Bii o ṣe le Fi Oluyanju Wọle Splunk sori CentOS 7


Splunk jẹ alagbara, ti o lagbara, ati sọfitiwia ti a ṣepọ ni kikun fun iṣakoso akọọlẹ iṣowo gidi-akoko lati gba, tọju, wa, ṣayẹwo ati ṣe ijabọ eyikeyi log ati data ti ipilẹṣẹ ẹrọ, pẹlu eleto, ti a ko ṣeto, ati awọn iwe ohun elo ila-ọpọlọ pupọ.

O fun ọ laaye lati ṣajọ, tọju, itọka, àwárí, ṣe atunṣe, iworan, ṣe itupalẹ ati ijabọ lori eyikeyi data log tabi data ti ipilẹṣẹ ẹrọ ni kiakia ati ni ọna atunṣe, lati ṣe idanimọ ati yanju iṣẹ ṣiṣe ati awọn ọrọ aabo.

Ni afikun, splunk ṣe atilẹyin ọpọlọpọ ibiti awọn ọran lilo iṣakoso log gẹgẹbi isọdọkan log ati idaduro, aabo, laasigbotitusita awọn iṣẹ IT, laasigbotitusita ohun elo bii ijabọ ibamu ati bẹbẹ lọ.

  • O ni rọọrun ti iwọn ati ni idapo ni kikun.
  • Ṣe atilẹyin awọn orisun data agbegbe ati latọna jijin.
  • Faye gba fun data ẹrọ titọka.
  • Ṣe atilẹyin wiwa ati ṣatunṣe eyikeyi data.
  • Gba ọ laaye lati lu isalẹ ati oke ati agbesoke kọja data.
  • Ṣe atilẹyin ibojuwo ati titaniji.
  • Tun ṣe atilẹyin awọn ijabọ ati awọn dasibodu fun iworan.
  • Pese iraye si irọrun si awọn apoti isura infomesonu ibatan, data iyasọtọ aaye ni awọn faili ti o ya sọtọ ((CSV)) tabi si awọn ile itaja data iṣowo miiran bi Hadoop tabi NoSQL.
  • Ṣe atilẹyin ọpọlọpọ ibiti awọn ọran lilo iṣakoso log ati pupọ diẹ sii.

Ninu àpilẹkọ yii, a yoo fihan bi a ṣe le fi ẹya tuntun ti Splunk log analyzer sori ẹrọ ati bii a ṣe le ṣafikun faili akọọlẹ kan (orisun data) ati wa nipasẹ rẹ fun awọn iṣẹlẹ ni CentOS 7 (tun ṣiṣẹ lori pinpin RHEL).

  1. Olupin RHEL 7 pẹlu Pipin Pọọku.
  2. Ramu 12GB Kere julọ

  1. Linode VPS pẹlu fifi sori ẹrọ ti o kere ju CentOS 7.

Fi Oluyanju Wọle Splunk sii lati ṣetọju Awọn akọọlẹ CentOS 7

1. Lọ si oju opo wẹẹbu splunk, ṣẹda akọọlẹ kan ki o ja gba ẹya tuntun ti o wa fun eto rẹ lati oju-iwe gbigba lati ayelujara Idawọle Idawọle Splunk. Awọn idii RPM wa fun Red Hat, CentOS, ati iru awọn ẹya ti Linux.

Ni omiiran, o le ṣe igbasilẹ taara nipasẹ aṣawakiri wẹẹbu tabi gba ọna asopọ igbasilẹ, ati lo wget commandv lati ja package nipasẹ laini aṣẹ bi o ti han.

# wget -O splunk-7.1.2-a0c72a66db66-linux-2.6-x86_64.rpm 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.1.2&product=splunk&filename=splunk-7.1.2-a0c72a66db66-linux-2.6-x86_64.rpm&wget=true'

2. Lọgan ti o ba ti gba package naa, fi SpPunk Enterprise RPM sii ninu itọsọna aiyipada/opt/splunk nipa lilo oluṣakoso package RPM bi o ti han.

# rpm -i splunk-7.1.2-a0c72a66db66-linux-2.6-x86_64.rpm

warning: splunk-7.1.2-a0c72a66db66-linux-2.6-x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 653fb112: NOKEY
useradd: cannot create directory /opt/splunk
complete

3. Itele, lo wiwo ila-aṣẹ Splunk Idawọlẹ (CLI) lati bẹrẹ iṣẹ naa.

# /opt/splunk/bin/./splunk start 

Ka nipasẹ IWE adehun iwe-aṣẹ SPLUNK SOFTWARE nipa titẹ Tẹ. Lọgan ti o ba ti pari kika rẹ, ao beere lọwọ rẹ Ṣe o gba pẹlu iwe-aṣẹ yii? Tẹ Y sii lati tẹsiwaju.

Do you agree with this license? [y/n]: y

Lẹhinna ṣẹda awọn iwe-ẹri fun akọọlẹ alakoso, ọrọ igbaniwọle rẹ gbọdọ ni o kere ju 8 lapapọ ohun kikọ (s) tẹjade lapapọ.

Create credentials for the administrator account.
Characters do not appear on the screen when you type the password.
Password must contain at least:
   * 8 total printable ASCII character(s).
Please enter a new password: 
Please confirm new password: 

4. Ti gbogbo awọn faili ti a fi sii ba wa ni pipe ati pe gbogbo awọn iṣayẹwo akọkọ ti kọja, daemon olupin splunk (splunkd) yoo bẹrẹ, bọtini ikọkọ 2048 bit RSA yoo jẹ ipilẹṣẹ ati pe o le ni anfani lati wọle si oju-iwe wẹẹbu splunk naa.

All preliminary checks passed.

Starting splunk server daemon (splunkd)...  
Generating a 2048 bit RSA private key
......................+++
.....+++
writing new private key to 'privKeySecure.pem'
-----
Signature ok
subject=/CN=tecmint/O=SplunkUser
Getting CA Private Key
writing RSA key
Done
                                                           [  OK  ]

Waiting for web server at http://127.0.0.1:8000 to be available............. Done


If you get stuck, we're here to help.  
Look for answers here: http://docs.splunk.com

The Splunk web interface is at http://tecmint:8000

5. Nigbamii, ṣiṣi ibudo 8000 eyiti olupin Splunk tẹtisi, ninu ogiriina rẹ nipa lilo ogiriina-cmd.

# firewall-cmd --add-port=8000/tcp --permanent
# firewall-cmd --reload

6. Ṣii aṣawakiri wẹẹbu kan ki o tẹ URL atẹle lati wọle si wiwo ayelujara splunk.

http://SERVER_IP:8000   

Lati buwolu wọle, lo Orukọ olumulo: abojuto ati ọrọ igbaniwọle ti o ṣẹda lakoko ilana fifi sori ẹrọ.

7. Lẹhin ibuwolu wọle aṣeyọri, iwọ yoo de sinu itọnisọna console splunk ti o han ni sikirinifoto atẹle. Lati ṣetọju faili log, fun apẹẹrẹ /var/log/secure , tẹ lori Fikun data.

8. Lẹhinna tẹ lori Atẹle lati ṣafikun data lati faili kan.

9. Lati wiwo atẹle, yan Awọn faili & Awọn ilana ilana.

10. Lẹhinna ṣeto apeere lati ṣe atẹle awọn faili ati awọn ilana ilana fun data. Lati ṣetọju gbogbo awọn nkan inu itọsọna kan, yan itọsọna naa. Lati ṣe atẹle faili kan, yan o. Tẹ lori Kiri lati yan orisun data.

11. Atokọ awọn ilana inu itọsọna rẹ (/) yoo han si ọ, lilö kiri si faili log ti o fẹ ṣe atẹle (/ var/log/secure) ki o tẹ Yan.

12. Lẹhin yiyan orisun data, yan Atẹle Tesiwaju lati wo faili log naa ki o tẹ lori Next lati ṣeto iru orisun.

13. Nigbamii, ṣeto iru orisun fun orisun data rẹ. Fun faili log idanwo wa (/ var/log/secure) , a nilo lati yan Eto Isẹ → linux_secure; eyi jẹ ki splunk mọ pe faili naa ni awọn ifiranṣẹ ti o ni ibatan aabo lati eto Linux kan. Lẹhinna tẹ Itele lati tẹsiwaju.

14. O le ṣe aṣayan ṣeto awọn ipilẹ titẹ sii afikun fun titẹ sii data yii. Labẹ ohun elo App, yan Wiwa & Iroyin. Lẹhinna tẹ Atunwo. Lẹhin atunwo, tẹ Firanṣẹ.

15. Bayi a ti ṣẹda kikọ faili rẹ ni aṣeyọri. Tẹ Bẹrẹ Wiwa lati wa data rẹ.

16. Lati wo gbogbo awọn igbewọle data rẹ, lọ si Eto → Data → Awọn igbewọle data. Lẹhinna tẹ iru ti o fẹ lati wo fun apẹẹrẹ Awọn faili & Awọn itọsọna.

17. Awọn atẹle ni awọn ofin afikun lati ṣakoso (tun bẹrẹ tabi da duro) daemon splunk naa.

# /opt/splunk/bin/./splunk restart
# /opt/splunk/bin/./splunk stop

Lati isinsinyi lọ, o le ṣafikun awọn orisun data diẹ sii (ti agbegbe tabi latọna jijin nipa lilo Splunk Forwarder), ṣawari data rẹ ati/tabi fi awọn ohun elo Splunk sori ẹrọ fun imudarasi iṣẹ aiyipada rẹ. O le ṣe diẹ sii nipa kika iwe iwe splunk ti a pese ni oju opo wẹẹbu osise.

Oju-iwe Splunk: https://www.splunk.com/

Iyẹn ni fun bayi! Splunk jẹ alagbara, ti o lagbara ati ni idapo ni kikun, sọfitiwia iṣakoso iṣowo iṣowo gidi-akoko. Ninu nkan yii, a fihan bi a ṣe le fi sori ẹrọ ẹya tuntun ti onínọmbà log Splunk lori CentOS 7. Ti o ba ni ibeere eyikeyi tabi awọn ero lati pin, lo fọọmu asọye ni isalẹ lati de ọdọ wa.