kk的blog: graylog 7

顯示具有 graylog 7 標籤的文章。顯示所有文章

2026/03/05

今天要把graylog升到 7.0.5

竟然出現以下問題

file /usr/lib/.build-id/0f/5bf41e3e207feb6cab260b2366f1697c13555b conflicts between attempted installs of graylog-datanode-7.0.5-1.x86_64 and graylog-server-7.0.5-1.x86_64

file /usr/lib/.build-id/2a/45eebcedc9ddddd7e43512f1c1d13a625cfe52 conflicts between attempted installs of graylog-datanode-7.0.5-1.x86_64 and graylog-server-7.0.5-1.x86_64

file /usr/lib/.build-id/32/f8130f4d86dfcf5f9af96b1cb932eda8015165 conflicts between attempted installs of graylog-datanode-7.0.5-1.x86_64 and graylog-server-7.0.5-1.x86_64

file /usr/lib/.build-id/3c/51e24cab713cbc44a4b05fed44660d7d8e4035 conflicts between attempted installs of graylog-datanode-7.0.5-1.x86_64 and graylog-server-7.0.5-1.x86_64

file /usr/lib/.build-id/3d/552045a6af8c09b554b88b43d19a50b9e52b99 conflicts between attempted installs of graylog-datanode-7.0.5-1.x86_64 and graylog-server-7.0.5-1.x86_64

file /usr/lib/.build-id/7f/0274197caa4afcc5c5430232e140211d611a4f conflicts between attempted installs of graylog-datanode-7.0.5-1.x86_64 and graylog-server-7.0.5-1.x86_64

file /usr/lib/.build-id/db/dfd874aa078c8f1feacc28175a6a874c060d6a conflicts between attempted installs of graylog-datanode-7.0.5-1.x86_64 and graylog-server-7.0.5-1.x86_64

file /usr/lib/.build-id/e7/189286cdb1e6c44b0968f6d52855af9696ae2c conflicts between attempted installs of graylog-datanode-7.0.5-1.x86_64 and graylog-server-7.0.5-1.x86_64

都是官方的吔沒測試就丟出來

只能直接手動下載二個rpm

https://downloads.graylog.org/el/stable/7.0/x86_64

再來

rpm -ivh --force graylog-server-7.0.5-1.x86_64.rpm graylog-datanode-7.0.5-1.x86_64.rpm

2025/11/07

今天把另一台graylog也轉到 7 版了

目前狀況

datanode.conf 裡

opensearch_heap = 16g

目前全部ram是給32G 文件上是說要給到一半的 ram

所以

opensearch_heap 如果不調到 16G 進web介面後會有告警

/etc/sysconfig/graylog-server

以下這行最好調到 8g 如下

GRAYLOG_SERVER_JAVA_OPTS="-Xms8g -Xmx8g -server -XX:+UseG1GC -XX:-OmitStackTraceInFastThrow"

8G以下 buffers 很容易塞住

調整完剩下 8G 再觀察看看會不會有什麼問題

2025/11/04

graylog 7 昨天發布

比較大的改變是不再使用 opensearch 而改用 graylog-datanode

照著官方文件安裝沒什麼問題

如果是在PVE上安裝

因為 mongodb 必須使用到cpu的 avx 功能

所以cpu type 至少要選 x86-64-v3 以上

這個在graylog 5 安裝時就有這個要求了

特別要注意的是以下流程跟之前不同

安裝完後必須 cat /var/log/graylog-server/server.log

找到首次進入系統的帳號密碼及連結

如下範例

http://admin:ghWgeIAkKl@10.0.0.1:9000

按照畫面上的流程步驟使用預設值一直下一步即可

目前先把netflow轉到新版了觀察一陣子看看

https://go2docs.graylog.org/current/setting_up_graylog/web_interface.htm#Prefligh

https://graylog.org/

https://go2docs.graylog.org/current/downloading_and_installing_graylog/red_hat_installation.htm

訂閱：文章 (Atom)