Install Graylog
Graylog is defined in terms of log management platform for collecting, indexing, and analyzing both structured and unstructured data from almost any source.
Install requirement
yum install epel-release -y
yum install java-1.8.0-openjdk-headless.x86_64 pwgen -y
java -version
Elasticsearch
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
echo '[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/oss-6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
' | tee /etc/yum.repos.d/elasticsearch.repo
sudo yum -y install elasticsearch-oss
nano /etc/elasticsearch/elasticsearch.yml
cluster.name: graylog
systemctl restart elasticsearch
systemctl enable elasticsearch
curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'
Mongodb
echo '[mongodb-org-4.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc' | tee /etc/yum.repos.d/mongodb-org.repo
yum -y install mongodb-org
systemctl restart mongod
systemctl enable mongod
Graylogv3
rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-3.0-repository_latest.rpm
yum -y install graylog-server
SECRET=$(pwgen -s 96 1)
sudo -E sed -i -e 's/password_secret =.*/password_secret = '$SECRET'/' /etc/graylog/server/server.conf
PASSWORD=$(echo -n Password1 | sha256sum | awk '{print $1}')
sudo -E sed -i -e 's/root_password_sha2 =.*/root_password_sha2 = '$PASSWORD'/' /etc/graylog/server/server.conf
nano /etc/graylog/server/server.conf
root_email = "admin@devopstales.intra"
root_timezone = Europe/Budapest
is_master = true
elasticsearch_max_docs_per_index = 20000000
elasticsearch_max_number_of_indices = 20
elasticsearch_shards = 1
elasticsearch_replicas = 0
http_bind_address = 127.0.0.1:9400
systemctl daemon-reload
systemctl restart graylog-server
systemctl enable graylog-server
tailf /var/log/graylog-server/server.log
If everything goes well, you should see below message in the logfile:
2019-06-20T13:37:04.059Z INFO [ServerBootstrap] Graylog server up and running.
Nginx Proxy
yum install nginx -y
echo 'server {
listen 80;
listen [::]:80 ipv6only=on;
server_name graylog.devopstales.intra;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL http://$server_name/;
proxy_pass http://127.0.0.1:9400;
}
}' > /etc/nginx/conf.d/graylog.conf
nginx -t
systemctl restart nginx
systemctl enable nginx