This project creates full-stack platform-specific packages for
Graylog!
You can download Graylog stable as Ubuntu package here
Or Graylog beta/rc build from here
You must have a sane Ruby 1.9+ environment with Bundler installed. Ensure all the required gems are installed:
$ sudo bundle install --binstubsYou create a platform-specific package using the build project command:
$ sudo bin/omnibus build graylogCurrently we support only Ubuntu 14.04
You can clean up all temporary files generated during the build process with
the clean command:
$ sudo bin/omnibus clean graylogAdding the --purge purge option removes ALL files generated during the
build including the project install directory (/opt/graylog) and
the package cache directory (/var/cache/omnibus/pkg):
$ sudo bin/omnibus clean graylog --purgeFull help for the Omnibus command line interface can be accessed with the
help command:
$ bin/omnibus helpAfter installing the omnibus package on your server you have to reconfigure the installation to setup all configuration files and start all services.
$ sudo graylog-ctl reconfigureYou can access Graylog through the web interface http://<yourServerIp/hostName> now.
In order to set another admin password you can also use graylog-ctl
$ sudo graylog-ctl set-admin-password sEcrEtPaSsword!
$ sudo graylog-ctl reconfigureAt this point all services run on one box which is fine for very small setups or evaluation purpose. However to scale out from this all-in-one box you can create more VMs with only single services running. A good start is to let the web-interface run on a separate machine.
vm2> sudo graylog-ctl set-cluster-master <ip-of-first-box>
vm2> sudo graylog-ctl reconfigure-as-webinterfaceIn the same way you can decouple Elasticsearch from the first all-in-one box. You should have two Elasticsearch nodes at least. More nodes provide higher message rates for bigger setups.
vm3> sudo graylog-ctl set-cluster-master <ip-of-first-box>
vm3> sudo graylog-ctl reconfigure-as-datanodeand the second Elasticsearch node
vm4> sudo graylog-ctl set-cluster-master <ip-of-first-box>
vm4> sudo graylog-ctl reconfigure-as-datanodeNow you can go back to first box and disable the web interface and the local Elasticsearch
$ sudo graylog-ctl reconfigure-as-serverSometime we need override the default settings omnibus provides,eg. data-directory,time-zone etc.
That time,we could make use of the attributes override mechanism omnibus provides.
You could read this topic from the online document too: http://docs.graylog.org/en/1.2/pages/installation/graylog_ctl.html#advanced-settings
After a fresh install of omnibus,there is a /etc/graylog created which contains the graylog-settings.json file.
By which we could do our customizing.
-
How to change the default
data-directoryandjournal_directory?Solution: Add attributes to the
custom_attributessection,eg."custom_attributes": { "elasticsearch": { "data_directory": "/data/elasticsearch" }, "mongodb": { "data_directory": "/data/mongodb" }, "etcd": { "data_directory": "/data/etcd" }, "graylog-server": { "journal_directory": "/data/journal" } } -
How to change the default
timezone?Solution: Change the
timezonevalue to what you like,eg.timezone = "Asia/Chongqing" -
How to change the memory
graylog-serverwill use?Solution: Add attributes to the
custom_attributessection,eg."custom_attributes": { "graylog-server": { "memory": "1700m" }, "elasticsearch": { "memory": "2200m" } } -
How to change the
retention_strategyofgraylog-servertoclose?Solution: Add attributes to the
custom_attributessection,eg."custom_attributes": { "graylog-server": { "retention_strategy": "close" } }
Note:
After change the graylog-settings.json,make sure to trigger the reconfiguration to make it take effect.
sudo graylog-ctl reconfigure
You can find all the currently available attributes here : https://github.com/Graylog2/omnibus-graylog2/blob/1.2/files/graylog-cookbooks/graylog/attributes/default.rb
And in fact you can configure every detail of Graylog by using our Chef or Puppet recipes: https://github.com/Graylog2/graylog2-cookbook https://github.com/Graylog2/graylog2-puppet