# Graylog快速入门

<br>

<figure><img src="https://libs.websoft9.com/Websoft9/DocsPicture/en/graylog/graylog-gui-websoft9.png" alt=""><figcaption></figcaption></figure>

部署 创达睿通 提供的 Graylog 之后，请参考下面的步骤快速入门。

### 准备[​](https://support.websoft9.com/docs/graylog#%E5%87%86%E5%A4%87) <a href="#zhun-bei" id="zhun-bei"></a>

1. 在云控制台获取您的 **服务器公网 IP 地址**
2. 在云控制台安全组中，检查 **Inbound（入）规则** 下的 **TCP:80** 端口是否开启
3. 在服务器中查看 Graylog 的 **默认账号和密码**
4. 若想用域名访问 Graylog，务必先完成\*\*域名五步设置\*\* 过程

### Graylog 初始化向导[​](https://support.websoft9.com/docs/graylog#graylog-%E5%88%9D%E5%A7%8B%E5%8C%96%E5%90%91%E5%AF%BC) <a href="#graylog-chu-shi-hua-xiang-dao" id="graylog-chu-shi-hua-xiang-dao"></a>

#### 详细步骤[​](https://support.websoft9.com/docs/graylog#%E8%AF%A6%E7%BB%86%E6%AD%A5%E9%AA%A4) <a href="#xiang-xi-bu-zhou" id="xiang-xi-bu-zhou"></a>

1. 使用浏览器访问网址： *<http://域名>* or *<http://服务器公网> IP*，进入 Graylog 登录界面&#x20;

   <figure><img src="https://libs.websoft9.com/Websoft9/DocsPicture/zh/graylog/graylog-login-websoft9.png" alt=""><figcaption></figcaption></figure>
2. 输入账号密码后，登入到 Graylog 控制台 <br>

   <figure><img src="https://libs.websoft9.com/Websoft9/DocsPicture/zh/graylog/graylog-console-websoft9.png" alt=""><figcaption></figcaption></figure>

> 需要了解更多 Graylog 的使用，请参考官方文档：Configuring Graylog

#### 出现问题？[​](https://support.websoft9.com/docs/graylog#%E5%87%BA%E7%8E%B0%E9%97%AE%E9%A2%98) <a href="#chu-xian-wen-ti" id="chu-xian-wen-ti"></a>

若碰到问题，请第一时刻联系 **技术支持**。也可以先参考下面列出的问题定位或 **FAQ** 尝试快速解决问题。

### Graylog 使用入门[​](https://support.websoft9.com/docs/graylog#graylog-%E4%BD%BF%E7%94%A8%E5%85%A5%E9%97%A8) <a href="#graylog-shi-yong-ru-men" id="graylog-shi-yong-ru-men"></a>

正在编写

### Graylog 常用操作[​](https://support.websoft9.com/docs/graylog#graylog-%E5%B8%B8%E7%94%A8%E6%93%8D%E4%BD%9C) <a href="#graylog-chang-yong-cao-zuo" id="graylog-chang-yong-cao-zuo"></a>

#### 配置 SMTP[​](https://support.websoft9.com/docs/graylog#%E9%85%8D%E7%BD%AE-smtp) <a href="#pei-zhi-smtp" id="pei-zhi-smtp"></a>

Graylog 配置 SMTP 发邮件的步骤：：

1. 在邮箱管理控制台获取 SMTP 相关参数
2. 修改 Graylog 配置文件中的 Refer to transport\_email 参数
3. 重启 Graylog 后生效

   ```
   sudo docker restart graylog
   ```

#### 重置密码[​](https://support.websoft9.com/docs/graylog#%E9%87%8D%E7%BD%AE%E5%AF%86%E7%A0%81) <a href="#zhong-zhi-mi-ma" id="zhong-zhi-mi-ma"></a>

如果无法找回管理员密码，可以通过下面的步骤重置密码

1. 使用 SSH 工具登录服务器，运行下面的密码重置命令

   ```
   new_password=admin123@graylog
   sha_password=$(echo -n $new_password | sha256sum | awk '{ print $1 }')
   sudo sed -i "s/8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918/$sha_password/g" /data/wwwroot/graylog/.env
   ```
2. 重新运行容器编排命令，密码就被重置为 `admin123@graylog`

   ```
   cd /data/wwwroot/graylog && sudo docker-compose up -d
   ```

> 你可以将 new\_password 设置为任何你想要的密码

#### 配置 Graylog[​](https://support.websoft9.com/docs/graylog#%E9%85%8D%E7%BD%AE-graylog) <a href="#pei-zhi-graylog" id="pei-zhi-graylog"></a>

针对于 Docker 安装，Graylog 每个配置选项都可以加上大写的前缀 GRAYLOG\_ 实现环境变量化：

```
version: '2'
  services:
    mongo:
      image: "mongo:4.2"
      # Other settings [...]
    elasticsearch:
      image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
      # Other settings [...]
    graylog:
      image: graylog/graylog:4.2
      # Other settings [...]
      environment:
        GRAYLOG_TRANSPORT_EMAIL_ENABLED: "true"
        GRAYLOG_TRANSPORT_EMAIL_HOSTNAME: smtp
        GRAYLOG_TRANSPORT_EMAIL_PORT: 25
        GRAYLOG_TRANSPORT_EMAIL_USE_AUTH: "false"
        GRAYLOG_TRANSPORT_EMAIL_USE_TLS: "false"
        GRAYLOG_TRANSPORT_EMAIL_USE_SSL: "false"
```

同时，也支持直接修改配置文件 server.conf

### Graylog 参数[​](https://support.websoft9.com/docs/graylog#graylog-%E5%8F%82%E6%95%B0) <a href="#graylog-can-shu" id="graylog-can-shu"></a>

Graylog 应用中包含 Nginx, Docker, MongoDB, Elasticsearch 等组件，可通过 **通用参数表** 查看路径、服务、端口等参数。

通过运行`docker ps`，可以查看到 安装，Graylog 运行时所有的 Container：

```
CONTAINER ID   IMAGE                                                  COMMAND                  CREATED              STATUS                        PORTS                                                                                                                                                                                                                           NAMES
aba3f411351a   dev/mongocompass:v1.31                         "/dockerstartup/kasm…"   39 seconds ago       Up 37 seconds                 4901/tcp, 5901/tcp, 0.0.0.0:9091->6901/tcp, :::9091->6901/tcp                                                                                                                                                                   mongocompass
8285b315009a   graylog/graylog:4.3                                    "/usr/bin/tini -- wa…"   About a minute ago   Up About a minute (healthy)   0.0.0.0:1514->1514/tcp, 0.0.0.0:1514->1514/udp, :::1514->1514/tcp, :::1514->1514/udp, 0.0.0.0:12201->12201/tcp, 0.0.0.0:12201->12201/udp, :::12201->12201/tcp, :::12201->12201/udp, 0.0.0.0:9001->9000/tcp, :::9001->9000/tcp   graylog
7795d2333c74   docker.elastic.co/elasticsearch/elasticsearch:7.16.3   "/bin/tini -- /usr/l…"   About a minute ago   Up About a minute             9200/tcp, 9300/tcp                                                                                                                                                                                                              graylog-elasticsearch
04dc27b0962c   mongo:4.2                                              "docker-entrypoint.s…"   About a minute ago   Up About a minute             27017/tcp                                          "docker-entrypoint.s…"   8 minutes ago   Up 3 minutes             0.0.0.0:9091->1234/tcp, :::9091->1234/tcp                                                                                                                                                                                       adminmongo
```

#### 路径[​](https://support.websoft9.com/docs/graylog#path) <a href="#path" id="path"></a>

Graylog 安装路径:  */data/apps/graylog*\
Graylog 数据目录:  */data/apps/graylog/data/graylog\_data*\
Graylog 插件目录:  */data/apps/graylog/data/graylog\_plugin*

#### 端口[​](https://support.websoft9.com/docs/graylog#port) <a href="#port" id="port"></a>

无特殊端口

#### 版本[​](https://support.websoft9.com/docs/graylog#%E7%89%88%E6%9C%AC) <a href="#ban-ben" id="ban-ben"></a>

```
# Graylog Version
docker images |grep graylog/graylog |awk '{print $2}'
```

#### 服务[​](https://support.websoft9.com/docs/graylog#%E6%9C%8D%E5%8A%A1) <a href="#fu-wu" id="fu-wu"></a>

```
sudo docker  start | stop | restart | status graylog
sudo docker  start | stop | restart | status graylog-mongo
sudo docker  start | stop | restart | status graylog-elasticsearch
sudo docker  start | stop | restart | status mongocompass
```

#### 命令行[​](https://support.websoft9.com/docs/graylog#%E5%91%BD%E4%BB%A4%E8%A1%8C) <a href="#ming-ling-hang" id="ming-ling-hang"></a>

Graylog 暂未提供命令行工具

#### API[​](https://support.websoft9.com/docs/graylog#api) <a href="#api" id="api"></a>

Graylog API 采用 REST API 2.0 规范, 功能强大甚至 Graylog Web 界面也专门使用 Graylog REST API 与 Graylog 集群交互。

> API 访问方式：\*<https://服务器公网IP/api/api-browser/global/index.html\\*，> 缺少 /global/index.html 是无法访问的。


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.imdcinsights.com/ying-yong-zhong-xin/shu-ju-yu-fen-xi/graylog-kuai-su-ru-men.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.