{"id":327563,"date":"2022-01-10T08:56:38","date_gmt":"2022-01-10T08:56:38","guid":{"rendered":"http:\/\/savepearlharbor.com\/?p=327563"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T21:00:00","slug":"","status":"publish","type":"post","link":"https:\/\/savepearlharbor.com\/?p=327563","title":{"rendered":"<span>\u041f\u043e\u0434\u043d\u0438\u043c\u0430\u0435\u043c Graylog \u0441\u0435\u0440\u0432\u0435\u0440 \u043d\u0430 AlmaLinux 8.5<\/span>"},"content":{"rendered":"<div><\/div>\n<div id=\"post-content-body\" class=\"article-formatted-body article-formatted-body_version-2\">\n<div xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\">\n<figure class=\"full-width\"><img decoding=\"async\" src=\"\/img\/image-loader.svg\" height=\"450\" data-src=\"https:\/\/habrastorage.org\/getpro\/habr\/upload_files\/827\/528\/cd4\/827528cd45485f05a930a5259da85c79.png\" data-width=\"800\"\/><figcaption><\/figcaption><\/figure>\n<p>\u0412\u0441\u0435\u043c \u043f\u0440\u0438\u0432\u0435\u0442! \u0414\u0430\u043d\u043d\u043e\u0435 \u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u043e \u043f\u043e\u043c\u043e\u0436\u0435\u0442 \u0432\u0430\u043c \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0435 \u043b\u043e\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u043e\u0431\u044b\u0442\u0438\u0439 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 Graylog \u0432\u0435\u0440\u0441\u0438\u0438 4.2.1 (\u043d\u0430 \u043c\u043e\u043c\u0435\u043d\u0442 \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u0438\u044f \u0441\u0442\u0430\u0442\u044c\u0438). \u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043c\u044b \u0431\u0443\u0434\u0435\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0443\u044e \u0441\u0438\u0441\u0442\u0435\u043c\u0443 AlmaLinux 8.5 (\u0430\u043b\u044c\u0442\u0435\u0440\u043d\u0430\u0442\u0438\u0432\u0430 CentOS 8 \u043e\u0442 Red Hat). \u0412 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 Graylog, \u043c\u044b \u0440\u0430\u0441\u0441\u043c\u043e\u0442\u0440\u0438\u043c \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u0443\u044e \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0430, \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0443 \u043f\u0440\u0430\u0432\u0438\u043b \u0444\u0430\u0439\u0440\u0432\u043e\u043b\u0430, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 NGINX \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043e\u0431\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u043a\u0441\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0443 Graylog\u2019\u0430.<\/p>\n<p>\u0412\u0432\u043e\u0434\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435:<\/p>\n<ol>\n<li>\n<p>\u0421\u0432\u0435\u0436\u0435\u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0439 \u0441\u0435\u0440\u0432\u0435\u0440 \u043d\u0430 \u0431\u0430\u0437\u0435 AlmaLinux release 8.5 (Arctic Sphynx);<\/p>\n<\/li>\n<li>\n<p>8 CPUs, 15 GB RAM \u0438 \u0440\u0430\u0437\u0434\u0435\u043b \u043f\u043e\u0434\u043a\u0430\u0447\u043a\u0438 \u0440\u0430\u0437\u043c\u0435\u0440\u043e\u043c 4 GB;<\/p>\n<\/li>\n<li>\n<p>Graylog \u0431\u0443\u0434\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u043f\u043e \u0430\u0434\u0440\u0435\u0441\u0443 <em>https:\/\/logs.example.com<\/em><\/p>\n<\/li>\n<\/ol>\n<p>\u041f\u043e\u0441\u043b\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b AlmaLinux, \u043d\u0430\u043c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0435\u0451 \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u0442\u044c \u0434\u043b\u044f \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u0433\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f. \u0422\u043e \u0435\u0441\u0442\u044c \u0443\u0441\u0438\u043b\u0438\u0442\u044c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043a \u0434\u0435\u043c\u043e\u043d\u0430 sshd, \u0432\u044b\u0431\u0440\u0430\u0442\u044c \u0447\u0430\u0441\u043e\u0432\u043e\u0439 \u043f\u043e\u044f\u0441, \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u0442\u044c \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u044e \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043f\u0430\u043a\u0435\u0442\u044b \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u0438 \u0442. \u043f.<\/p>\n<p>\u041d\u0430\u043f\u0438\u0448\u0435\u043c \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u043e\u0439 \u0441\u043a\u0440\u0438\u043f\u0442 \u0434\u043b\u044f \u044d\u0442\u043e\u0433\u043e:<\/p>\n<pre><code>vi \/root\/AlmaLinux8-setup.sh #!\/bin\/bash  echo \"Disabling SELinux mode...\" sed -i 's\/SELINUX=enforcing\/SELINUX=disabled\/g' \/etc\/selinux\/config setenforce 0  echo \"Disabling FirewallD...\" systemctl stop firewalld systemctl disable firewalld  echo \"Installing iptables utils...\" dnf install iptables-services iptstate -y systemctl enable --now iptables.service  echo \"Hardening SSH configuration...\" sed -i 's\/#AddressFamily any\/AddressFamily inet\/g' \/etc\/ssh\/sshd_config sed -i 's\/#LoginGraceTime 2m\/LoginGraceTime 1m\/g' \/etc\/ssh\/sshd_config sed -i 's\/#MaxAuthTries 6\/MaxAuthTries 2\/g' \/etc\/ssh\/sshd_config sed -i 's\/#MaxSessions 10\/MaxSessions 3\/g' \/etc\/ssh\/sshd_config sed -i 's\/#AllowAgentForwarding yes\/AllowAgentForwarding no\/g' \/etc\/ssh\/sshd_config sed -i 's\/#AllowTcpForwarding yes\/AllowTcpForwarding no\/g' \/etc\/ssh\/sshd_config sed -i 's\/X11Forwarding yes\/X11Forwarding no\/g' \/etc\/ssh\/sshd_config systemctl reload sshd  echo \"Configure NTP client...\" rm -f \/etc\/localtime ln -s \/usr\/share\/zoneinfo\/Europe\/Moscow \/etc\/localtime sed -i 's\/OPTIONS=\"\"\/OPTIONS=\"-4\"\/g' \/etc\/sysconfig\/chronyd systemctl restart chronyd  echo \"Installing additional utils...\" dnf check-update dnf install dnf-utils -y dnf install epel-release -y dnf install bind-utils htop iftop lsof net-tools nmap-ncat pwgen rsync screen sysstat unzip wget -y  echo \"If RAM is used on 90%, activate swap...\" echo 'vm.swappiness=10' >> \/etc\/sysctl.conf echo \"Set maximum socket receive buffer size\u2026\" echo 'net.core.rmem_max=524288' >> \/etc\/sysctl.conf sysctl -p<\/code><\/pre>\n<p>\u0414\u0435\u043b\u0430\u0435\u043c \u0441\u043a\u0440\u0438\u043f\u0442 \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u043c \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u043c:<\/p>\n<pre><code>chmod u+x \/root\/AlmaLinux8-setup.sh \/root\/AlmaLinux8-setup.sh<\/code><\/pre>\n<p>\u0414\u0430\u043b\u0435\u0435 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u0442\u044c \u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438 \u0442\u0440\u0430\u0444\u0438\u043a\u0430, \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c bash \u0441\u043a\u0440\u0438\u043f\u0442, \u0441 \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u0443\u0434\u043e\u0431\u043d\u043e \u0431\u0443\u0434\u0435\u0442 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u043f\u0440\u0430\u0432\u0438\u043b\u0430\u043c\u0438 \u0444\u0430\u0439\u0440\u0432\u043e\u043b\u0430:<\/p>\n<pre><code>vi \/root\/iptables_rules.sh #!\/bin\/bash  # vars ipt=\"iptables\" ext_if=\"ens192\"  # flush rules $ipt -F $ipt -F -t nat $ipt -F -t mangle $ipt -X $ipt -X -t nat $ipt -X -t mangle  # default policies $ipt -P INPUT DROP $ipt -P FORWARD DROP $ipt -P OUTPUT ACCEPT  # accept established and related connections $ipt -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT  # allow icmp traffic $ipt -A INPUT -p icmp -j ACCEPT  # allow traffic to loopback $ipt -A INPUT -i lo -j ACCEPT  # allow ssh connections to host  $ipt -A INPUT -i $ext_if -p tcp -m state --state NEW --dport 22 -j ACCEPT  # allow web traffic to host $ipt -A INPUT -i $ext_if -p tcp -m state --state NEW -m multiport --dports 80,443 -j ACCEPT  # show rules $ipt -S<\/code><\/pre>\n<p>\u0422\u0430\u043a\u0436\u0435 \u0434\u0435\u043b\u0430\u0435\u043c \u0441\u043a\u0440\u0438\u043f\u0442 \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u043c \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u043c:<\/p>\n<pre><code>chmod u+x \/root\/iptables_rules.sh \/root\/iptables_rules.sh<\/code><\/pre>\n<p>\u0415\u0441\u043b\u0438 \u0442\u0435\u043a\u0443\u0449\u0438\u0435 \u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0444\u0430\u0439\u0440\u0432\u043e\u043b\u0430 \u0432\u0430\u0441 \u0443\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u044e\u0442, \u043c\u043e\u0436\u043d\u043e \u0441\u043e\u0445\u0440\u0430\u043d\u0438\u0442\u044c \u0438 \u0434\u043e\u0431\u0430\u0432\u0438\u0442\u044c \u0438\u0445 \u0432 \u0430\u0432\u0442\u043e\u0437\u0430\u043f\u0443\u0441\u043a:<\/p>\n<pre><code>\/sbin\/iptables-save > \/etc\/sysconfig\/iptables<\/code><\/pre>\n<p>\u0414\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b Elasticsearch \u0438 Graylog \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u0430 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430 Java \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435:<\/p>\n<pre><code>dnf install java-1.8.0-openjdk-headless.x86_64 -y java -version<\/code><\/pre>\n<p>\u0414\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 Elasticsearch, \u0438\u043c\u043f\u043e\u0440\u0442\u0438\u0440\u0443\u0435\u043c \u0432\u043d\u0430\u0447\u0430\u043b\u0435 \u043a\u043b\u044e\u0447 \u0441 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u0438 \u0441\u043e\u0437\u0434\u0430\u0435\u043c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0439 \u0444\u0430\u0439\u043b \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f:<\/p>\n<pre><code>rpm --import https:\/\/artifacts.elastic.co\/GPG-KEY-elasticsearch cat &lt;&lt;'EOT' >> \/etc\/yum.repos.d\/elasticsearch.repo [elasticsearch-7.x] name=Elasticsearch repository for 7.x packages baseurl=https:\/\/artifacts.elastic.co\/packages\/oss-7.x\/yum gpgcheck=1 gpgkey=https:\/\/artifacts.elastic.co\/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md EOT<\/code><\/pre>\n<p>\u0423\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0435\u043c Elasticsearch \u043a\u043e\u043c\u0430\u043d\u0434\u043e\u0439:<\/p>\n<pre><code>dnf install elasticsearch-oss -y<\/code><\/pre>\n<p>\u0422\u0435\u043f\u0435\u0440\u044c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043e\u0442\u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0439 \u0444\u0430\u0439\u043b Elasticsearch \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 Graylog. \u0414\u043e\u0431\u0430\u0432\u044c\u0442\u0435 \u0432 \u043a\u043e\u043d\u0435\u0446 \u0444\u0430\u0439\u043b\u0430 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b:<\/p>\n<pre><code>echo 'cluster.name: graylog' >> \/etc\/elasticsearch\/elasticsearch.yml echo 'action.auto_create_index: false' >> \/etc\/elasticsearch\/elasticsearch.yml<\/code><\/pre>\n<p>\u0423\u0432\u0435\u043b\u0438\u0447\u0438\u0432\u0430\u0435\u043c \u043e\u0431\u044a\u0435\u043c Java JVM heap size \u0434\u043b\u044f Elasticsearch \u0434\u043e 4 GB (\u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u0439 \u0440\u0430\u0437\u043c\u0435\u0440 1 GB):<\/p>\n<pre><code>vi \/etc\/elasticsearch\/jvm.options -Xms4g -Xmx4g<\/code><\/pre>\n<p>\u041f\u043e\u0441\u043b\u0435 \u0432\u043d\u0435\u0441\u0435\u043d\u043d\u044b\u0445 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0439 \u043c\u043e\u0436\u043d\u043e \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c Elasticsearch:<\/p>\n<pre><code>systemctl daemon-reload systemctl enable --now elasticsearch systemctl status elasticsearch ss -tlpn | grep java<\/code><\/pre>\n<p>\u0414\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 MongoDB, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0432\u043d\u0430\u0447\u0430\u043b\u0435 \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0439 \u0444\u0430\u0439\u043b \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f:<\/p>\n<pre><code>cat &lt;&lt;'EOT' >> \/etc\/yum.repos.d\/mongodb-org-5.0.repo [mongodb-org-5.0] name=MongoDB Repository baseurl=https:\/\/repo.mongodb.org\/yum\/redhat\/$releasever\/mongodb-org\/5.0\/x86_64\/ gpgcheck=1 enabled=1 gpgkey=https:\/\/www.mongodb.org\/static\/pgp\/server-5.0.asc EOT<\/code><\/pre>\n<p>\u0423\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0435\u043c MongoDB \u043a\u043e\u043c\u0430\u043d\u0434\u043e\u0439:<\/p>\n<pre><code>dnf install mongodb-org -y<\/code><\/pre>\n<p>\u0417\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u043c \u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c MongoDB:<\/p>\n<pre><code>systemctl daemon-reload systemctl enable --now mongod systemctl status mongod ss -tlpn | grep mongod<\/code><\/pre>\n<p>\u0414\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 Graylog \u0441\u043a\u0430\u0447\u0438\u0432\u0430\u0435\u043c \u0444\u0430\u0439\u043b \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f:<\/p>\n<pre><code>rpm -Uvh https:\/\/packages.graylog2.org\/repo\/packages\/graylog-4.2-repository_latest.rpm<\/code><\/pre>\n<p>\u0423\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0435\u043c Graylog \u043a\u043e\u043c\u0430\u043d\u0434\u043e\u0439:<\/p>\n<pre><code>dnf install graylog-server -y<\/code><\/pre>\n<p>\u0414\u0430\u043b\u0435\u0435 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0441\u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0435\u043a\u0440\u0435\u0442\u043d\u044b\u0439 \u043f\u0430\u0440\u043e\u043b\u044c \u0438 \u043d\u0430\u0437\u043d\u0430\u0447\u0438\u0442\u044c \u0435\u0433\u043e \u0432 \u0441\u0442\u0440\u043e\u043a\u0435 <strong>password_secret<\/strong> \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u043c \u0444\u0430\u0439\u043b\u0435 \/etc\/graylog\/server\/server.conf.<\/p>\n<pre><code>pwgen -N 1 -s 96<\/code><\/pre>\n<p>\u0417\u0430\u0442\u0435\u043c \u043d\u0430\u0437\u043d\u0430\u0447\u044c\u0442\u0435 \u0445\u044d\u0448 \u043f\u0430\u0440\u043e\u043b\u044f \u0434\u043b\u044f <strong>root_password_sha2<\/strong> \u0432 \/etc\/graylog\/server\/server.conf:<\/p>\n<pre><code>echo -n P@$$w0rd | sha256sum<\/code><\/pre>\n<p>\u0423\u0432\u0435\u043b\u0438\u0447\u0438\u0432\u0430\u0435\u043c \u043e\u0431\u044a\u0435\u043c Java JVM heap size \u0434\u043b\u044f Graylog \u0434\u043e 4 GB (\u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u0439 \u0440\u0430\u0437\u043c\u0435\u0440 1 GB):<\/p>\n<pre><code>vi \/etc\/sysconfig\/graylog-server GRAYLOG_SERVER_JAVA_OPTS=\"-Xms4g -Xmx4g -XX:NewRatio=1 -server -XX:+ResizeTLAB -XX:-OmitStackTraceInFastThrow\"<\/code><\/pre>\n<p>\u041f\u043e\u0441\u043b\u0435 \u0432\u043d\u0435\u0441\u0435\u043d\u043d\u044b\u0445 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0439 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u043c Graylog:<\/p>\n<pre><code>systemctl daemon-reload systemctl enable --now graylog-server systemctl status graylog-server ss -tlpn | grep ':9000' cat \/var\/log\/graylog-server\/server.log<\/code><\/pre>\n<p>\u0422\u0430\u043a \u043a\u0430\u043a Graylog \u0443 \u043d\u0430\u0441 \u0431\u0443\u0434\u0435\u0442 \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u044c\u0441\u044f \u0437\u0430 \u043e\u0431\u0440\u0430\u0442\u043d\u044b\u043c \u043f\u0440\u043e\u043a\u0441\u0438, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c NGINX \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0432\u0430\u043b\u0438\u0434\u043d\u044b\u0435 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u044b \u0434\u043b\u044f \u0434\u043e\u043c\u0435\u043d\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e certbot:<\/p>\n<pre><code>dnf install nginx certbot-nginx -y systemctl enable --now nginx certbot certonly --nginx -d logs.example.com cat &lt;&lt;'EOT' >> \/etc\/nginx\/conf.d\/logs_example_com.conf server {     listen       80;     server_name  logs.example.com;      return 301 https:\/\/$host$request_uri;      root \/usr\/share\/nginx\/html;      location \/ {         deny all;     }      location ^~ \/.well-known {         default_type 'text\/plain';         allow all;     }      location = \/favicon.ico {         log_not_found off;         access_log off;     }      error_log   \/var\/log\/nginx\/logs_example_com_error.log error;     access_log  \/var\/log\/nginx\/logs_example_com_access.log; }  server {     listen      443 ssl;     server_name logs.example.com;      ssl_certificate \/etc\/letsencrypt\/live\/logs.example.com\/fullchain.pem;     ssl_certificate_key \/etc\/letsencrypt\/live\/logs.example.com\/privkey.pem;     ssl_protocols TLSv1.2 TLSv1.3;     ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;     ssl_prefer_server_ciphers off;     ssl_session_cache shared:SSL:10m;      root \/usr\/share\/nginx\/html;      location \/ {         proxy_set_header Host $http_host;         proxy_set_header X-Forwarded-Host $host;         proxy_set_header X-Forwarded-Server $host;         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;         proxy_set_header X-Graylog-Server-URL https:\/\/$server_name\/;         proxy_pass       http:\/\/127.0.0.1:9000;     }      location ^~ \/.well-known {         default_type 'text\/plain';         allow all;     }      error_log   \/var\/log\/nginx\/logs_example_com_ssl_error.log error;     access_log  \/var\/log\/nginx\/logs_example_com_ssl_access.log; } EOT<\/code><\/pre>\n<p>\u041f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c \u0438 \u043f\u0435\u0440\u0435\u0447\u0438\u0442\u044b\u0432\u0430\u0435\u043c \u043a\u043e\u043d\u0444\u0438\u0433 nginx:<\/p>\n<pre><code>nginx -t nginx -s reload<\/code><\/pre>\n<p>\u041e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u043c \u0441\u0430\u0439\u0442 \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435:<\/p>\n<pre><code>http:\/\/logs.example.com<\/code><\/pre>\n<p>\u041f\u043e\u0437\u0434\u0440\u0430\u0432\u043b\u044f\u0435\u043c! \u0412\u044b \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u043b\u0438 Graylog. \u0411\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u0438\u043c \u0437\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u044d\u0442\u043e\u0433\u043e \u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u0430 \u043f\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0435 Graylog \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 AlmaLinux 8.5 (Arctic Sphynx). \u0414\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c \u043f\u043e\u0441\u0435\u0442\u0438\u0442\u044c <a href=\"https:\/\/www.graylog.org\">\u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 \u0441\u0430\u0439\u0442<\/a> Graylog.<\/p>\n<\/div>\n<\/div>\n<p> <!----> <!----><br \/> \u0441\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u043e\u0440\u0438\u0433\u0438\u043d\u0430\u043b \u0441\u0442\u0430\u0442\u044c\u0438 <a href=\"https:\/\/habr.com\/ru\/company\/timeweb\/blog\/597365\/\"> https:\/\/habr.com\/ru\/company\/timeweb\/blog\/597365\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<div><\/div>\n<div id=\"post-content-body\" class=\"article-formatted-body article-formatted-body_version-2\">\n<div xmlns=\"http:\/\/www.w3.org\/1999\/xhtml\">\n<figure class=\"full-width\"><figcaption><\/figcaption><\/figure>\n<p>\u0412\u0441\u0435\u043c \u043f\u0440\u0438\u0432\u0435\u0442! \u0414\u0430\u043d\u043d\u043e\u0435 \u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u043e \u043f\u043e\u043c\u043e\u0436\u0435\u0442 \u0432\u0430\u043c \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0446\u0435\u043d\u0442\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u043e\u0435 \u043b\u043e\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u043e\u0431\u044b\u0442\u0438\u0439 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 Graylog \u0432\u0435\u0440\u0441\u0438\u0438 4.2.1 (\u043d\u0430 \u043c\u043e\u043c\u0435\u043d\u0442 \u043d\u0430\u043f\u0438\u0441\u0430\u043d\u0438\u044f \u0441\u0442\u0430\u0442\u044c\u0438). \u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u043c\u044b \u0431\u0443\u0434\u0435\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0443\u044e \u0441\u0438\u0441\u0442\u0435\u043c\u0443 AlmaLinux 8.5 (\u0430\u043b\u044c\u0442\u0435\u0440\u043d\u0430\u0442\u0438\u0432\u0430 CentOS 8 \u043e\u0442 Red Hat). \u0412 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 Graylog, \u043c\u044b \u0440\u0430\u0441\u0441\u043c\u043e\u0442\u0440\u0438\u043c \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u0443\u044e \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0430, \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0443 \u043f\u0440\u0430\u0432\u0438\u043b \u0444\u0430\u0439\u0440\u0432\u043e\u043b\u0430, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 NGINX \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043e\u0431\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u043a\u0441\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0443 Graylog\u2019\u0430.<\/p>\n<p>\u0412\u0432\u043e\u0434\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435:<\/p>\n<ol>\n<li>\n<p>\u0421\u0432\u0435\u0436\u0435\u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0439 \u0441\u0435\u0440\u0432\u0435\u0440 \u043d\u0430 \u0431\u0430\u0437\u0435 AlmaLinux release 8.5 (Arctic Sphynx);<\/p>\n<\/li>\n<li>\n<p>8 CPUs, 15 GB RAM \u0438 \u0440\u0430\u0437\u0434\u0435\u043b \u043f\u043e\u0434\u043a\u0430\u0447\u043a\u0438 \u0440\u0430\u0437\u043c\u0435\u0440\u043e\u043c 4 GB;<\/p>\n<\/li>\n<li>\n<p>Graylog \u0431\u0443\u0434\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u043f\u043e \u0430\u0434\u0440\u0435\u0441\u0443 <em>https:\/\/logs.example.com<\/em><\/p>\n<\/li>\n<\/ol>\n<p>\u041f\u043e\u0441\u043b\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b AlmaLinux, \u043d\u0430\u043c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0435\u0451 \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u0442\u044c \u0434\u043b\u044f \u0434\u0430\u043b\u044c\u043d\u0435\u0439\u0448\u0435\u0433\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f. \u0422\u043e \u0435\u0441\u0442\u044c \u0443\u0441\u0438\u043b\u0438\u0442\u044c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043a \u0434\u0435\u043c\u043e\u043d\u0430 sshd, \u0432\u044b\u0431\u0440\u0430\u0442\u044c \u0447\u0430\u0441\u043e\u0432\u043e\u0439 \u043f\u043e\u044f\u0441, \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u0442\u044c \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u044e \u0432\u0440\u0435\u043c\u0435\u043d\u0438 \u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u043f\u0430\u043a\u0435\u0442\u044b \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u0438 \u0442. \u043f.<\/p>\n<p>\u041d\u0430\u043f\u0438\u0448\u0435\u043c \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u043e\u0439 \u0441\u043a\u0440\u0438\u043f\u0442 \u0434\u043b\u044f \u044d\u0442\u043e\u0433\u043e:<\/p>\n<pre><code>vi \/root\/AlmaLinux8-setup.sh #!\/bin\/bash  echo \"Disabling SELinux mode...\" sed -i 's\/SELINUX=enforcing\/SELINUX=disabled\/g' \/etc\/selinux\/config setenforce 0  echo \"Disabling FirewallD...\" systemctl stop firewalld systemctl disable firewalld  echo \"Installing iptables utils...\" dnf install iptables-services iptstate -y systemctl enable --now iptables.service  echo \"Hardening SSH configuration...\" sed -i 's\/#AddressFamily any\/AddressFamily inet\/g' \/etc\/ssh\/sshd_config sed -i 's\/#LoginGraceTime 2m\/LoginGraceTime 1m\/g' \/etc\/ssh\/sshd_config sed -i 's\/#MaxAuthTries 6\/MaxAuthTries 2\/g' \/etc\/ssh\/sshd_config sed -i 's\/#MaxSessions 10\/MaxSessions 3\/g' \/etc\/ssh\/sshd_config sed -i 's\/#AllowAgentForwarding yes\/AllowAgentForwarding no\/g' \/etc\/ssh\/sshd_config sed -i 's\/#AllowTcpForwarding yes\/AllowTcpForwarding no\/g' \/etc\/ssh\/sshd_config sed -i 's\/X11Forwarding yes\/X11Forwarding no\/g' \/etc\/ssh\/sshd_config systemctl reload sshd  echo \"Configure NTP client...\" rm -f \/etc\/localtime ln -s \/usr\/share\/zoneinfo\/Europe\/Moscow \/etc\/localtime sed -i 's\/OPTIONS=\"\"\/OPTIONS=\"-4\"\/g' \/etc\/sysconfig\/chronyd systemctl restart chronyd  echo \"Installing additional utils...\" dnf check-update dnf install dnf-utils -y dnf install epel-release -y dnf install bind-utils htop iftop lsof net-tools nmap-ncat pwgen rsync screen sysstat unzip wget -y  echo \"If RAM is used on 90%, activate swap...\" echo 'vm.swappiness=10' >> \/etc\/sysctl.conf echo \"Set maximum socket receive buffer size\u2026\" echo 'net.core.rmem_max=524288' >> \/etc\/sysctl.conf sysctl -p<\/code><\/pre>\n<p>\u0414\u0435\u043b\u0430\u0435\u043c \u0441\u043a\u0440\u0438\u043f\u0442 \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u043c \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u043c:<\/p>\n<pre><code>chmod u+x \/root\/AlmaLinux8-setup.sh \/root\/AlmaLinux8-setup.sh<\/code><\/pre>\n<p>\u0414\u0430\u043b\u0435\u0435 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u0442\u044c \u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0444\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u0438 \u0442\u0440\u0430\u0444\u0438\u043a\u0430, \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c bash \u0441\u043a\u0440\u0438\u043f\u0442, \u0441 \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u0443\u0434\u043e\u0431\u043d\u043e \u0431\u0443\u0434\u0435\u0442 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u043f\u0440\u0430\u0432\u0438\u043b\u0430\u043c\u0438 \u0444\u0430\u0439\u0440\u0432\u043e\u043b\u0430:<\/p>\n<pre><code>vi \/root\/iptables_rules.sh #!\/bin\/bash  # vars ipt=\"iptables\" ext_if=\"ens192\"  # flush rules $ipt -F $ipt -F -t nat $ipt -F -t mangle $ipt -X $ipt -X -t nat $ipt -X -t mangle  # default policies $ipt -P INPUT DROP $ipt -P FORWARD DROP $ipt -P OUTPUT ACCEPT  # accept established and related connections $ipt -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT  # allow icmp traffic $ipt -A INPUT -p icmp -j ACCEPT  # allow traffic to loopback $ipt -A INPUT -i lo -j ACCEPT  # allow ssh connections to host  $ipt -A INPUT -i $ext_if -p tcp -m state --state NEW --dport 22 -j ACCEPT  # allow web traffic to host $ipt -A INPUT -i $ext_if -p tcp -m state --state NEW -m multiport --dports 80,443 -j ACCEPT  # show rules $ipt -S<\/code><\/pre>\n<p>\u0422\u0430\u043a\u0436\u0435 \u0434\u0435\u043b\u0430\u0435\u043c \u0441\u043a\u0440\u0438\u043f\u0442 \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u043c \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u043c:<\/p>\n<pre><code>chmod u+x \/root\/iptables_rules.sh \/root\/iptables_rules.sh<\/code><\/pre>\n<p>\u0415\u0441\u043b\u0438 \u0442\u0435\u043a\u0443\u0449\u0438\u0435 \u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0444\u0430\u0439\u0440\u0432\u043e\u043b\u0430 \u0432\u0430\u0441 \u0443\u0441\u0442\u0440\u0430\u0438\u0432\u0430\u044e\u0442, \u043c\u043e\u0436\u043d\u043e \u0441\u043e\u0445\u0440\u0430\u043d\u0438\u0442\u044c \u0438 \u0434\u043e\u0431\u0430\u0432\u0438\u0442\u044c \u0438\u0445 \u0432 \u0430\u0432\u0442\u043e\u0437\u0430\u043f\u0443\u0441\u043a:<\/p>\n<pre><code>\/sbin\/iptables-save > \/etc\/sysconfig\/iptables<\/code><\/pre>\n<p>\u0414\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b Elasticsearch \u0438 Graylog \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u0430 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430 Java \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435:<\/p>\n<pre><code>dnf install java-1.8.0-openjdk-headless.x86_64 -y java -version<\/code><\/pre>\n<p>\u0414\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 Elasticsearch, \u0438\u043c\u043f\u043e\u0440\u0442\u0438\u0440\u0443\u0435\u043c \u0432\u043d\u0430\u0447\u0430\u043b\u0435 \u043a\u043b\u044e\u0447 \u0441 \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u0438 \u0441\u043e\u0437\u0434\u0430\u0435\u043c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0439 \u0444\u0430\u0439\u043b \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f:<\/p>\n<pre><code>rpm --import https:\/\/artifacts.elastic.co\/GPG-KEY-elasticsearch cat &lt;&lt;'EOT' >> \/etc\/yum.repos.d\/elasticsearch.repo [elasticsearch-7.x] name=Elasticsearch repository for 7.x packages baseurl=https:\/\/artifacts.elastic.co\/packages\/oss-7.x\/yum gpgcheck=1 gpgkey=https:\/\/artifacts.elastic.co\/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md EOT<\/code><\/pre>\n<p>\u0423\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0435\u043c Elasticsearch \u043a\u043e\u043c\u0430\u043d\u0434\u043e\u0439:<\/p>\n<pre><code>dnf install elasticsearch-oss -y<\/code><\/pre>\n<p>\u0422\u0435\u043f\u0435\u0440\u044c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043e\u0442\u0440\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0439 \u0444\u0430\u0439\u043b Elasticsearch \u0434\u043b\u044f \u0440\u0430\u0431\u043e\u0442\u044b \u0441 Graylog. \u0414\u043e\u0431\u0430\u0432\u044c\u0442\u0435 \u0432 \u043a\u043e\u043d\u0435\u0446 \u0444\u0430\u0439\u043b\u0430 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b:<\/p>\n<pre><code>echo 'cluster.name: graylog' >> \/etc\/elasticsearch\/elasticsearch.yml echo 'action.auto_create_index: false' >> \/etc\/elasticsearch\/elasticsearch.yml<\/code><\/pre>\n<p>\u0423\u0432\u0435\u043b\u0438\u0447\u0438\u0432\u0430\u0435\u043c \u043e\u0431\u044a\u0435\u043c Java JVM heap size \u0434\u043b\u044f Elasticsearch \u0434\u043e 4 GB (\u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u0439 \u0440\u0430\u0437\u043c\u0435\u0440 1 GB):<\/p>\n<pre><code>vi \/etc\/elasticsearch\/jvm.options -Xms4g -Xmx4g<\/code><\/pre>\n<p>\u041f\u043e\u0441\u043b\u0435 \u0432\u043d\u0435\u0441\u0435\u043d\u043d\u044b\u0445 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0439 \u043c\u043e\u0436\u043d\u043e \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c Elasticsearch:<\/p>\n<pre><code>systemctl daemon-reload systemctl enable --now elasticsearch systemctl status elasticsearch ss -tlpn | grep java<\/code><\/pre>\n<p>\u0414\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 MongoDB, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0432\u043d\u0430\u0447\u0430\u043b\u0435 \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0439 \u0444\u0430\u0439\u043b \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f:<\/p>\n<pre><code>cat &lt;&lt;'EOT' >> \/etc\/yum.repos.d\/mongodb-org-5.0.repo [mongodb-org-5.0] name=MongoDB Repository baseurl=https:\/\/repo.mongodb.org\/yum\/redhat\/$releasever\/mongodb-org\/5.0\/x86_64\/ gpgcheck=1 enabled=1 gpgkey=https:\/\/www.mongodb.org\/static\/pgp\/server-5.0.asc EOT<\/code><\/pre>\n<p>\u0423\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0435\u043c MongoDB \u043a\u043e\u043c\u0430\u043d\u0434\u043e\u0439:<\/p>\n<pre><code>dnf install mongodb-org -y<\/code><\/pre>\n<p>\u0417\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u043c \u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c MongoDB:<\/p>\n<pre><code>systemctl daemon-reload systemctl enable --now mongod systemctl status mongod ss -tlpn | grep mongod<\/code><\/pre>\n<p>\u0414\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 Graylog \u0441\u043a\u0430\u0447\u0438\u0432\u0430\u0435\u043c \u0444\u0430\u0439\u043b \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f:<\/p>\n<pre><code>rpm -Uvh https:\/\/packages.graylog2.org\/repo\/packages\/graylog-4.2-repository_latest.rpm<\/code><\/pre>\n<p>\u0423\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0435\u043c Graylog \u043a\u043e\u043c\u0430\u043d\u0434\u043e\u0439:<\/p>\n<pre><code>dnf install graylog-server -y<\/code><\/pre>\n<p>\u0414\u0430\u043b\u0435\u0435 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0441\u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u0435\u043a\u0440\u0435\u0442\u043d\u044b\u0439 \u043f\u0430\u0440\u043e\u043b\u044c \u0438 \u043d\u0430\u0437\u043d\u0430\u0447\u0438\u0442\u044c \u0435\u0433\u043e \u0432 \u0441\u0442\u0440\u043e\u043a\u0435 <strong>password_secret<\/strong> \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u043c \u0444\u0430\u0439\u043b\u0435 \/etc\/graylog\/server\/server.conf.<\/p>\n<pre><code>pwgen -N 1 -s 96<\/code><\/pre>\n<p>\u0417\u0430\u0442\u0435\u043c \u043d\u0430\u0437\u043d\u0430\u0447\u044c\u0442\u0435 \u0445\u044d\u0448 \u043f\u0430\u0440\u043e\u043b\u044f \u0434\u043b\u044f <strong>root_password_sha2<\/strong> \u0432 \/etc\/graylog\/server\/server.conf:<\/p>\n<pre><code>echo -n P@$$w0rd | sha256sum<\/code><\/pre>\n<p>\u0423\u0432\u0435\u043b\u0438\u0447\u0438\u0432\u0430\u0435\u043c \u043e\u0431\u044a\u0435\u043c Java JVM heap size \u0434\u043b\u044f Graylog \u0434\u043e 4 GB (\u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u0439 \u0440\u0430\u0437\u043c\u0435\u0440 1 GB):<\/p>\n<pre><code>vi \/etc\/sysconfig\/graylog-server GRAYLOG_SERVER_JAVA_OPTS=\"-Xms4g -Xmx4g -XX:NewRatio=1 -server -XX:+ResizeTLAB -XX:-OmitStackTraceInFastThrow\"<\/code><\/pre>\n<p>\u041f\u043e\u0441\u043b\u0435 \u0432\u043d\u0435\u0441\u0435\u043d\u043d\u044b\u0445 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u0439 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u043c Graylog:<\/p>\n<pre><code>systemctl daemon-reload systemctl enable --now graylog-server systemctl status graylog-server ss -tlpn | grep ':9000' cat \/var\/log\/graylog-server\/server.log<\/code><\/pre>\n<p>\u0422\u0430\u043a \u043a\u0430\u043a Graylog \u0443 \u043d\u0430\u0441 \u0431\u0443\u0434\u0435\u0442 \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u044c\u0441\u044f \u0437\u0430 \u043e\u0431\u0440\u0430\u0442\u043d\u044b\u043c \u043f\u0440\u043e\u043a\u0441\u0438, \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c NGINX \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0432\u0430\u043b\u0438\u0434\u043d\u044b\u0435 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u044b \u0434\u043b\u044f \u0434\u043e\u043c\u0435\u043d\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e certbot:<\/p>\n<pre><code>dnf install nginx certbot-nginx -y systemctl enable --now nginx certbot certonly --nginx -d logs.example.com cat &lt;&lt;'EOT' >> \/etc\/nginx\/conf.d\/logs_example_com.conf server {     listen       80;     server_name  logs.example.com;      return 301 https:\/\/$host$request_uri;      root \/usr\/share\/nginx\/html;      location \/ {         deny all;     }      location ^~ \/.well-known {         default_type 'text\/plain';         allow all;     }      location = \/favicon.ico {         log_not_found off;         access_log off;     }      error_log   \/var\/log\/nginx\/logs_example_com_error.log error;     access_log  \/var\/log\/nginx\/logs_example_com_access.log; }  server {     listen      443 ssl;     server_name logs.example.com;      ssl_certificate \/etc\/letsencrypt\/live\/logs.example.com\/fullchain.pem;     ssl_certificate_key \/etc\/letsencrypt\/live\/logs.example.com\/privkey.pem;     ssl_protocols TLSv1.2 TLSv1.3;     ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;     ssl_prefer_server_ciphers off;     ssl_session_cache shared:SSL:10m;      root \/usr\/share\/nginx\/html;      location \/ {         proxy_set_header Host $http_host;         proxy_set_header X-Forwarded-Host $host;         proxy_set_header X-Forwarded-Server $host;         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;         proxy_set_header X-Graylog-Server-URL https:\/\/$server_name\/;         proxy_pass       http:\/\/127.0.0.1:9000;     }      location ^~ \/.well-known {         default_type 'text\/plain';         allow all;     }      error_log   \/var\/log\/nginx\/logs_example_com_ssl_error.log error;     access_log  \/var\/log\/nginx\/logs_example_com_ssl_access.log; } EOT<\/code><\/pre>\n<p>\u041f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c \u0438 \u043f\u0435\u0440\u0435\u0447\u0438\u0442\u044b\u0432\u0430\u0435\u043c \u043a\u043e\u043d\u0444\u0438\u0433 nginx:<\/p>\n<pre><code>nginx -t nginx -s reload<\/code><\/pre>\n<p>\u041e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u043c \u0441\u0430\u0439\u0442 \u0432 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0435:<\/p>\n<pre><code>http:\/\/logs.example.com<\/code><\/pre>\n<p>\u041f\u043e\u0437\u0434\u0440\u0430\u0432\u043b\u044f\u0435\u043c! \u0412\u044b \u0443\u0441\u043f\u0435\u0448\u043d\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u043b\u0438 Graylog. \u0411\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u0438\u043c \u0437\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u044d\u0442\u043e\u0433\u043e \u0440\u0443\u043a\u043e\u0432\u043e\u0434\u0441\u0442\u0432\u0430 \u043f\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0435 Graylog \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 AlmaLinux 8.5 (Arctic Sphynx). \u0414\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c \u043f\u043e\u0441\u0435\u0442\u0438\u0442\u044c <a href=\"https:\/\/www.graylog.org\">\u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 \u0441\u0430\u0439\u0442<\/a> Graylog.<\/p>\n<\/div>\n<\/div>\n<p> <!----> <!----><br \/> \u0441\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u043e\u0440\u0438\u0433\u0438\u043d\u0430\u043b \u0441\u0442\u0430\u0442\u044c\u0438 <a href=\"https:\/\/habr.com\/ru\/company\/timeweb\/blog\/597365\/\"> https:\/\/habr.com\/ru\/company\/timeweb\/blog\/597365\/<\/a><br \/><\/br><\/br><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-327563","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/327563","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=327563"}],"version-history":[{"count":0,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=\/wp\/v2\/posts\/327563\/revisions"}],"wp:attachment":[{"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=327563"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=327563"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/savepearlharbor.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=327563"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}