Install Graylog

Graylog is defined in terms of log management platform for collecting, indexing, and analyzing both structured and unstructured data from almost any source.

Install requirement

yum install epel-release -y
yum install java-1.8.0-openjdk-headless.x86_64 pwgen -y
java -version

Elasticsearch

rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

echo '[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/oss-6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
' | tee /etc/yum.repos.d/elasticsearch.repo

sudo yum -y install elasticsearch-oss

nano /etc/elasticsearch/elasticsearch.yml
cluster.name: graylog

systemctl restart elasticsearch
systemctl enable elasticsearch

curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'

Mongodb

echo '[mongodb-org-4.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc' | tee /etc/yum.repos.d/mongodb-org.repo

yum -y install mongodb-org
systemctl restart mongod
systemctl enable  mongod

Graylogv3

rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-3.0-repository_latest.rpm
yum -y install graylog-server

SECRET=$(pwgen -s 96 1)
sudo -E sed -i -e 's/password_secret =.*/password_secret = '$SECRET'/' /etc/graylog/server/server.conf
PASSWORD=$(echo -n Password1 | sha256sum | awk '{print $1}')
sudo -E sed -i -e 's/root_password_sha2 =.*/root_password_sha2 = '$PASSWORD'/' /etc/graylog/server/server.conf

nano /etc/graylog/server/server.conf
root_email = "admin@devopstales.intra"
root_timezone = Europe/Budapest
is_master = true
elasticsearch_max_docs_per_index = 20000000
elasticsearch_max_number_of_indices = 20
elasticsearch_shards = 1
elasticsearch_replicas = 0
http_bind_address = 127.0.0.1:9400

systemctl daemon-reload
systemctl restart graylog-server
systemctl enable graylog-server

tailf /var/log/graylog-server/server.log

If everything goes well, you should see below message in the logfile:
2019-06-20T13:37:04.059Z INFO  [ServerBootstrap] Graylog server up and running.

Nginx Proxy

yum install nginx -y

echo 'server {
    listen 80;
    listen [::]:80 ipv6only=on;
    server_name graylog.devopstales.intra;

    location / {
      proxy_set_header Host $http_host;
      proxy_set_header X-Forwarded-Host $host;
      proxy_set_header X-Forwarded-Server $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Graylog-Server-URL http://$server_name/;
      proxy_pass       http://127.0.0.1:9400;
    }
}' > /etc/nginx/conf.d/graylog.conf

nginx -t
systemctl restart nginx
systemctl enable nginx