Recently I've been migrating to new infrastructure -- I will most definitely write about it more in separate post(s) -- and I found myself in need of some centralized log server. I played a bit with different tools and eventually settled with graylog2. Current setup looks as follows:
Eventually I'd love to put Elasticsearch and MongoDB on separate machine(s) and add one more node for graylog2-radio and RabbitMQ (though preferably having both on separate boxes too), but this can wait and I needed working solution as fast as possible. Speaking of which, what seems to be the...
graylog2 is shipped as a script ready for running straight away (of course right after installating and configuring all of its dependencies). The thing is, that it's Java based and there are no OS starting scripts included. Well that sucks a tiny bit, cause after latest system upgrade and rebooting to new kernel, graylog2 is pretty much dead (see? This is exactly where graylog2-radio + RabbitMQ would jump in and save the day!).
But... but... systemd?
Indeed. Both nodes mentioned earlier are running Debian Jessie with systemd serving as a system management daemon. It's working flawlessly, faster than light and pretty freaking stable -- all at the same time. If you are scratching your head or, even worse, nodding in disbelief -- stop. Deploy, test and see for yourself how awesome it is (;
You can grab both scripts from my GitHub repo. Feel free to fork me and don't forget to pull request.
Due to my specific setup, several assumtpions have been made:
- systemd is in version 208 or newer
- graylog2-server is located in /opt/graylog2-server
- graylog2-web is located in /opt/graylog2-web
- graylog2-server is running on the same machine as Elasticsearch and MongoDB
Regarding point number 1: this may work on various different systemd versions, I just haven't check it.
Regarding points number 2 and 3: PATHs can be adjusted to whatever your needs are -- just provide them in the scripts and you'll be good to go.
Regarding last point -- if you are lucky enough to have separate machine for these three services than feel free to remove Requires section from graylog2-server.service file.
In case anything in the script is not clear, be sure to read
systemd.unit(5) (sections especially worth mentioning: BindTo and Requires).
This one, assuming all is in place, is fairly simple:
sudo wget -O /lib/systemd/system/graylog2-server.service https://raw.githubusercontent.com/hadret/scripts-graylog2/master/graylog2-server.service sudo systemctl enable graylog2-server sudo systemctl start graylog2-server
sudo wget -O /lib/systemd/system/graylog2-web.service https://raw.githubusercontent.com/hadret/scripts-graylog2/master/graylog2-web.service sudo systemctl enable graylog2-web sudo systemctl start graylog2-web
Well, what else are you waiting for?
Deploy the script and run the hell out of it! (: