我让ELK正在使用Kibana搜索日志,我也试图让Graylog工作。我发现logstash需要添加logstash-output-gelf来将消息转换为GELF格式,所以我安装并重新启动了服务:
[root@dev-graylog bin]# ./logstash-plugin install logstash-output-gelf
Validating logstash-output-gelf
Installing logstash-output-gelf
Installation successful
然后,在我需要收集日志的客户端,我已经以这种方式安装了graylog-sidecar,已经安装了filebeat:
wget https://github.com/Graylog2/collector-sidecar/releases/download/1.0.0/graylog-sidecar-1.0.0-1.x86_64.rpm
tar -vxzf graylog-sidecar-1.0.0-1.x86_64.rpm
sudo rpm -i graylog-sidecar-1.0.0-1.x86_64.rpm
sudo graylog-sidecar -service install
sudo systemctl start graylog-sidecar
我将使用Kibana使用的相同filebeat和logstash实例来设置graylog。灰狗接口已在端口9000上启动并运行,但在运行graylog-sidecar时,我收到错误“未配置API令牌”。我尝试过与Collector Sidecar相关的类似问题中给出的不同解决方案。但是,我已经能够在Graylog Sidecar(新版本)中发现问题。
需要哪种配置来摆脱这个错误?
环境具有以下特征:
运行sudo systemctl启动graylog-sidecar时,我收到以下错误:
[root@c1 sidecar]# sudo systemctl status graylog-sidecar
● graylog-sidecar.service - Wrapper service for Graylog controlled collector
Loaded: loaded (/etc/systemd/system/graylog-sidecar.service; enabled; vendor preset: disabled)
Active: activating (auto-restart) (Result: exit-code) since Wed 2019-02-20 14:21:46 PST; 1min 29s ago
Process: 21640 ExecStart=/usr/bin/graylog-sidecar (code=exited, status=1/FAILURE)
Main PID: 21640 (code=exited, status=1/FAILURE)
Feb 20 14:21:46 c1.local.com systemd[1]: graylog-sidecar.service: main process exited, code=exited, status=1/FAILURE
Feb 20 14:21:46 c1.local.com systemd[1]: Unit graylog-sidecar.service entered failed state.
Feb 20 14:21:46 c1.local.com systemd[1]: graylog-sidecar.service failed.
在日记中,我可以看到以下内容:
Feb 20 14:23:46 c1.local.com systemd[1]: graylog-sidecar.service holdoff time over, scheduling restart.
Feb 20 14:23:46 c1.local.com systemd[1]: Stopped Wrapper service for Graylog controlled collector.
Feb 20 14:23:46 c1.local.com systemd[1]: Started Wrapper service for Graylog controlled collector.
Feb 20 14:23:46 c1.local.com graylog-sidecar[21651]: time="2019-02-20T14:23:46-08:00" level=fatal msg="No API token was configured."
Feb 20 14:23:46 c1.local.com systemd[1]: graylog-sidecar.service: main process exited, code=exited, status=1/FAILURE
Feb 20 14:23:46 c1.local.com systemd[1]: Unit graylog-sidecar.service entered failed state.
Feb 20 14:23:46 c1.local.com systemd[1]: graylog-sidecar.service failed.
在服务器上,graylog.conf:
rest_listen_uri = http://172.28.128.3:9000/api/
web_listen_uri = https://172.28.128.3:9000/
在客户端,sidecar.yml:
# The URL to the Graylog server API.
server_url: "http://172.28.128.3:9000/api/"
# The API token to use to authenticate against the Graylog server API.
# This field is mandatory
server_api_token: ""
# The node ID of the sidecar. This can be a path to a file or an ID string.
# If set to a file and the file doesn't exist, the sidecar will generate an
# unique ID and writes it to the configured path.
#
# Example file path: "file:/etc/graylog/sidecar/node-id"
# Example ID string: "6033137e-d56b-47fc-9762-cd699c11a5a9"
#
# ATTENTION: Every sidecar instance needs a unique ID!
#
node_id: "graylog-collector-sidecar"
# The node name of the sidecar. If this is empty, the sidecar will use the
# hostname of the host it is running on.
#node_name: ""
# The update interval in secods. This configures how often the sidecar will
# contact the Graylog server for keep-alive and configuration update requests.
update_interval: 5
# This configures if the sidecar should skip the verification of TLS connections.
# Default: false
tls_skip_verify: true
# This enables/disables the transmission of detailed sidecar information like
# collector statues, metrics and log file lists. It can be disabled to reduce
# load on the Graylog server if needed. (disables some features in the server UI)
send_status: true
# A list of directories to scan for log files. The sidecar will scan each
# directory for log files and submits them to the server on each update.
#
# Example:
# list_log_files:
# - "/var/log/nginx"
# - "/opt/app/logs"
#
# Default: empty list
list_log_files: []
# Directory where the sidecar stores internal data.
#cache_path: "/var/cache/graylog-sidecar"
# Directory where the sidecar stores logs for collectors and the sidecar itself.
log_path: "/var/log/graylog-sidecar"
# The maximum size of the log file before it gets rotated.
#log_rotate_max_file_size: "10MiB"
# The maximum number of old log files to retain.
#log_rotate_keep_files: 10
# Directory where the sidecar generates configurations for collectors.
#collector_configuration_directory: "/var/lib/graylog-sidecar/generated"
# A list of binaries which are allowed to be executed by the Sidecar. An empty list disables the whitelist feature.
# Wildcards can be used, for a full pattern description see https://golang.org/pkg/path/filepath/#Match
# Example:
# collector_binaries_whitelist:
# - "/usr/bin/filebeat"
# - "/opt/collectors/*"
#
# Example disable whitelisting:
# collector_binaries_whitelist: []
#
# Default:
# collector_binaries_whitelist:
# - "/usr/bin/filebeat"
# - "/usr/bin/packetbeat"
# - "/usr/bin/metricbeat"
# - "/usr/bin/heartbeat"
# - "/usr/bin/auditbeat"
# - "/usr/bin/journalbeat"
# - "/usr/share/filebeat/bin/filebeat"
# - "/usr/share/packetbeat/bin/packetbeat"
# - "/usr/share/metricbeat/bin/metricbeat"
# - "/usr/share/heartbeat/bin/heartbeat"
# - "/usr/share/auditbeat/bin/auditbeat"
# - "/usr/share/journalbeat/bin/journalbeat"
# - "/usr/bin/nxlog"
# - "/opt/nxlog/bin/nxlog"
在客户端,我能够成功执行以下操作:
[root@c1 filebeat]# curl -i -H 'Accept: application/json' 'http://172.28.128.3:9000/api/?pretty=true'
HTTP/1.1 200 OK
X-Graylog-Node-ID: 95c1074c-268c-4996-83ac-8fffeaae901c
X-Runtime-Microseconds: 21775
Content-Type: application/json
Date: Thu, 21 Feb 2019 07:08:08 GMT
Content-Length: 260
{
"cluster_id" : "55dc5eb8-616b-4d37-af4d-572d9cb61a29",
"node_id" : "95c1074c-268c-4996-83ac-8fffeaae901c",
"version" : "3.0.0-beta.2+a5d9cc0",
"tagline" : "Manage your logs in the dark and have lasers going and make it look like you're from space!"
如何解决错误“没有配置API令牌”?这是让ELK和graylog一起工作的最佳方法吗?
谢谢你的帮助
我刚刚今天早上安装了graylog-sidecar,我遇到了同样的问题,但我找到了一个解决方案(没有按照我的意愿进行测试)。
为了启动graylog-sidecar所需的API令牌应该来自Graylog网站。您应该进入系统/身份验证,在“用户”部分,您选择与边车相关的用户。在“操作”列中,如果您在“更多操作”中进行了陈词滥调,您将能够编辑令牌。您只需要记下一个令牌名称,创建它并复制它。然后,您只需将此标记粘贴到graylog-sidecar配置(sidecar.yml - > server_api_token:“API_TOKEN”)并启动服务。
此时,我可以告诉您,并非所有用户都能正常工作,因为graylog-sidecar需要获得执行API查询的权限。
我希望这能回答您关于错误“未配置API令牌”的问题。 关于第二个问题,我无法回答,因为我不使用Kibana和Logstash。