参考

https://www.cnblogs.com/davidwang456/p/4485433.html?_t=1443088424295

https://segmentfault.com/a/1190000009550668

https://blog.csdn.net/huixueyi/article/details/81117379

https://www.cnblogs.com/FlyAway2013/p/10944836.html


redhat6.5 通过yum安装如下组件

java-1.8.0-openjdk-1.8.0.242.b07-1.el6_10.x86_64

mongodb-server-2.4.14-4.el6.x86_64(元数据)

graylog-server-2.3.2-1.noarch (日志展示与搜索)

elasticsearch-2.4.6-1.noarch (日志数据)

rsyslog-5.8.10-12.el6.x86_64  (采集)


问题:

1、由于配置yum通过代理proxy=http://192.168.1.250:3128访问互联网,后因主机变更了IP导致Squid服务配置未允许其代理访问,排查了半天

2、先安装了elasticsearch5.x启动正常,但是graylog始终提示“graylog Could not load field information”,且elasticsearch.yml配置改network.host后无法启动,后安装elasticsearch2.x正常

3、graylog的inputs里syslog tcp无法接收数据,gelf udp能接收WAF日志而无法显示和查询,最后rsyslog.conf配置*.* @@192.168.0.245:5142终于能显示和查询收集的日志数据


参考以下链接在同个主机上安装了loganalyzer+apache+php+mysql日志服务器

https://www.cnblogs.com/mchina/p/linux-centos-rsyslog-loganalyzer-mysql-log-server.html