흙수저의 엔지니어링

rsyslog.conf 설정

# /etc/rsyslog.conf configuration file for rsyslog
#
# For more information install rsyslog-doc and see
# /usr/share/doc/rsyslog-doc/html/configuration/index.html
#
# Default logging rules can be found in /etc/rsyslog.d/50-default.conf


#################
#### MODULES ####
#################

module(load="imuxsock") # provides support for local system logging
#module(load="immark")  # provides --MARK-- message capability

# provides UDP syslog reception
module(load="imudp") <- 해당 라인 '#' 주석 제거
input(type="imudp" port="514") <- 해당 라인 '#' 주석 제거

# provides TCP syslog reception
#module(load="imtcp")
#input(type="imtcp" port="514")

# provides kernel logging support and enable non-kernel klog messages
module(load="imklog" permitnonkernelfacility="on")

###########################
#### GLOBAL DIRECTIVES ####
###########################

# Filter duplicated messages
$RepeatedMsgReduction on

#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog

#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog

#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf

로그 수집 폴더 설정

root@rsyslog:/etc/rsyslog.d# cd /var/log
root@rsyslog:/var/log# mkdir rsyslog
root@rsyslog:/var/log# chown syslog:adm ./rsyslog/
root@rsyslog:/var/log# ls -al | grep rsyslog
drwxr-xr-x   2 syslog            adm                   2 Jun 13 01:30 rsyslog

10-remote.conf 설정

root@rsyslog:/etc/rsyslog.d# vi ./10-remote.conf
# syslog 수신 시 저장할 위치 및 파일 설정 템플릿
$template Remote,"/var/log/rsyslog/%fromhost-ip%/%$YEAR%-%$MONTH%-%$DAY%.log"

# syslog 수신 시 fromhost-ip가 127.0.0.1이 아닌 경우 템플릿 Remote 정책을 적용
:fromhost-ip, !isequal, "127.0.0.1" ?Remote

# 템플릿 Remote로 수신한 경우 로그 처리 중지
# 중지하지 않을 경우, OS에서 수집하는 syslog나 message에도 로그가 수집 됨 (중복 수집)
& stop

rsyslogd 서비스 재시작 및 로그 확인

root@rsyslog:/var/log/rsyslog# systemctl restart rsyslog.service
root@rsyslog:/var/log/rsyslog# ls -al
total 11
drwxr-xr-x  3 syslog adm     3 Jun 13 01:45 .
drwxrwxr-x 20 root   syslog 41 Jun 13 01:30 ..
drwxr-xr-x  2 syslog syslog  3 Jun 13 01:45 1.1.1.1
root@rsyslog:/var/log/rsyslog#

logstash에서 로그를 읽어드릴거라면

root@rsyslog:~# cat /etc/group| grep adm
adm:x:4:syslog,outlog, logstash # logstash 계정을 rsyslog 그룹에 추가

설치할때마다 버전이 다르면 설정이 조금씩 바뀌어서 기록합니다.

root@elk cat /etc/elasticsearch/elasticsearch.yml
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: elk
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: elk1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
#network.host: 000.000.000.000
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
#discovery.seed_hosts: ["127.0.0.1"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
#cluster.initial_master_nodes: ["node-1", "node-2"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Allow wildcard deletion of indices:
#
#action.destructive_requires_name: false

#----------------------- BEGIN SECURITY AUTO CONFIGURATION -----------------------
#
# The following settings, TLS certificates, and keys have been automatically
# generated to configure Elasticsearch security features on 29-05-2025 08:38:31
#
# --------------------------------------------------------------------------------

# Enable security features
xpack.security.enabled: false

xpack.security.enrollment.enabled: false

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["elk"]

# Allow HTTP API connections from anywhere
# Connections are encrypted and require user authentication
http.host: 0.0.0.0

# Allow other nodes to join the cluster from anywhere
# Connections are encrypted and mutually authenticated
#transport.host: 0.0.0.0

#----------------------- END SECURITY AUTO CONFIGURATION -------------------------

apache2에 https 적용해보려고 합니다.

1. OpenSSL 설치

sud apt install openssl

2. 인증키 생성

openssl req -new -x509 -sha256 -days 3650 -nodes -out server.csr -keyout server.key

ㅇ new: 새 인증서 요청 RSA 키를 생성합니다. 기본은 2048비트입니다.d

ㅇ -x509: X.509 인증서를 생성

ㅇ -sha256: 265비트 SHA(Secure Hash Algorithm) 사용

ㅇ -days 3650: 인증서 사용 기간

ㅇ -nodes: 암호 없이 키 생성

ㅇ -out server.csr: 새로 만든 인증서를 쓸 파일 이름 지정

ㅇ -keyout server.key: 새로 만든 개인 키를 쓸 파일 이름을 지정

root@test:~# openssl req -new -x509 -sha256 -days 3650 -nodes -out server.csr -keyout server.key
.......+........+...+.......+...+.....+....+..+..............................+.........+............+.........+.+..+.......+........+..........+.....+...+...+...............+......+......+...+.+...+...+..+...+....+...+..+......+...+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+....+..............+....+..+...+.+...........+......+...+..........+.........+..+.+...+........................+..+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.+..+...+.......+...............+...+..+.+...............+.....+................+........+.......+...+..+.+..............+...............+...+.+..+.......+...+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+.....+............+...+............+................+...+...............+.........+......+......+...........+....+...+..+...+..................+.......+.....+...+...+....+..+.........+....+..+......+.........+....+.....+.+...............+.....+..........+......+..+.+..+.......+.....+...+....+.....+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:KR
State or Province Name (full name) [Some-State]:Seoul
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:security
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:
root@test:~# ls
server.csr  server.key
root@test:~# ls -al
합계 16
drwx------ 2 root root 4096  4월 11 10:44 .
drwxr-xr-x 9 root root 4096  4월 11 10:11 ..
-rw-r--r-- 1 root root 1285  4월 11 10:44 server.csr
-rw------- 1 root root 1704  4월 11 10:42 server.key
root@test:~#

# Country Name (2 letter code) [AU]: 국가이름

# State or Province Name (full name) [Some-State]: 시/도 이름

# Locality Name (eg, city) []: 지역 이름 (도시)

# Organization Name (eg, company) [Internet Widgits Pty Ltd]: 조직 이름 (회사)

# Organizational Unit Name (eg, section) []: 조직 단위 (팀)

# Common Name (e.g. server FQDN or YOUR name) []: 도메인 이름

# Email Address []: 이메일 주소

3. apache2 설치

sudo apt install apache2 libapache2-mod-wsgi-py3

4. apache SSL 모듈 활성화

sudo a2enmod ssl
sudo a2enmod rewrite

5. apache 파일 수정

mkdir /etc/apache2/ssl
cp ~/server.* /etc/apache2/ssl

vi /etc/apache2/site-available/default-ssl.conf

# 아래의 내용 주석 해제 및 수정
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/server.csr
SSLCertificateKeyFile /etc/apache2/ssl/server.key

6. apache 실행

sudo systemctl start apache2.service

logstash 로그 중

Received an event that has a different character encoding than you configured.

expected_charset => "UTF-8"

로그가 있다면

input 설정 내용에 아래의 charset을 추가하여 설정해주세요.

codec => plain { charset => "CP949" }

무조건 강추입니다!!!

하루 잡고 구경 가야 합니다. 아이들이 너무 좋아해요.

무조건 강추입니다!!!

하루 잡고 구경 가야 합니다. 아이들이 너무 좋아해요.

아이들이랑 구경하기 좋아요~

어른들이 더 좋아할 만한 곳이었습니다~

아이들은 장난감이 너무 많아서 좋아했어요.

ㅇ 방문 일: 25년 02월 25일

ㅇ 주소: 전북 군산시 경촌4길 14

ㅇ 방문 소감

  - 철길따라 쭈욱 걸으면서 구경하기 좋아요.

  - 도중에 연탄불에 옛날 과자를 구어먹으면 아이들이 더 좋아해요~

  - 주차는 맞은 편 이마트 주차장에~

아이랑 같이 먹기 좋은 식당입니다.

ㅇ 방문 일: 25년 2월 25일

ㅇ 먹은 메뉴: 한우 무우국, 한우 육회 비빔밥

ㅇ 주소: 전북 군산시 구영3길 63

ㅇ 방문 소감

  - 아이들이 먹기에는 한우 무우국이랑 기본으로 제공해주는 콩나물국물이 정말 맛있었어요.

  - 아이들이 먹기 편한 의자는 아니에요.

  - 식사 하고 맞은 편, 초원사진관에서 사진 찍기 좋아요~

초원사진관 앞에 있는 식당에 갔다가, 사람들이 엄청 줄 서 있어서 가봤습니다~

영화 "8월의 크리스마스" 촬영지였네요.

ㅇ 방문 일: 25년 02월 25일

ㅇ 주소: 전북 군산시 구영2길 12-1

ㅇ 방문 소감

  - 그냥 근처 식사하고, 사진 한방 기념촬영으로 좋아요!