가상머신 Rockylinux 9.3 호스트에 200GB HDD를 추가한 후 여기로 log data를 이동해 본다.
1. HDD 추가후 파티션 작업
새로 추가한 HDD를 포맷 후 /graylog_data에 마운트 시키는 과정
HDD가 NTFS 으로 사용했던 것이라 signature 경고를 만난다.(무시)
[root@graylog ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
sda 8:0 0 279.4G 0 disk
├─sda1 8:1 0 600M 0 part /boot/efi
├─sda2 8:2 0 1G 0 part /boot
└─sda3 8:3 0 277.8G 0 part
├─rl-root 253:0 0 220G 0 lvm /
├─rl-swap 253:1 0 7.8G 0 lvm [SWAP]
└─rl-home 253:2 0 50G 0 lvm /home
sdb 8:16 0 1.8T 0 disk
sr0 11:0 1 4.1G 0 rom
[root@graylog ~]#
[root@graylog ~]# fdisk /dev/sdb
Welcome to fdisk (util-linux 2.37.4).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Device does not contain a recognized partition table.
Created a new DOS disklabel with disk identifier 0x8d65f2f9.
Command (m for help): n
Partition type
p primary (0 primary, 0 extended, 4 free)
e extended (container for logical partitions)
Select (default p): p
Partition number (1-4, default 1): 1
First sector (2048-3906963631, default 2048):
Last sector, +/-sectors or +/-size{K,M,G,T,P} (2048-3906963631, default 3906963631):
Created a new partition 1 of type 'Linux' and of size 1.8 TiB.
Partition #1 contains a ntfs signature.
Do you want to remove the signature? [Y]es/[N]o: y
The signature will be removed by a write command.
Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.
[root@graylog ~]# 2. 생성확인 및 포맷
[root@graylog ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
sda 8:0 0 279.4G 0 disk
├─sda1 8:1 0 600M 0 part /boot/efi
├─sda2 8:2 0 1G 0 part /boot
└─sda3 8:3 0 277.8G 0 part
├─rl-root 253:0 0 220G 0 lvm /
├─rl-swap 253:1 0 7.8G 0 lvm [SWAP]
└─rl-home 253:2 0 50G 0 lvm /home
sdb 8:16 0 1.8T 0 disk
└─sdb1 8:17 0 1.8T 0 part
sr0 11:0 1 4.1G 0 rom
[root@graylog ~]# sudo mkfs.xfs /dev/sdb1
meta-data=/dev/sdb1 isize=512 agcount=32, agsize=15261632 blks
= sectsz=4096 attr=2, projid32bit=1
= crc=1 finobt=1, sparse=1, rmapbt=0
= reflink=1 bigtime=1 inobtcount=1 nrext64=0
data = bsize=4096 blocks=488370198, imaxpct=5
= sunit=64 swidth=64 blks
naming =version 2 bsize=4096 ascii-ci=0, ftype=1
log =internal log bsize=4096 blocks=238462, version=2
= sectsz=4096 sunit=1 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
[root@graylog ~]#3. 디렉토리 생성 및 마운트 / 권한
[root@graylog ~]# mkdir /graylog_data
[root@graylog ~]# mount /dev/sdb1 /graylog_data
[root@graylog ~]# sudo chown -R graylog-datanode:graylog-datanode /graylog_data/4. 로그파일 위치 변경
[root@graylog ~]# vi /etc/graylog/datanode/datanode.conf
<수정> config와 data 모두 필요
#opensearch_config_location = /var/lib/graylog-datanode/opensearch/config
opensearch_config_location = /graylog_data/config
#opensearch_data_location = /var/lib/graylog-datanode/opensearch/data
opensearch_data_location = /graylog_data/data기동
[root@graylog ~]# sudo systemctl start graylog-datanode5.재부팅시 자동 마운트
[root@graylog ~]# sudo vi /etc/fstab
<추가>
/dev/sdb1 /graylog_data xfs defaults 0 0'OpenSource > Graylog' 카테고리의 다른 글
| Windows Server 연동 (winlogbeat) (0) | 2025.04.30 |
|---|---|
| Windows Event log를 Graylog로 수집 (Winlogbeat) (0) | 2025.04.22 |
| Graylog서버에 FortiGate Log 연동 (0) | 2025.04.17 |
| MongoDB 설치시 CPU 이슈 (1) | 2025.04.10 |
| Graylog6 설치 하기 (Rocky linux 9.5) (0) | 2025.04.03 |