Otu esi etinye Splunk Log Analyzer na CentOS 7
Splunk bụ sọftụwia siri ike, siri ike na nke jikọtara ọnụ zuru oke maka njikwa ndekọ ụlọ ọrụ ozugbo iji nakọta, chekwaa, chọọ, chọpụta ma kọọ ndekọ ọ bụla na data emepụtara igwe, gụnyere ndekọ ahaziri ahazi, enweghị ahaziri yana yana ndekọ ngwa ọtụtụ ahịrị dị mgbagwoju anya.
Ọ na-enye gị ohere ịnakọta, chekwaa, ndenye aha, ịchọ, mekọrịta, iji anya nke uche hụ, nyochaa na ịkọ akụkọ banyere data ndekọ ọ bụla ma ọ bụ data nke igwe mepụtara ngwa ngwa na n'ụzọ a na-emegharị, iji chọpụta ma dozie nsogbu ọrụ na nchekwa.
Na mgbakwunye, splunk na-akwado ụdị njikwa ndekọ dị iche iche dị ka njide ndekọ na njide, nchekwa, nchọpụta nsogbu IT, nchọpụta ngwa yana mkpesa nnabata na ọtụtụ ndị ọzọ.
- Ọ na-adị mfe nha ma jikọta ya nke ọma.
- Na-akwado ma isi mmalite data mpaghara na nke dịpụrụ adịpụ.
- Na-enye ohere ịdepụta data igwe.
- Na-akwado ịchọ na imekọrịta data ọ bụla.
- Na-enye gị ohere ịkụda ala na elu wee tụgharịa data.
- Na-akwado nleba anya na ịdọ aka ná ntị.
- Na-akwadokwa akụkọ na bọọdụ dashboard maka nleba anya.
- Na-enye ohere na-agbanwe agbanwe na ọdụ data mmekọrịta, data ekewapụrụ ubi na faịlụ rikoma-separated (.CSV) ma ọ bụ ụlọ ahịa data ụlọ ọrụ ndị ọzọ dị ka Hadoop ma ọ bụ NoSQL.
- Na-akwado ọtụtụ ụdị njikwa log na ọtụtụ ndị ọzọ.
N'isiokwu a, anyị ga-egosi otu esi etinye ụdị splunk log analyzer kachasị ọhụrụ yana otu esi etinye faịlụ log (isi iyi data) wee chọọ ya maka ihe omume na CentOS 7 (na-arụkwa ọrụ na nkesa RHEL).
- Ihe nkesa RHEL 7 nwere obere nwụnye.
- Obere 12GB Ram
- Linode VPS nwere obere nrụnye CentOS 7.
Wụnye Splunk Log Analyzer iji nyochaa ndekọ CentOS 7
1. Gaa na ebe nrụọrụ weebụ splunk, mepụta akaụntụ wee jide ụdị kachasị ọhụrụ maka sistemụ gị site na ibe nbudata Splunk Enterprise. Ngwunye RPM dị maka Red Hat, CentOS, na ụdị Linux ndị yiri ya.
N'aka nke ọzọ, ịnwere ike ibudata ya ozugbo site na ihe nchọgharị weebụ ma ọ bụ nweta njikọ nbudata, wee jiri wget commandv jide ngwugwu ahụ site na ahịrị iwu dịka egosiri.
# wget -O splunk-7.1.2-a0c72a66db66-linux-2.6-x86_64.rpm 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.1.2&product=splunk&filename=splunk-7.1.2-a0c72a66db66-linux-2.6-x86_64.rpm&wget=true'
2. Ozugbo ị ebudatara ngwugwu ahụ, wụnye Splunk Enterprise RPM na ndekọ ndabere/opt/splunk site na iji njikwa ngwugwu RPM dị ka egosiri.
# rpm -i splunk-7.1.2-a0c72a66db66-linux-2.6-x86_64.rpm warning: splunk-7.1.2-a0c72a66db66-linux-2.6-x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 653fb112: NOKEY useradd: cannot create directory /opt/splunk complete
3. Ọzọ, jiri Splunk Enterprise Command-line interface (CLI) malite ọrụ ahụ.
# /opt/splunk/bin/./splunk start
Gụchaa Nkwekọrịta ikikere SPLUNK SOFTWARE site na ịpị Tinye. Ozugbo ị gụchara ya, a ga-ajụ gị Ị kwenyere na akwụkwọ ikike a? Tinye Y ka ịga n'ihu.
Do you agree with this license? [y/n]: yMepụta nzere maka akaụntụ onye nchịkwa, paswọọdụ gị ga-enwerịrị opekata mpe 8 mkpụrụedemede ASCII enwere ike ibipụta.
Create credentials for the administrator account. Characters do not appear on the screen when you type the password. Password must contain at least: * 8 total printable ASCII character(s). Please enter a new password: Please confirm new password:
4. Ọ bụrụ na faịlụ niile arụnyere adịghị emebi emebi na nyocha mbido mbụ, a ga-amalite splunk server daemon (splunkd), igodo nzuzo 2048 bit RSA ga-eme ka ị nwee ike ịnweta splunk web interface.
All preliminary checks passed.
Starting splunk server daemon (splunkd)...
Generating a 2048 bit RSA private key
......................+++
.....+++
writing new private key to 'privKeySecure.pem'
-----
Signature ok
subject=/CN=tecmint/O=SplunkUser
Getting CA Private Key
writing RSA key
Done
[ OK ]
Waiting for web server at http://127.0.0.1:8000 to be available............. Done
If you get stuck, we're here to help.
Look for answers here: http://docs.splunk.com
The Splunk web interface is at http://tecmint:8000
5. Ọzọ, mepee ọdụ ụgbọ mmiri 8000 nke ihe nkesa Splunk na-ege ntị, na firewall gị na-eji firewall-cmd.
# firewall-cmd --add-port=8000/tcp --permanent # firewall-cmd --reload
6. Mepee ihe nchọgharị weebụ wee pịnye URL ndị a ka ịnweta interface weebụ splunk.
http://SERVER_IP:8000
Iji banye, jiri aha njirimara: admin na paswọọdụ ị mepụtara n'oge usoro nrụnye.
7. Mgbe a ịga nke ọma nbanye, ị ga-ada na splunk admin console gosiri na-esonụ nseta ihuenyo. Iji nyochaa faịlụ ndekọ, dịka ọmụmaatụ /var/log/secure, pịa Tinye Data.
8. Wee pịa Monitor ka ịgbakwunye data sitere na faịlụ.
9. Site na-esote interface, họrọ Files & Directories.
10. Mgbe ahụ hazie ihe atụ iji nyochaa faịlụ na akwụkwọ ndekọ aha maka data. Ka inyochaa ihe niile dị na ndekọ, họrọ ndekọ. Iji nyochaa otu faịlụ, họrọ ya. Pịa Chọgharịa ka ịhọrọ isi iyi data.
11. A ga-egosi gị ndepụta nke akwụkwọ ndekọ aha na mgbọrọgwụ (/) ndekọ gị, gaa na faịlụ ndekọ ịchọrọ inyocha (/var/log/secure) wee pịa Họrọ.
12. Mgbe ahọpụtara isi iyi data, họrọ Continuously Monitor ka ilele faịlụ log ahụ wee pịa Ọzọ ka ịtọlite ụdị isi mmalite.
13. Ọzọ, tọọ ụdị isi iyi maka isi iyi data gị. Maka faịlụ ndekọ ule anyị (/var/log/secure), anyị kwesịrị ịhọrọ Sistemụ arụmọrụ →linux_secure; nke a na-eme ka splunk mara na faịlụ ahụ nwere ozi metụtara nchekwa sitere na sistemụ Linux. Wee pịa Ọzọ ka ịga n'ihu.
14. Ị nwere ike ịtọ ntọala ntinye ọzọ maka ntinye data a na nhọrọ. N'okpuru ọnọdụ ngwa, họrọ Chọọ na mkpesa. Wee pịa Nyochaa. Mgbe nyochachara, pịa Nyefee.
15. Ugbu a emepụtala ntinye faịlụ gị nke ọma. Pịa na Malite ịchọ ka ịchọọ data gị.
16. Ka ilele ntinye data gị niile, gaa na Settings→Data→Data Inputs. Wee pịa ụdị nke ịchọrọ ilele dịka ọmụmaatụ faịlụ & akwụkwọ ndekọ aha.
17. Ndị a bụ iwu ndị ọzọ iji jikwaa (malitegharịa ma ọ bụ kwụsị) splunk daemon.
# /opt/splunk/bin/./splunk restart # /opt/splunk/bin/./splunk stop
Site ugbu a gaa n'ihu, ịnwere ike ịgbakwunye isi mmalite data (mpaghara ma ọ bụ nke dịpụrụ adịpụ site na iji Splunk Forwarder), nyochaa data gị yana/ma ọ bụ wụnye ngwa Splunk maka ịkwalite ọrụ ndabara ya. Ị nwere ike imekwu ihe site n'ịgụ akwụkwọ splunk nyere na ebe nrụọrụ weebụ gọọmentị.
Ebe obibi splunk: https://www.splunk.com/
Nke ahụ bụ maka ugbu a! Splunk bụ sọftụwia njikwa ndekọ ụlọ ọrụ dị ike, siri ike yana jikọtara ọnụ nke ọma. N'isiokwu a, anyị gosiri otu esi etinye splunk log analyzer ọhụrụ na CentOS 7. Ọ bụrụ na ị nwere ajụjụ ọ bụla ma ọ bụ echiche ị ga-ekekọrịta, jiri ụdị nkọwa dị n'okpuru ebe a iji ruo anyị.