21727 /bin/sh /usr/share/graylog-web/bin/graylog-web
-           └─21728 java -Xms1024m -Xmx1024m -XX:ReservedCodeCacheSize=128m -D...
-Nov 04 09:13:01 server11.idmz.tachtler.net systemd[1]: Starting Graylog web i...
-Nov 04 09:13:01 server11.idmz.tachtler.net systemd[1]: Started Graylog web in...
-Nov 04 09:13:02 server11.idmz.tachtler.net graylog-web[21727]: Play server pr...
-Hint: Some lines were ellipsized, use -l to show in full.
-</code>
-==== graylog-web: Test ====
-Durch Aufruf der URL des [[https://www.graylog.org/|Graylog]]-Web-Servers
-  * [[http://graylog.tachtler.net:9000]]
-sollte nachfolgende Ausgabe im Browser erscheinen:
-{{:tachtler:graylog:graylog-web_login.png|Graylog Web-Server Sign in}}
-==== graylog-web: iptables Regel ======
-Damit der [[https://www.graylog.org/|Graylog]]-Web-Servers auch erreichbar ist und nicht das Empfangen  der IP-Paket vom Paketfilter ''iptables'' blockiert wird, muss nachfolgende Regel zum ''iptables''-Regelwerk hinzugefügt werden.
-Um die aktuellen ''iptables''-Regeln erweitern zu können, sollten diese erst einmal aufgelistet werden, was mit nachfolgendem Befehl durchgeführt werden kann:
-<code>
-# iptables -L -nv --line-numbers
-Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
-num   pkts bytes target     prot opt in     out     source               destination
-        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
-        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
-        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
-        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
-        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
-Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
-num   pkts bytes target     prot opt in     out     source               destination
-        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
-Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
-num   pkts bytes target     prot opt in     out     source               destination
-</code>
-Nachfolgender Befehl, fügt folgende ''iptables''-Regeln dem ''iptables''-Regelwerk nach der **Position 4** hinzu, ohne das der Paketfilter angehalten werden muss:
-  * <code>-A INPUT -p tcp --dport 80 -j ACCEPT</code>
-  * <code>-A INPUT -p tcp --dport 443 -j ACCEPT</code>
-und hier der Befehl:
-<code>
-# iptables -I INPUT 5 -p tcp --dport 80 -j ACCEPT
-# iptables -I INPUT 6 -p tcp --dport 443 -j ACCEPT
-</code>
-Ein erneute Abfrage des ''iptables''-Regelwerts, sollte dann nachfolgend dargestellte Ausgabe ergeben, was mit folgendem Befehl durchgeführt werden kann:
-<code>
-# iptables -L -nv --line-numbers
-Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
-num   pkts bytes target     prot opt in     out     source               destination
-        0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
-        0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
-        0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
-        0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
-        0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80 state NEW
-        0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:443 state NEW
-state NEW
-        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
-Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
-num   pkts bytes target     prot opt in     out     source               destination
-        0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
-Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
-num   pkts bytes target     prot opt in     out     source               destination
-</code>
-Die neuen Zeilen sind an **Position 5 (INPUT)** bis **Position 6 (INPUT)** zu sehen, hier nachfolgend zur Verdeutlichung noch einmal dargestellt (**nur relevanter Ausschnitt**):
-<code>
-...
-        0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0        tcp dpt:80 state NEW
-        0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0        tcp dpt:443 state NEW
-...
-</code>
-Um diese ''iptables''-Regel dauerhaft, auch nach einem Neustart des Server, weiterhin im ''iptables''-Regelwerk zu speichern, muss nachfolgend dargestellter Befehl abschließend noch ausgeführt werden:
-<code>
-# /usr/sbin/iptables-save > /etc/sysconfig/iptables
-</code>
-==== graylog-web: iptables-DNAT-Regel ====
-Damit [[https://www.graylog.org/|Graylog]] in der Lage ist ''syslog''-Meldungen entgegen zu nehmen, ist es erforderlich **Inputs** zu definieren. Dies soll nachfolgend an einem Beispiel für die Einlieferung von ''syslog''-Meldungen via
-  * **UDP** (Standard)
-  * **Port: ''514'' bzw. ''10514''**
-oder
-  * **TCP** (TLS-Verschlüsselung)
-  * **Port: ''514'' bzw. ''10514''**
-durchgeführt werden.
-:!: **WICHTIG** - **Grundsätzlich wird der [[https://www.graylog.org/|Graylog]]-Server unter dem Benutzer graylog gestartet, so das der [[https://www.graylog.org/|Graylog]]-Server sich __nicht__ an Ports, ''< 1024'' binden kann!**
-Aufgrund der Tatsache, das der [[https://www.graylog.org/|Graylog]]-Server sich __nicht__ an Ports, ''< 1024'' binden kann, muss **Inputs** auf **Port: ''10514''** lauschen.
-Da sich einige Router oder Switche jedoch **__nicht__** so konfigurieren lassen, das diese auf einem anderen Port als ''514'' einliefern, soll hier eine **''iptables''**-DNAT-Regeln (Destination NAT) dazu genutzt werden, die Einlieferung auf Port ''514'' auf dem Server auftreffen zu lassen, jedoch diese dann auf Port ''10514'' weiterzuleiten.
-Dazu ist nachfolgende **''iptables''**-DNAT-Regel (Destination NAT) erforderlich welche mit nachfolgendem Befehl (im laufenden Betrieb) erstellt werden kann:
-**__UDP__**:
-<code>
-# iptables -t nat -A PREROUTING -i eth0 -p udp -m udp -d 192.168.0.110 --dport 514 -j DNAT --to-destination :10514
-</code>
-**__TCP__**:
-<code>
-# iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp -d 192.168.0.110 --dport 514 -j DNAT --to-destination :10514
-</code>
-Eine Überprüfung, ob die Regel auch korrekt von **''ipatbles''** übernommen wurden, kann mit nachfolgendem Befehl durchgeführt werden:
-<code>
-# iptables --line-numbers -t nat -nvL PREROUTING
-Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
-num   pkts bytes target     prot opt in     out     source          destination
-        0     0 DNAT       udp  --  eth0   *       0.0.0.0/0       192.168.0.110      udp dpt:514 to::10514
-        0     0 DNAT       tcp  --  eth0   *       0.0.0.0/0       192.168.0.110      tcp dpt:514 to::10514
-</code>
-==== graylog-web: Syslog UDP ====
-Nachfolgend kann die Konfiguration des **Inputs** in der [[https://www.graylog.org/|Graylog]]-Web-Server Applikation durchgeführt werden und sollte eine Ausgabe, in etwa, wie die nachfolgende zum Vorschein bringen:
-{{:tachtler:graylog:graylog-web_inputs_syslog_udp.png|Graylog Web - Inputs - Syslog UDP}}
-===== Konfiguration: graylog: TLS-Absicherung =====
-Nachfolgende Konfiguration soll den Datenserver der LOG-Daten vom jeweils **lokalen** - [[http://www.rsyslog.com/|RSysLog]]-Dienst/Daemon zum [[https://www.graylog.org/|Graylog]]-Server via **TLS**-Verschlüsselung absichern, so das die Daten auf dem Weg vom Client zum Servern verschlüsselt übertragen werden.
-Des weiteren soll damit auch gewährleistet werden, das sich nur **autorisierte** [[http://www.rsyslog.com/|RSysLog]]-Clients mit dem [[https://www.graylog.org/|Graylog]]-Server verbinden dürfen.
-Um die beiden Punkte
-  * **Verschlüsselte** LOG-Datenübertragung und
-  * **Autorisierte** LOG-Datenübertragung
-realisieren zu können, ist es erforderlich entsprechend **Zertifikate** zu erstellen.
-Nachfolgende Zertifikate müssen dafür erstellt werden:
-:!: **HINWEIS** - **Es sollen ''self-signed-certifiacte'' aus einer ''eigenen CA'' erstellt werden!**
-Die Konfiguration beinhaltet
-  - Erstellen einer **eignen CA** - **''Graylog CA''**
-  - Erstellen eines **''self-signed''**-Zertifikats für den Server - **''Graylog Server''** (''vml70110.idmz.tachtler.net'')
-  - Erstellen eines **''self-signed''**-Zertifikats für den Client - **''Graylog Client''** z.B. (''vml70010.idmz.tachtler.net'')
-==== TLS: Eigene CA erstellen ====
-Nachfolgende Konfiguration erstellt eine **eigene CA**, aus der das **ROOT**-Zertifikat der CA erstellt wird, welche wiederum das **''Graylog Server''**-Zertifikate und die **''Graylog Client''**-Zertifikate hervorbringt.
-Dazu sollen mit nachfolgenden Befehl in nachfolgendem Verzeichnis
-  * ''/etc/pki/''
-die folgenden Verzeichnisse erstellt werden
-  * ''/etc/pki/graylog''
-  * ''/etc/pki/graylog/certs'' - Verzeichnis für alle Zertifikate
-  * ''/etc/pki/graylog/csrs'' - Verzeichnis für alle Zertifikats-Anträge
-  * ''/etc/pki/graylog/private'' - Verzeichnis für alle Schlüssel
-<code>
-# mkdir -p /etc/pki/graylog/{certs,csrs,private}
-</code>
-Ob die Verzeichnisse korrekt erstellt wurden, kann mit nachfolgendem Befehl überprüft werden:
-<code>
-# ll /etc/pki/graylog/*
-/etc/pki/graylog/certs:
-total 0
-/etc/pki/graylog/csrs:
-total 0
-/etc/pki/graylog/private:
-total 0
-</code>
-Jetzt müssen jeweils ein
-  * ''/etc/pki/graylog/private/graylog-ca-key.pem'' - **Zertifikats-Schlüssel (Certificate-Key)**
-  * ''/etc/pki/graylog/certs/graylog-ca-crt.pem'' - **ROOT-Zertifikat (Certificate)**
-mit nachfolgenden Befehlen erstellt werden:
-**__1. Schritt__**: Erstellung eines Schlüssel für die **eigene CA**, mit nachfolgendem Befehl:
-<code>
-# certtool --generate-privkey --bits=4096 --outfile /etc/pki/graylog/private/graylog-ca-key.pem
-** Note: Please use the --sec-param instead of --bits
-Generating a 4096 bit RSA private key...
-</code>
-* //Die Meldung ''%%**%% Note: Please use the --sec-param instead of --bits'' kann ignoriert werden!//
-**__2. Schritt__**: Erstellung eines **ROOT**-Zertifikats für die **eigene CA**, mit nachfolgendem Befehl:
-<code>
-# certtool --generate-self-signed --load-privkey /etc/pki/graylog/private/graylog-ca-key.pem --outfile /etc/pki/graylog/certs/graylog-ca-crt.pem
-Generating a self signed certificate...
-Please enter the details of the certificate's distinguished name. Just press enter to ignore a field.
-Common name: Graylog CA
-UID:
-Organizational unit name:
-Organization name: Klaus Tachtler
-Locality name: Muenchen (Munich)
-State or province name: Bayern (Bavaria)
-Country name (2 chars): DE
-Enter the subject's domain component (DC):
-This field should not be used in new certificates.
-E-mail: hostmaster@tachtler.net
-Enter the certificate's serial number in decimal (default: 6550208444173439064): 1
-Activation/Expiration time.
-The certificate will expire in (days): 3650
-Extensions.
-Does the certificate belong to an authority? (y/N): y
-Path length constraint (decimal, -1 for no constraint):
-Is this a TLS web client certificate? (y/N):
-Will the certificate be used for IPsec IKE operations? (y/N):
-Is this a TLS web server certificate? (y/N):
-Enter a dnsName of the subject of the certificate:
-Enter a URI of the subject of the certificate:
-Enter the IP address of the subject of the certificate:
-Enter the e-mail of the subject of the certificate: hostmaster@tachtler.net
-Will the certificate be used to sign OCSP requests? (y/N):
-Will the certificate be used to sign code? (y/N):
-Will the certificate be used for time stamping? (y/N):
-Will the certificate be used to sign other certificates? (y/N): y
-Will the certificate be used to sign CRLs? (y/N):
-Enter the URI of the CRL distribution point:
-X.509 Certificate Information:
-        Version: 3
-        Serial Number (hex): 01
-        Validity:
-                Not Before: Mon Apr 30 11:54:22 UTC 2018
-                Not After: Thu Apr 27 11:54:31 UTC 2028
-        Subject: CN=Graylog CA,O=Klaus Tachtler,L=Muenchen (Munich),ST=Bayern
-(Bavaria),C=DE,EMAIL=hostmaster@tachtler.net
-        Subject Public Key Algorithm: RSA
-        Algorithm Security Level: High (4096 bits)
-                Modulus (bits 4096):
-:ad:77:1c:60:f8:1a:c4:ae:5a:86:ce:fb:69:87:a3
-b:e9:c9:da:95:cd:ae:f2:78:86:be:bc:4e:69:81:75
-:bf:8c:40:12:79:2d:34:a9:fa:85:65:3c:e3:22:9c
-:23:f6:29:0e:69:71:26:1b:a2:ec:ff:d2:da:44:0d
-:d9:43:5e:8e:74:83:a4:bb:8f:e9:04:f9:7f:30:c7
-:29:a4:60:31:16:18:84:5f:2c:23:59:2b:0b:35:04
-                        a2:b9:1a:ce:1c:60:e4:44:f4:6f:b3:d2:a4:47:f9:b2
-a:4a:13:57:23:8c:2f:e1:fd:b7:2e:be:14:d8:15:ae
-f:3a:41:22:52:ff:44:ae:16:e9:30:fc:6d:e3:6a:ec
-:53:a5:17:ab:27:0b:84:e4:12:f4:af:41:f2:d4:68
-:35:f3:f4:8d:a9:69:75:4d:a9:59:b3:60:cd:f3:1e
-a:d8:3b:8e:49:e0:fc:0e:61:af:e2:8a:e9:0e:be:69
-                        f9:a6:5f:84:1c:bf:a4:4d:55:c2:57:46:a1:0c:3d:77
-                        f0:d5:db:d2:ee:bb:ac:0f:b1:3d:c6:90:1c:35:76:06
-                        c6:7b:0d:6f:13:31:84:7a:1e:c6:5f:d7:e1:4e:3d:2c
-                        a8:58:70:70:75:cc:2b:d2:78:43:12:2b:6c:5b:d5:80
-:73:54:c8:bd:46:c6:a0:af:df:90:82:92:1b:29:80
-:da:58:44:75:15:fc:c9:1b:6c:a8:db:4f:e9:06:0f
-:0c:05:13:38:07:e0:fe:1d:e6:66:92:c2:95:4c:8c
-                        bf:4d:4e:57:52:04:08:86:42:17:bc:81:a9:96:d2:56
-                        ec:4e:ab:35:a8:bf:eb:be:71:21:ca:ec:33:18:60:e8
-                        f9:a3:14:d1:77:6e:86:92:9b:77:40:3e:dc:31:e6:04
-b:c5:1e:6b:c5:3f:b3:bc:28:86:26:64:ef:c9:7b:78
-                        ef:fd:e6:43:4f:90:6e:b2:34:fc:4a:b0:2f:25:d7:54
-:ec:ac:28:9f:32:09:97:d4:19:23:86:35:95:ed:27
-                        ad:aa:c6:c5:e3:ee:d7:19:10:b9:1a:e0:10:fe:d4:ca
-                        cf:5e:9b:4b:35:f8:65:92:27:90:60:4a:1d:e1:a1:45
-                        ea:e3:fa:32:9f:29:70:22:62:9d:56:1e:92:1a:f2:fb
-                        c5:55:14:19:b0:3e:65:6e:fb:5b:35:e5:1a:1e:7f:3e
-                        ce:3e:b0:18:b3:89:ae:c4:41:b7:b7:53:dc:bc:5c:2d
-                        e9:b7:51:de:af:47:17:58:9a:d2:31:11:bd:a2:2d:5b
-:5c:f2:94:49:04:0e:bf:1f:c4:45:65:14:9b:6b:b4
-                        cd
-                Exponent (bits 24):
-:00:01
-        Extensions:
-                Basic Constraints (critical):
-                        Certificate Authority (CA): TRUE
-                Subject Alternative Name (not critical):
-                        RFC822Name: hostmaster@tachtler.net
-                Key Usage (critical):
-                        Certificate signing.
-                Subject Key Identifier (not critical):
-                        28584006a86a5f5cae8dcbea7d0af4e5d4d4e1fa
-Other Information:
-        Public Key ID:
-                28584006a86a5f5cae8dcbea7d0af4e5d4d4e1fa
-        Public key's random art:
-                +--[ RSA 4096]----+
-                |oo+        .     |
-                |.. .      o .    |
-                |.   .    . o     |
-                |.  o   oo .      |
-                |. ..o +oSo       |
-                |... .++.  .      |
-                |. ....+.   E     |
-                |   .+o o         |
-                |  .o.=+          |
-                +-----------------+
-Is the above information ok? (y/N): y
-Signing certificate...
-</code>
-**__Getätigte Eingaben__**:
-^ Einstellung                                                                      ^ Wert                  ^
-| Common name                                                                      | ''Graylog CA''        |
-| Organization name:                                                               | ''Klaus Tachtler''    |
-| Locality name:                                                                   | ''Muenchen (Munich)'' |
-| State or province name:                                                          | ''Bayern (Bavaria)''  |
-| Country name (2 chars):                                                          | ''DE''                |
-| E-mail:                                                                          | ''hostmaster@tachtler.net'' |
-| Enter the certificate's serial number in decimal (default: 6550212215547231934): | ''1''                 |
-| The certificate will expire in (days):                                           | ''3650''              |
-| Does the certificate belong to an authority? (y/N):                              | **''y''**             |
-| Enter the e-mail of the subject of the certificate:                              | ''hostmaster@tachtler.net'' |
-| Will the certificate be used to sign other certificates? (y/N):                  | **''y''**             |
-| Is the above information ok? (y/N):                                              | **''y''**             |
-Mit nachfolgendem Befehl kann nun überprüft werden, ob der **Schlüssel** und das **ROOT**-Zertifikat für die **eigene CA** erstellt wurden:
-<code>
-# ll /etc/pki/graylog/*
-/etc/pki/graylog/certs:
-total 4
--rw-r--r-- 1 root root 2175 Apr 30 14:09 graylog-ca-crt.pem
-/etc/pki/graylog/csrs:
-total 0
-/etc/pki/graylog/private:
-total 12
--rw------- 1 root root 10996 Apr 30 14:06 graylog-ca-key.pem
-</code>
-==== TLS: Server-Zertifikat erstellen ====
-Nachfolgende Befehle erstellen ein **''Graylog Server''**-Zertifikate aus der **eigenen CA**.
-Jetzt müssen jeweils ein
-  * ''/etc/pki/graylog/private/graylog-server-key.pem'' - **Zertifikats-Schlüssel (Certificate-Key)**
-  * ''/etc/pki/graylog/csrs/graylog-server-csr.pem'' - **Zertifikats-Antrag (Certificate-Request/CSR)**
-mit nachfolgenden Befehlen erstellt werden:
-**__1. Schritt__**: Erstellung eines Schlüssel für das **Graylog Server**-Zertifikat, mit nachfolgendem Befehl:
-<code>
-# certtool --generate-privkey --bits=4096 --outfile /etc/pki/graylog/private/graylog-server-key.pem
-** Note: Please use the --sec-param instead of --bits
-Generating a 4096 bit RSA private key...
-</code>
-* //Die Meldung ''%%**%% Note: Please use the --sec-param instead of --bits'' kann ignoriert werden!//
-**__2. Schritt__**: Erstellung eines **Zertifikats-Antrag (Request)**, für das **Graylog Server**-Zertifikat mit nachfolgendem Befehl:
-<code>
-# certtool --generate-request --load-privkey /etc/pki/graylog/private/graylog-server-key.pem --outfile /etc/pki/graylog/csrs/graylog-server-csr.pem
-Generating a PKCS #10 certificate request...
-Common name: vml70110.idmz.tachtler.net
-Organizational unit name:
-Organization name: Klaus Tachtler
-Locality name: Muenchen (Munich)
-State or province name: Bayern (Bavaria)
-Country name (2 chars): DE
-Enter the subject's domain component (DC):
-UID:
-Enter a dnsName of the subject of the certificate:
-Enter a URI of the subject of the certificate: vml70110.edmz.tachtler.net
-Enter a URI of the subject of the certificate:
-Enter the IP address of the subject of the certificate:
-Enter the e-mail of the subject of the certificate: hostmaster@tachtler.net
-Enter a challenge password:
-Does the certificate belong to an authority? (y/N): n
-Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? (Y/n):
-Will the certificate be used for encryption (RSA ciphersuites)? (Y/n):
-Will the certificate be used to sign code? (y/N):
-Will the certificate be used for time stamping? (y/N):
-Will the certificate be used for IPsec IKE operations? (y/N):
-Will the certificate be used to sign OCSP requests? (y/N):
-Is this a TLS web client certificate? (y/N): y
-Is this a TLS web server certificate? (y/N): y
-</code>
-**__Getätigte Eingaben__**:
-^ Einstellung                                                                      ^ Wert                  ^
-| Common name                                                                      | ''vml70110.idmz.tachtler.net'' |
-| Organization name:                                                               | ''Klaus Tachtler''    |
-| Locality name:                                                                   | ''Muenchen (Munich)'' |
-| State or province name:                                                          | ''Bayern (Bavaria)''  |
-| Country name (2 chars):                                                          | ''DE''                |
-| Enter a URI of the subject of the certificate:                                   | ''vml70110.edmz.tachtler.net '' |
-| Enter the e-mail of the subject of the certificate:                              | ''hostmaster@tachtler.net'' |
-| Does the certificate belong to an authority? (y/N):                              | **''n''**             |
-| Is this a TLS web client certificate? (y/N):                                     | **''y''**             |
-| Is this a TLS web server certificate? (y/N):                                     | **''y''**             |
-Mit nachfolgendem Befehl kann nun überprüft werden, ob der **Schlüssel** und das **Zertifikats-Antrag (Request)** erstellt wurden:
-<code>
-# ls -la /etc/pki/graylog/*
-/etc/pki/graylog/certs:
-total 12
-drwxr-xr-x 2 root root   60 Apr 30 15:10 .
-drwxr-xr-x 4 root root   32 Apr 30 13:21 ..
--rw-r--r-- 1 root root 2175 Apr 30 14:56 graylog-ca-crt.pem
-/etc/pki/graylog/csrs:
-total 4
--rw------- 1 root root 4337 Apr 30 15:11 graylog-server-csr.pem
-/etc/pki/graylog/private:
-total 24
-drwxr-xr-x 2 root root    60 Apr 30 14:56 .
-drwxr-xr-x 4 root root    32 Apr 30 13:21 ..
--rw------- 1 root root 10999 Apr 30 14:52 graylog-ca-key.pem
--rw------- 1 root root 11009 Apr 30 14:56 graylog-server-key.pem
-</code>
-Nachfolgender Befehl erstellt nun aus der **Graylog CA**-ROOT-Zertifikat, dem **Graylog CA**-Schlüssel und dem **Zertifikats-Antrag (Request)** das **Graylog Server**-Zertifikat, mit nachfolgendem Befehl:
-<code>
-# certtool --generate-certificate --load-request /etc/pki/graylog/csrs/graylog-server-csr.pem --outfile /etc/pki/graylog/certs/graylog-server-crt.pem --load-ca-certificate /etc/pki/graylog/certs/graylog-ca-crt.pem --load-ca-privkey /etc/pki/graylog/private/graylog-ca-key.pem
-Generating a signed certificate...
-Enter the certificate's serial number in decimal (default: 6550225898579949029): 2
-Activation/Expiration time.
-The certificate will expire in (days): 3649
-Extensions.
-Do you want to honour the extensions from the request? (y/N):
-Does the certificate belong to an authority? (y/N): n
-Is this a TLS web client certificate? (y/N): y
-Will the certificate be used for IPsec IKE operations? (y/N):
-Is this a TLS web server certificate? (y/N): y
-Enter a dnsName of the subject of the certificate: vml70010.idmz.tachtler.net
-Enter a dnsName of the subject of the certificate:
-Enter a URI of the subject of the certificate:
-Enter the IP address of the subject of the certificate:
-Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? (Y/n):
-Will the certificate be used for encryption (RSA ciphersuites)? (Y/n):
-Will the certificate be used to sign OCSP requests? (y/N):
-Will the certificate be used to sign code? (y/N):
-Will the certificate be used for time stamping? (y/N):
-X.509 Certificate Information:
-        Version: 3
-        Serial Number (hex): 02
-        Validity:
-                Not Before: Mon Apr 30 13:02:52 UTC 2018
-                Not After: Wed Apr 26 13:03:00 UTC 2028
-        Subject: CN=vml70110.idmz.tachtler.net,O=Klaus Tachtler,L=Muenchen (Munich),ST=Bayern (Bavaria),C=DE
-        Subject Public Key Algorithm: RSA
-        Algorithm Security Level: High (4096 bits)
-                Modulus (bits 4096):
-:ab:f2:79:22:d0:68:9b:83:cf:56:6a:3e:46:62:00
-b:28:e2:e4:fe:3e:3c:aa:83:d6:6b:48:25:f7:01:22
-:07:45:06:21:c1:05:57:f2:1f:86:64:88:34:4f:d0
-:0c:2a:14:f0:62:01:b9:30:38:52:41:84:39:1d:7b
-d:03:12:c1:73:32:9b:ce:8e:32:fb:41:c6:5b:23:cf
-:6e:17:2a:4f:8a:a6:ec:19:cb:14:96:b6:98:1b:4a
-                        a8:eb:3e:a3:1e:6f:b0:ed:40:7b:27:e7:93:e2:1c:c2
-                        dd:c5:10:14:93:2d:03:7b:a2:ac:13:da:f0:38:48:4e
-                        d5:66:e7:24:d0:bb:f3:74:19:40:6c:a4:ea:3f:53:cd
-c:8d:51:25:17:ae:90:34:5e:66:3b:a9:74:6a:51:fa
-:97:30:27:2d:2d:90:af:3e:da:03:bf:5a:cc:2a:53
-                        f5:08:df:b1:fb:01:3a:2a:37:55:21:17:0f:0d:67:46
-                        e6:d0:61:07:f1:3a:22:d8:a0:b1:7e:79:7d:be:8d:f1
-                        ce:6c:76:9b:c8:3b:3a:3f:ad:66:6d:60:ad:ba:88:14
-d:a1:4a:d3:a0:27:36:2c:27:99:84:c8:1d:ac:63:7b
-:b3:11:44:d2:84:78:dc:1c:8f:75:53:65:f9:60:82
-                        c1:68:e7:47:5a:6b:0b:db:f4:2b:c8:39:57:9a:1f:5f
-                        a6:05:06:73:0e:02:b2:43:3f:a6:20:83:2c:91:ee:39
-                        f0:b5:0a:d9:aa:f4:8a:0a:05:55:f1:ca:55:e1:11:21
-f:57:11:7b:d4:7b:60:2f:51:e1:29:18:00:5d:d8:b0
-:b4:a1:07:b7:fd:6e:46:0b:07:90:a6:64:5b:af:e4
-                        c9:c8:99:5b:10:4e:89:69:f9:3a:cb:b5:c1:8d:d7:bc
-                        bb:1b:e4:c2:7d:60:48:0a:bf:21:6b:84:d3:56:55:f2
-c:42:e9:41:20:0b:14:47:9d:ec:75:38:a9:81:5d:8f
-:26:82:75:50:ed:ed:38:66:70:4d:f7:30:a1:7a:88
-                        bf:6b:da:6e:86:70:64:44:cd:aa:cb:ef:37:ba:f4:35
-b:be:4d:22:22:50:6c:cd:6a:82:1b:ab:69:b8:5d:49
-b:64:68:76:ea:2a:09:26:80:76:6b:f9:35:f9:bf:76
-b:d4:ed:13:3c:d7:56:3b:22:44:9b:6e:e0:6b:86:df
-b:d8:29:9d:60:6b:63:dd:b3:fe:c6:41:7a:cf:aa:35
-                        cd:ea:be:d2:52:be:ba:d0:6f:0f:22:84:c0:fc:13:35
-c:73:3d:e6:d0:c2:ef:73:23:1f:d5:19:f6:95:78:e0
-                        cf
-                Exponent (bits 24):
-:00:01
-        Extensions:
-                Basic Constraints (critical):
-                        Certificate Authority (CA): FALSE
-                Key Purpose (not critical):
-                        TLS WWW Client.
-                        TLS WWW Server.
-                Subject Alternative Name (not critical):
-                        DNSname: vml70010.idmz.tachtler.net
-                Key Usage (critical):
-                        Digital signature.
-                        Key encipherment.
-                Subject Key Identifier (not critical):
-                        b8184e28caddf3b39110484a1b63e76ab4a1a890
-                Authority Key Identifier (not critical):
-                        f309922f43a2380911f8c61287109a2313dda319
-Other Information:
-        Public Key ID:
-                b8184e28caddf3b39110484a1b63e76ab4a1a890
-        Public key's random art:
-                +--[ RSA 4096]----+
-                |   * .           |
-                |  = * .          |
-                | o + o           |
-                |o.=   ..         |
-                |E=   .. S        |
-                |+.   ....        |
-                |+ o . .o         |
-                |+o... ...        |
-                |.... o.oo        |
-                +-----------------+
-Is the above information ok? (y/N): y
-Signing certificate...
-</code>
-**__Getätigte Eingaben__**:
-^ Einstellung                                                                      ^ Wert                  ^
-| Enter the certificate's serial number in decimal (default: 6550225898579949029): | ''2''                 |
-| The certificate will expire in (days):                                           | ''3649''              |
-| Does the certificate belong to an authority? (y/N):                              | **''n''**             |
-| Is this a TLS web client certificate? (y/N):                                     | **''y''**             |
-| Is this a TLS web server certificate? (y/N):                                     | **''y''**             |
-| Enter a dnsName of the subject of the certificate:                               | ''vml70110.idmz.tachtler.net'' |
-| Enter a URI of the subject of the certificate:                                   | ''vml70110.edmz.tachtler.net '' |
-| Is the above information ok? (y/N):                                              | **''y''**             |
-Mit nachfolgendem Befehl kann nun überprüft werden, ob der **Schlüssel** und das **Zertifikats-Antrag (Request)** sowie das **Graylog Server**-Zertifikat erstellt wurden:
-<code>
-# ls -la /etc/pki/graylog/*
-/etc/pki/graylog/certs:
-total 16
-drwxr-xr-x 2 root root   89 Apr 30 15:17 .
-drwxr-xr-x 4 root root   32 Apr 30 13:21 ..
--rw-r--r-- 1 root root 2175 Apr 30 14:56 graylog-ca-crt.pem
--rw-r--r-- 1 root root 2269 Apr 30 15:19 graylog-server-crt.pem
-/etc/pki/graylog/csrs:
-total 4
--rw------- 1 root root 4337 Apr 30 15:11 graylog-server-csr.pem
-/etc/pki/graylog/private:
-total 24
-drwxr-xr-x 2 root root    60 Apr 30 14:56 .
-drwxr-xr-x 4 root root    32 Apr 30 13:21 ..
--rw------- 1 root root 10999 Apr 30 14:52 graylog-ca-key.pem
--rw------- 1 root root 11009 Apr 30 14:56 graylog-server-key.pem
-</code>
-:!: **WICHTIG** - Damit der **Zertifikats-Schlüssel (Certificate-Key)** geladen werden kann, muss dieser erst noch in das passende [[https://tools.ietf.org/html/rfc5208|PKCS #8 Format]] konvertiert werden. Der Versuch einen **__nicht__ konvertierten Schlüssel zu laden, würde nachfolgende Fehlermeldung** zum Vorschein bringen:
-<code java>
--04-30T16:21:34.258+02:00 WARN  [AbstractNioSelector] Failed to initialize an accepted socket.
-java.lang.IllegalArgumentException: Unsupported key type: /etc/pki/graylog/private/graylog-server-key.pem
-        at org.graylog2.plugin.inputs.transports.util.KeyUtil.loadPrivateKey(KeyUtil.java:170) ~[graylog.jar:?]
-        at org.graylog2.plugin.inputs.transports.util.KeyUtil.initKeyStore(KeyUtil.java:118) ~[graylog.jar:?]
-        at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$1.createSslEngine(AbstractTcpTransport.java:205) ~[graylog.jar:?]
-        at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$1.call(AbstractTcpTransport.java:186) ~[graylog.jar:?]
-        at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$1.call(AbstractTcpTransport.java:182) ~[graylog.jar:?]
-        at org.graylog2.plugin.inputs.transports.NettyTransport$1.getPipeline(NettyTransport.java:110) ~[graylog.jar:?]
-        at org.jboss.netty.channel.socket.nio.NioServerBoss.registerAcceptedChannel(NioServerBoss.java:134) [graylog.jar:?]
-        at org.jboss.netty.channel.socket.nio.NioServerBoss.process(NioServerBoss.java:104) [graylog.jar:?]
-        at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337) [graylog.jar:?]
-        at org.jboss.netty.channel.socket.nio.NioServerBoss.run(NioServerBoss.java:42) [graylog.jar:?]
-        at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108) [graylog.jar:?]
-        at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42) [graylog.jar:?]
-        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_161]
-        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_161]
-        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
-</code>
-Nachfolgender Befehl konvertiert den **Zertifikats-Schlüssel (Certificate-Key)** in das [[https://tools.ietf.org/html/rfc5208|PKCS #8 Format]] um:
-<code>
-# openssl pkcs8 -topk8 -in /etc/pki/graylog/private/graylog-server-key.pem -inform pem -out /etc/pki/graylog/private/graylog-server-key-pkcs8.pem -outform pem -nocrypt
-</code>
-:!: **WICHTIG** - Damit der **Zertifikats-Schlüssel (Certificate-Key)** geladen werden kann, müssen zusätzlich die **Besitz**- und **Datei**rechte entsprechend angepasst werden, da sonst nachfolgende Fehlermeldung mit nachfolgender Fehlersituation entstehen würde:
-<code java>
--04-30T16:40:47.406+02:00 WARN  [AbstractNioSelector] Failed to initialize an accepted socket.
-java.nio.file.AccessDeniedException: /etc/pki/graylog/certs/graylog-server-csr.pem
-        at sun.nio.fs.UnixException.translateToIOException(UnixException.java:84) ~[?:1.8.0_161]
-        at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102) ~[?:1.8.0_161]
-        at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107) ~[?:1.8.0_161]
-        at sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:214) ~[?:1.8.0_161]
-        at java.nio.file.Files.newByteChannel(Files.java:361) ~[?:1.8.0_161]
-        at java.nio.file.Files.newByteChannel(Files.java:407) ~[?:1.8.0_161]
-        at java.nio.file.spi.FileSystemProvider.newInputStream(FileSystemProvider.java:384) ~[?:1.8.0_161]
-        at java.nio.file.Files.newInputStream(Files.java:152) ~[?:1.8.0_161]
-        at org.graylog2.plugin.inputs.transports.util.KeyUtil.loadCertificates(KeyUtil.java:90) ~[graylog.jar:?]
-        at org.graylog2.plugin.inputs.transports.util.KeyUtil.loadCertificates(KeyUtil.java:103) ~[graylog.jar:?]
-        at org.graylog2.plugin.inputs.transports.util.KeyUtil.initTrustStore(KeyUtil.java:73) ~[graylog.jar:?]
-        at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$1.createSslEngine(AbstractTcpTransport.java:199) ~[graylog.jar:?]
-        at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$1.call(AbstractTcpTransport.java:186) ~[graylog.jar:?]
-        at org.graylog2.plugin.inputs.transports.AbstractTcpTransport$1.call(AbstractTcpTransport.java:182) ~[graylog.jar:?]
-        at org.graylog2.plugin.inputs.transports.NettyTransport$1.getPipeline(NettyTransport.java:110) ~[graylog.jar:?]
-        at org.jboss.netty.channel.socket.nio.NioServerBoss.registerAcceptedChannel(NioServerBoss.java:134) [graylog.jar:?]
-        at org.jboss.netty.channel.socket.nio.NioServerBoss.process(NioServerBoss.java:104) [graylog.jar:?]
-        at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337) [graylog.jar:?]
-        at org.jboss.netty.channel.socket.nio.NioServerBoss.run(NioServerBoss.java:42) [graylog.jar:?]
-        at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108) [graylog.jar:?]
-        at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42) [graylog.jar:?]
-        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_161]
-        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_161]
-        at java.lang.Thread.run(Thread.java:748) [?:1.8.0_161]
-</code>
-Nachfolgende Befehle setzen noch die richtigen **Besitz**- und **Datei**rechte für die neu erstellte Datei **Zertifikats-Schlüssel (Certificate-Key)**:
-**__Besitz__rechte**:
-<code>
-# chown root:graylog /etc/pki/graylog/private/graylog-server-key-pkcs8.pem
-</code>
-**__Datei__rechte**:
-<code>
-# chmod 640 /etc/pki/graylog/private/graylog-server-key-pkcs8.pem
-</code>
-==== graylog-web: Syslog TCP mit TLS ====
-Nachfolgend kann die Konfiguration des **Inputs** in der [[https://www.graylog.org/|Graylog]]-Web-Server Applikation durchgeführt werden und sollte eine Ausgabe, in etwa, wie die nachfolgende zum Vorschein bringen:
-{{:tachtler:graylog:graylog-web_inputs_syslog_tcp_with_tls.png|Graylog Web - Inputs - Syslog TCP mit TLS}}
-**__Nachfolgende Einstellungen sind dazu zu ergänzen__ (Nur relevante Änderungen/Ergänzugen)**:
-^ Einstellung                                  ^ Wert                                                      ^
-| **Global input** (Standard on all nodes)     | ✔                                                         |
-| **Port**                                     | ''10514''                                                 |
-| **TLS cert file** (optional)                 | ''/etc/pki/graylog/certs/graylog-server-crt.pem''         |
-| **TLS private key file** (optional)          | ''/etc/pki/graylog/private/graylog-server-key-pkcs8.pem'' |
-| **Enable TLS** (optional)                    | ✔                                                         |
-| **Enable keepalive** (optional)              | ✔                                                         |
-==== TLS: Client-Zertifikat erstellen ====
-:!: **WICHTIG** - **Diese Schritte müssen für __JEDEN__ Client individuell wiederholt werden !!!**
-Nachfolgende Befehle erstellen ein **''Graylog Client''**-Zertifikate aus der **eigenen CA**.
-Jetzt müssen jeweils ein
-  * ''/etc/pki/graylog/private/graylog-vml70010.idmz.tachtler.net-key.pem'' - **Zertifikats-Schlüssel (Certificate-Key)**
-  * ''/etc/pki/graylog/csrs/graylog-vml70010.idmz.tachtler.net-csr.pem'' - **Zertifikats-Antrag (Certificate-Request/CSR)**
-mit nachfolgenden Befehlen erstellt werden:
-**__1. Schritt__**: Erstellung eines Schlüssel für das **Graylog Client**-Zertifikat, mit nachfolgendem Befehl:
-<code>
-# certtool --generate-privkey --bits=4096 --outfile /etc/pki/graylog/private/graylog-vml70010.idmz.tachtler.net-key.pem
-** Note: Please use the --sec-param instead of --bits
-Generating a 4096 bit RSA private key...
-</code>
-* //Die Meldung ''%%**%% Note: Please use the --sec-param instead of --bits'' kann ignoriert werden!//
-**__2. Schritt__**: Erstellung eines **Zertifikats-Antrag (Request)**, für das **Graylog Cleint**-Zertifikat mit nachfolgendem Befehl:
-<code>
-# certtool --generate-request --load-privkey /etc/pki/graylog/private/graylog-vml70010.idmz.tachtler.net-key.pem --outfile /etc/pki/graylog/csrs/graylog-vml70010.idmz.tachtler.net-csr.pem
-Generating a PKCS #10 certificate request...
-Common name: vml70010.idmz.tachtler.net
-Organizational unit name:
-Organization name: Klaus Tachtler
-Locality name: Muenchen (Munich)
-State or province name: Bayern (Bavaria)
-Country name (2 chars): DE
-Enter the subject's domain component (DC):
-UID:
-Enter a dnsName of the subject of the certificate:
-Enter a URI of the subject of the certificate:
-Enter the IP address of the subject of the certificate:
-Enter the e-mail of the subject of the certificate: hostmaster@tachtler.net
-Enter a challenge password:
-Does the certificate belong to an authority? (y/N): n
-Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? (Y/n):
-Will the certificate be used for encryption (RSA ciphersuites)? (Y/n):
-Will the certificate be used to sign code? (y/N):
-Will the certificate be used for time stamping? (y/N):
-Will the certificate be used for IPsec IKE operations? (y/N):
-Will the certificate be used to sign OCSP requests? (y/N):
-Is this a TLS web client certificate? (y/N): y
-Is this a TLS web server certificate? (y/N): y
-</code>
-**__Getätigte Eingaben__**:
-^ Einstellung                                                                      ^ Wert                  ^
-| Common name                                                                      | ''vml70010.idmz.tachtler.net'' |
-| Organization name:                                                               | ''Klaus Tachtler''    |
-| Locality name:                                                                   | ''Muenchen (Munich)'' |
-| State or province name:                                                          | ''Bayern (Bavaria)''  |
-| Country name (2 chars):                                                          | ''DE''                |
-| Enter a URI of the subject of the certificate:                                   | ''vml70010.edmz.tachtler.net '' |
-| Enter the e-mail of the subject of the certificate:                              | ''hostmaster@tachtler.net'' |
-| Does the certificate belong to an authority? (y/N):                              | **''n''**             |
-| Is this a TLS web client certificate? (y/N):                                     | **''y''**             |
-| Is this a TLS web server certificate? (y/N):                                     | **''y''**             |
-Mit nachfolgendem Befehl kann nun überprüft werden, ob der **Schlüssel** und das **Zertifikats-Antrag (Request)** erstellt wurden:
-<code>
-# ls -la /etc/pki/graylog/*
-/etc/pki/graylog/certs:
-total 24
-drwxr-xr-x 2 root root  138 Apr 30 15:30 .
-drwxr-xr-x 4 root root   32 Apr 30 13:21 ..
--rw-r--r-- 1 root root 2175 Apr 30 14:56 graylog-ca-crt.pem
--rw-r--r-- 1 root root 2269 Apr 30 15:19 graylog-server-crt.pem
-/etc/pki/graylog/csrs:
-total 8
--rw------- 1 root root 4337 Apr 30 15:11 graylog-server-csr.pem
--rw------- 1 root root 4257 Apr 30 15:31 graylog-vml70010.idmz.tachtler.net-csr.pem
-/etc/pki/graylog/private:
-total 36
-drwxr-xr-x 2 root root   109 Apr 30 15:27 .
-drwxr-xr-x 4 root root    32 Apr 30 13:21 ..
--rw------- 1 root root 10999 Apr 30 14:52 graylog-ca-key.pem
--rw------- 1 root root 11009 Apr 30 14:56 graylog-server-key.pem
--rw------- 1 root root 10996 Apr 30 15:27 graylog-vml70010.idmz.tachtler.net-key.pem
-</code>
-Nachfolgender Befehl erstellt nun aus der **Graylog CA**-ROOT-Zertifikat, dem **Graylog CA**-Schlüssel und dem **Zertifikats-Antrag (Request)** das **Graylog Client**-Zertifikat, mit nachfolgendem Befehl:
-<code>
-# certtool --generate-certificate --load-request /etc/pki/graylog/csrs/graylog-vml70010.idmz.tachtler.net-csr.pem --outfile /etc/pki/graylog/certs/graylog-vml70010.idmz.tachtler.net-crt.pem --load-ca-certificate /etc/pki/graylog/certs/graylog-ca-crt.pem --load-ca-privkey /etc/pki/graylog/private/graylog-ca-key.pem
-Generating a signed certificate...
-Enter the certificate's serial number in decimal (default: 6550233724283548934): 3
-Activation/Expiration time.
-The certificate will expire in (days): 3649
-Extensions.
-Do you want to honour the extensions from the request? (y/N):
-Does the certificate belong to an authority? (y/N): n
-Is this a TLS web client certificate? (y/N): y
-Will the certificate be used for IPsec IKE operations? (y/N):
-Is this a TLS web server certificate? (y/N): y
-Enter a dnsName of the subject of the certificate: vml70010.idmz.tachtler.net
-Enter a dnsName of the subject of the certificate:
-Enter a URI of the subject of the certificate:
-Enter the IP address of the subject of the certificate:
-Will the certificate be used for signing (DHE and RSA-EXPORT ciphersuites)? (Y/n):
-Will the certificate be used for encryption (RSA ciphersuites)? (Y/n):
-Will the certificate be used to sign OCSP requests? (y/N):
-Will the certificate be used to sign code? (y/N):
-Will the certificate be used for time stamping? (y/N):
-X.509 Certificate Information:
-        Version: 3
-        Serial Number (hex): 03
-        Validity:
-                Not Before: Mon Apr 30 13:32:18 UTC 2018
-                Not After: Wed Apr 26 13:32:27 UTC 2028
-        Subject: CN=vml70010.idmz.tachtler.net,O=Klaus Tachtler,L=Muenchen (Munich),ST=Bayern (Bavaria),C=DE
-        Subject Public Key Algorithm: RSA
-        Algorithm Security Level: High (4096 bits)
-                Modulus (bits 4096):
-:a8:98:6a:59:d2:96:3e:fb:a0:71:82:12:66:5d:c0
-                        b3:d6:a0:36:91:b9:67:05:71:30:44:09:0d:cb:05:bb
-c:fb:5a:7e:92:c5:ff:e7:60:fc:9a:81:83:7f:d6:e6
-:87:3c:71:bd:82:1a:0d:e0:0d:71:c6:be:5a:7c:5a
-:d4:a8:8a:da:c1:45:62:dc:31:5f:1d:4e:54:69:d7
-:b5:8a:f8:f8:ee:33:e0:08:48:bd:a0:12:6c:96:e9
-c:94:3b:97:26:58:be:a8:8d:bb:a9:f6:7a:43:9d:7f
-                        b8:f3:91:20:3b:ef:a5:d0:f2:94:8f:57:00:79:22:9e
-                        cc:65:b9:9c:ab:3e:f9:d9:f6:f8:9c:ba:ea:5f:c1:cc
-                        ee:1c:72:07:e6:7f:eb:5a:ca:27:83:71:6c:7f:80:30
-:a5:60:8a:b1:c5:82:38:dc:4c:27:7a:ca:cb:4a:d7
-:8b:42:05:2d:1a:1a:ce:c2:3d:a5:4a:fd:04:5e:45
-                        ba:e5:6a:cd:44:1c:64:22:30:71:f0:89:1f:b5:31:50
-:16:1a:22:f8:07:8b:c3:79:a3:ba:e7:a5:b8:61:95
-e:ae:4c:cf:e7:95:ce:1e:a0:28:2b:ce:a5:8d:2a:81
-f:66:e2:d7:71:58:de:23:c7:da:04:b4:aa:b8:b0:ba
-:34:1a:a0:29:75:48:38:88:94:3e:d3:b3:8e:7e:56
-                        ce:bd:1b:0e:6e:85:87:12:61:73:08:8b:c9:dd:f0:70
-c:33:ce:93:9c:8b:4a:73:3c:a7:28:80:d1:cc:52:07
-d:6d:e9:4e:5e:b6:b6:f1:26:9f:f4:4d:0b:3a:31:00
-                        ea:fc:b1:9a:0b:07:08:ab:5b:eb:18:ad:b0:84:d7:c7
-d:b3:86:ae:84:a0:48:f3:34:36:49:08:53:25:22:75
-                        fe:7a:dc:18:9f:99:91:27:ac:c5:57:22:bc:26:23:27
-                        af:8c:cf:d9:7b:b8:7b:77:46:5f:92:f8:02:2a:00:38
-                        ff:71:ea:24:84:8c:2b:e2:13:06:a0:0b:5e:6a:62:8b
-d:15:bf:8c:9f:83:b3:d5:6c:97:71:18:d0:d8:ae:10
-:c6:d0:1f:be:70:67:bb:81:3e:e2:6f:7d:dd:09:87
-                        c2:3e:71:0d:d9:32:6f:8e:1b:0e:a1:1a:54:b4:40:a5
-:69:06:f7:f8:f6:c8:29:71:56:bf:49:94:b0:55:c1
-                        e6:51:ec:27:59:93:4d:1e:05:4b:67:be:bb:e3:01:90
-:a1:29:42:9e:cf:f9:c8:21:64:fb:9e:2d:b0:8f:6b
-e:66:00:b0:60:e6:e6:2c:53:17:01:e8:3c:a5:f5:22
-                        ad
-                Exponent (bits 24):
-:00:01
-        Extensions:
-                Basic Constraints (critical):
-                        Certificate Authority (CA): FALSE
-                Key Purpose (not critical):
-                        TLS WWW Client.
-                        TLS WWW Server.
-                Subject Alternative Name (not critical):
-                        DNSname: vml70010.idmz.tachtler.net
-                Key Usage (critical):
-                        Digital signature.
-                        Key encipherment.
-                Subject Key Identifier (not critical):
-cb652bc753ad41f5de71a57f46af13d1b3e8f3b
-                Authority Key Identifier (not critical):
-                        f709872f43a1380411f8b61287109b4713ada319
-Other Information:
-        Public Key ID:
-cb652bc753ad41f5de71a57f46af13d1b3e8f3b
-        Public key's random art:
-                +--[ RSA 4096]----+
-                |                 |
-                |                 |
-                |                 |
-                |       . .     .+|
-                |        S.   . =*|
-                |       +... . .oO|
-                |      o.o .. ..oE|
-                |       +.o  . o=o|
-                |      . ..    o++|
-                +-----------------+
-Is the above information ok? (y/N): y
-Signing certificate...
-</code>
-**__Getätigte Eingaben__**:
-^ Einstellung                                                                      ^ Wert                  ^
-| Enter the certificate's serial number in decimal (default: 6550225898579949029): | ''3''                 |
-| The certificate will expire in (days):                                           | ''3649''              |
-| Does the certificate belong to an authority? (y/N):                              | **''n''**             |
-| Is this a TLS web client certificate? (y/N):                                     | **''y''**             |
-| Is this a TLS web server certificate? (y/N):                                     | **''y''**             |
-| Enter a dnsName of the subject of the certificate:                               | ''vml70010.idmz.tachtler.net'' |
-| Enter a URI of the subject of the certificate:                                   | ''vml70010.edmz.tachtler.net '' |
-| Is the above information ok? (y/N):                                              | **''y''**             |
-Mit nachfolgendem Befehl kann nun überprüft werden, ob der **Schlüssel** und das **Zertifikats-Antrag (Request)** sowie das **Graylog Client**-Zertifikat erstellt wurden:
-<code>
-# ls -la /etc/pki/graylog/*
-/etc/pki/graylog/certs:
-total 24
-drwxr-xr-x 2 root root 4096 Apr 30 15:32 .
-drwxr-xr-x 4 root root   32 Apr 30 13:21 ..
--rw-r--r-- 1 root root 2175 Apr 30 14:56 graylog-ca-crt.pem
--rw-r--r-- 1 root root 2269 Apr 30 15:19 graylog-server-crt.pem
--rw-r--r-- 1 root root 2232 Apr 30 15:33 graylog-vml70010.idmz.tachtler.net-crt.pem
-/etc/pki/graylog/csrs:
-total 8
--rw------- 1 root root 4337 Apr 30 15:11 graylog-server-csr.pem
--rw------- 1 root root 4257 Apr 30 15:31 graylog-vml70010.idmz.tachtler.net-csr.pem
-/etc/pki/graylog/private:
-total 48
-drwxr-xr-x 2 root root   109 Apr 30 15:27 .
-drwxr-xr-x 4 root root    32 Apr 30 13:21 ..
--rw------- 1 root root 10999 Apr 30 14:52 graylog-ca-key.pem
--rw------- 1 root root 11009 Apr 30 14:56 graylog-server-key.pem
--rw-r--r-- 1 root root 11009 Apr 30 14:56 graylog-server-key-pkcs8.pem
--rw------- 1 root root 10996 Apr 30 15:27 graylog-vml70010.idmz.tachtler.net-key.pem
-</code>
-==== graylog-web: Syslog TCP mit TLS und Authentifizeirung ====
-Nachfolgend kann die Konfiguration des **Inputs** in der [[https://www.graylog.org/|Graylog]]-Web-Server Applikation durchgeführt werden und sollte eine Ausgabe, in etwa, wie die nachfolgende zum Vorschein bringen:
-{{:tachtler:graylog:graylog-web_inputs_syslog_tcp_with_tls_and_auth.png|Graylog Web - Inputs - Syslog TCP mit TLS und Authentifizierung}}
-**__Nachfolgende Einstellungen sind dazu zu ergänzen__ (Nur relevante Änderungen/Ergänzugen)**:
-^ Einstellung                                  ^ Wert                                                      ^
-| **Global input** (Standard on all nodes)     | ✔                                                         |
-| **Port**                                     | ''10514''                                                 |
-| **TLS cert file** (optional)                 | ''/etc/pki/graylog/certs/graylog-server-crt.pem''         |
-| **TLS private key file** (optional)          | ''/etc/pki/graylog/private/graylog-server-key-pkcs8.pem'' |
-| **Enable TLS** (optional)                    | ✔                                                         |
-| **TLS client authentication** (optional)     | **''required''**                                          |
-| **TLS Client Auth Trusted Certs** (optional) | **''/etc/pki/graylog/certs''**                            |
-| **Enable keepalive** (optional)              | ✔                                                         |
-===== Konfiguration: rsyslog UDP =====
-Die Konfiguration von [[http://www.rsyslog.com/|RSysLog]] ist einfach, um **__alle__** Log-Meldung die bei [[http://www.rsyslog.com/|RSysLog]] auftreffen, auch an [[https://www.graylog.org/|Graylog]] weiterzuleiten.
-Nachfolgende Konfigurationen bewegt [[http://www.rsyslog.com/|RSysLog]] dazu **__alle__** Log-Dateien auch an [[https://www.graylog.org/|Graylog]] weiterzuleiten:
-**__UDP:__** (:!: **__Nur__ bis [[https://www.graylog.org/|Graylog]] Version 2.1 möglich!**)
-<code ini>
-$template GRAYLOGRFC5424,"<%PRI%>%PROTOCOL-VERSION% %TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID% %STRUCTURED-DATA% %msg%\n"
-*.* @graylog.example.org:514;GRAYLOGRFC5424
-</code>
-:!: **HINWEIS** - Der einzige Unterschied zwischen **UDP** und TCP ist die Konfiguration @ anstelle von @@ bei der Ziel-Beschreibung.
-Alternativ beherrscht [[http://www.rsyslog.com/|RSysLog]] ab der **Version 5.10 oder höher** auch das Schreiben von LOG-Daten mit Hilfe des eingebauten "Templates" - **''RSYSLOG_SyslogProtocol23Format''**, welches die LOG-Daten im gleichen Format sendet, wie dies bei **UDP** oder TCP  **vorher** noch definiert werden musste.
-**__UDP (RSYSLOG_SyslogProtocol23Format):__** (:!: **__Ab__ [[https://www.graylog.org/|Graylog]] Version 2.2 zwingend erforderlich! **)
-<code ini>
-*.* @graylog.example.org:514;RSYSLOG_SyslogProtocol23Format
-</code>
-===== Konfiguration: rsyslog TCP =====
-Die Konfiguration von [[http://www.rsyslog.com/|RSysLog]] ist einfach, um **__alle__** Log-Meldung die bei [[http://www.rsyslog.com/|RSysLog]] auftreffen, auch an [[https://www.graylog.org/|Graylog]] weiterzuleiten.
-Nachfolgende Konfigurationen bewegt [[http://www.rsyslog.com/|RSysLog]] dazu **__alle__** Log-Dateien auch an [[https://www.graylog.org/|Graylog]] weiterzuleiten:
-__TCP:__ (:!: **__Nur__ bis [[https://www.graylog.org/|Graylog]] Version 2.1 möglich!**)
-<code ini>
-$template GRAYLOGRFC5424,"<%PRI%>%PROTOCOL-VERSION% %TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID% %STRUCTURED-DATA% %msg%\n"
-*.* @@graylog.example.org:514;GRAYLOGRFC5424
-</code>
-:!: **HINWEIS** - Der einzige Unterschied zwischen **UDP** und TCP ist die Konfiguration @ anstelle von @@ bei der Ziel-Beschreibung.
-Alternativ beherrscht [[http://www.rsyslog.com/|RSysLog]] ab der **Version 5.10 oder höher** auch das Schreiben von LOG-Daten mit Hilfe des eingebauten "Templates" - **''RSYSLOG_SyslogProtocol23Format''**, welches die LOG-Daten im gleichen Format sendet, wie dies bei **UDP** oder TCP  **vorher** noch definiert werden musste.
-__TCP (RSYSLOG_SyslogProtocol23Format):__ (:!: **__Ab__ [[https://www.graylog.org/|Graylog]] Version 2.2 zwingend erforderlich! **)
-<code ini>
-*.* @@graylog.example.org:514;RSYSLOG_SyslogProtocol23Format
-</code>
-==== rsyslog TCP mit Client-Zertifikat ====
-Nachfolgende Konfiguration soll den Datenserver der LOG-Daten vom jeweils **lokalen** - [[http://www.rsyslog.com/|RSysLog]]-Dienst/Daemon zum [[https://www.graylog.org/|Graylog]]-Server via **TLS**-Verschlüsselung absichern, so das die Daten auf dem Weg vom Client zum Servern verschlüsselt übertragen werden.
-Des weiteren soll damit auch gewährleistet werden, das sich nur **autorisierte** [[http://www.rsyslog.com/|RSysLog]]-Clients mit dem [[https://www.graylog.org/|Graylog]]-Server verbinden dürfen.
-Um die beiden Punkte
-  * **Verschlüsselte** LOG-Datenübertragung und
-  * **Autorisierte** LOG-Datenübertragung
-realisieren zu können, ist es erforderlich entsprechend **Zertifikate** zu erstellen.
-Nachfolgende **zusätzliche** Konfigurationen sind erforderlich, um den [[http://www.rsyslog.com/|RSysLog]] zu veranlassen **__alle__** Log-Dateien __**nur noch**__ **TLS**-Verschlüsselt an [[https://www.graylog.org/|Graylog]] weiterzuleiten.
-Dazu sollen mit nachfolgenden Befehl in nachfolgendem Verzeichnis
-  * ''/etc/pki/''
-die folgenden Verzeichnisse erstellt werden
-  * ''/etc/pki/graylog''
-  * ''/etc/pki/graylog/certs'' - Verzeichnis für alle Zertifikate
-  * ''/etc/pki/graylog/private'' - Verzeichnis für alle Schlüssel
-<code>
-# mkdir -p /etc/pki/graylog/{certs,private}
-</code>
-Ob die Verzeichnisse korrekt erstellt wurden, kann mit nachfolgendem Befehl überprüft werden:
-<code>
-# ll /etc/pki/graylog/*
-/etc/pki/graylog/certs:
-total 0
-/etc/pki/graylog/private:
-total 0
-</code>
-Jetzt müssen jeweils ein
-  * ''/etc/pki/graylog/certs/graylog-ca-crt.pem'' - **ROOT-Zertifikat (Certificate)**
-  * ''/etc/pki/graylog/private/graylog-vml70010.idmz.tachtler.net-key.pem'' - **Client-Zertifikat Schlüssel (Key)**
-  * ''/etc/pki/graylog/certs/graylog-vml70010.idmz.tachtler.net-crt.pem'' - **Client-Zertifikat (Certificate)**
-in das gerade eben neu erstellte Verzeichnis, **vom** [[https://www.graylog.org/|Graylog]]-Server (**auf dem die Zertifikate für den Client erstellt wurden**) **kopiert** werden, was z.B. mit nachfolgendem Befehlen erfolgen kann:
-<code>
-# scp /etc/pki/graylog/certs/graylog-ca-crt.pem vml70010.idmz.tachtler.net:/etc/pki/graylog/certs
-graylog-ca-crt.pem                            100% 1456    82.7KB/s   00:00
-</code>
-<code>
-# scp /etc/pki/graylog/graylog-vml70010.idmz.tachtler.net-crt.pem vml70010.idmz.tachtler.net:/etc/pki/graylog/certs
-graylog-vml70010.idmz.tachtler.net-crt.pem    100% 1298   173.7KB/s   00:00
-</code>
-<code>
-# scp /etc/pki/graylog/graylog-vml70010.idmz.tachtler.net-key.pem vml70010.idmz.tachtler.net:/etc/pki/graylog/certs
-graylog-vml70010.idmz.tachtler.net-key.pem    100% 1704   209.8KB/s   00:00
-</code>
-==== /etc/rsyslog.conf ====
-Nachfolgende Änderungen bzw. Ergänzungen sind erforderlich, um den [[http://www.rsyslog.com/|RSysLog]] zu veranlassen **__alle__** Log-Dateien __**nur noch**__ **TLS**-Verschlüsselt an [[https://www.graylog.org/|Graylog]] weiterzuleiten:
-(**Nur relevante Ausschnitte**):
-<code ini>
-#### MODULES ####
-# Tachtler - TLS -
-$DefaultNetstreamDriver gtls
-$DefaultNetstreamDriverCAFile /etc/pki/graylog/certs/graylog-ca-crt.pem
-$DefaultNetstreamDriverCertFile /etc/pki/graylog/certs/graylog-vml70010.idmz.tachtler.net-crt.pem
-$DefaultNetstreamDriverKeyFile /etc/pki/graylog/private/graylog-vml70010.idmz.tachtler.net-key.pem
-</code>
-<code ini>
-#### RULES ####
-# Tachtler - TLS -
-# Write all Log-Information to graylog
-#$template GRAYLOGRFC5424,"<%PRI%>%PROTOCOL-VERSION% %TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID% %STRUCTURED-DATA% %msg%\n"
-#*.*                                                     @10.7.0.110:514;GRAYLOGRFC5424
-*.*                                                     @@10.7.0.110:514;RSYSLOG_SyslogProtocol23Format
-</code>
-<code ini>
-#### RULES ####
-# Tachtler - TLS -
-$ActionSendStreamDriverAuthMode x509/name
-$ActionSendStreamDriverPermittedPeer vml70110.idmz.tachtler.net
-$ActionSendStreamDriverMode 1
-</code>
-===== Einrichtung: graylog - Daschboards =====
-==== Dashboard: Meldungen der letzten 24-Stunden ====
-Nachfolgend soll die Einrichtung eines "Dashboard" aller Meldungen der letzten **24-Stunden** durchgeführt werden, wobei hier die 24 Stunden
-  * von **vorgestern Mitternacht**
-  * bis **gestern Mitternacht**
-gemeint sind.
-Nach dem drücken der **Schaltfläche [Create dashboard]** können in dem sich öffnenden Dialogfenster, nachfolgende Daten eingegeben werden:
-  * Title: **Meldungen der letzten 24-Stunden**
-  * Description: **Suche von Mitternacht vorgestern bis Mitternacht gestern**
-anschließend ist die **Schaltfläche [Save]** zu drücken.
-Nachfolgendes "Dashboard" sollte nun entstanden sein, welches nun noch mit Leben gefüllt werden muss:
-{{:tachtler:graylog:graylog_dashboard_24-stunden_dashboard.png|Dashboard 24-Stunden}}
-=== Dashboard: Meldungen der letzten 24-Stunden - Widget: Meldungen gesamt ===
-Als erstes **"widget"** soll das **Meldungen gesamt** angelegt werden, welches nachfolgende Parameter hat:
-^ Beispiel  ^ Paramater                        ^ Wert                                  ^
-| {{:tachtler:graylog:graylog_dashboard_24-stunden_dashboard_widget_meldungen_gesamt.png}} | ''Title''                        | Meldungen gesamt                      |
-| :::       | ''Cache time''                   | 10                                    |
-| :::       | ''Time range type''              | Keyword                               |
-| :::       | ''Search keyword''               | midnight yesterday to midnight today  |
-| :::       | ''Search query''                 | **[leer]**                            |
-| :::       | ''Number of top/buttom values''  | **[leer]**                            |
-| :::       | ''Total table size''             | **[leer]**                            |
-| :::       | ''Sort options''                 | **[keine ausgewählt]**                |
-| :::       | ''Stacked fields''               | **[keine ausgewählt]**                |
-| :::       | ''Show pie chart''               | **[nicht ausgewählt]**                |
-| :::       | ''Show data table''              | **✔**                                 |
-=== Dashboard: Meldungen der letzten 24-Stunden - Widget: Gesamt Meldungen ===
-Als zweites **"widget"** soll das **Gesamt Meldungen** angelegt werden, welches nachfolgende Parameter hat:
-^ Beispiel  ^ Paramater                        ^ Wert                                  ^
-| {{:tachtler:graylog:graylog_dashboard_24-stunden_dashboard_widget_gesamt_meldungen.png|}} | ''Title''                        | Gesamt Meldungen                      |
-| :::       | ''Cache time''                   | 10                                    |
-| :::       | ''Time range type''              | Keyword                               |
-| :::       | ''Search keyword''               | midnight yesterday to midnight today  |
-| :::       | ''Search query''                 | **[leer]**                            |
-| :::       | ''Display trend''                | **✔**                                 |
-| :::       | ''Lower is better''              | **✔**                                 |
-=== Dashboard: Meldungen der letzten 24-Stunden - Widget: Problem Meldungen ===
-Als drittes **"widget"** soll das **Problem Meldungen** angelegt werden, welches nachfolgende Parameter hat:
-^ Beispiel  ^ Paramater                        ^ Wert                                                  ^
-| {{:tachtler:graylog:graylog_dashboard_24-stunden_dashboard_widget_problem_meldungen.png|}}           | ''Title''                        | Problem Meldungen                                     |
-| :::       | ''Cache time''                   | 10                                                    |
-| :::       | ''Time range type''              | Keyword                                               |
-| :::       | ''Search keyword''               | midnight yesterday to midnight today                  |
-| :::       | ''Search query''                 | (level:0 OR level:1 OR level:2 OR level:3 OR level:4) |
-| :::       | ''Display trend''                | **✔**                                                 |
-| :::       | ''Lower is better''              | **✔**                                                 |