Install Graylog3
Page content
Graylog is defined in terms of log management platform for collecting, indexing, and analyzing both structured and unstructured data from almost any source.
Install requirement
yum install epel-release -y
yum install java-1.8.0-openjdk-headless.x86_64 pwgen nano -y
java -version
Set Timezone
rm -f /etc/localtime
ln -s /usr/share/zoneinfo/CET /etc/localtime
yum install -y ntp
ntpd
Elasticsearch
rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
echo '[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
' | tee /etc/yum.repos.d/elasticsearch.repo
sudo yum -y install elasticsearch
sudo -E sed -i -e 's/#cluster.name: my-application/cluster.name: graylog/' \
/etc/elasticsearch/elasticsearch.yml
systemctl restart elasticsearch
systemctl enable elasticsearch
curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'
Mongodb
echo '[mongodb-org-4.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc' | tee /etc/yum.repos.d/mongodb-org.repo
yum -y install mongodb-org
systemctl restart mongod
systemctl enable mongod
Graylog3
rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-3.3-repository_latest.rpm
yum -y install graylog-server
SECRET=$(pwgen -s 96 1)
sudo -E sed -i -e 's/password_secret =.*/password_secret = '$SECRET'/' /etc/graylog/server/server.conf
PASSWORD=$(echo -n Password1 | sha256sum | awk '{print $1}')
sudo -E sed -i -e 's/root_password_sha2 =.*/root_password_sha2 = '$PASSWORD'/' /etc/graylog/server/server.conf
# Set to your timezone
sudo -E sed -i -e 's/#root_timezone = UTC/root_timezone = CET/' /etc/graylog/server/server.conf
# Set to your email
sudo -E sed -i -e 's/#root_email = ""/root_email = "admin@devopstales.intra"/' /etc/graylog/server/server.conf
sudo -E sed -i -e 's/elasticsearch_shards = 4/elasticsearch_shards = 1/' /etc/graylog/server/server.conf
sudo -E sed -i -e 's/#http_bind_address = 127.0.0.1:9000/http_bind_address = 127.0.0.1:9400/' /etc/graylog/server/server.conf
# got ta https://dev.maxmind.com/geoip/geoip2/geolite2/ and download
# or use an old one
wget -t0 -c https://github.com/DocSpring/geolite2-city-mirror/raw/master/GeoLite2-City.tar.gz
tar -xvf GeoLite2-City.tar.gz
cp GeoLite2-City_*/GeoLite2-City.mmdb /etc/graylog/server
systemctl daemon-reload
systemctl restart graylog-server
systemctl enable graylog-server
tailf /var/log/graylog-server/server.log
If everything goes well, you should see below message in the logfile:
2019-06-20T13:37:04.059Z INFO [ServerBootstrap] Graylog server up and running.
Install Grafana
echo '[grafana]
name=grafana
baseurl=https://packages.grafana.com/oss/rpm
repo_gpgcheck=1
enabled=1
gpgcheck=1
gpgkey=https://packages.grafana.com/gpg.key
sslverify=1
sslcacert=/etc/pki/tls/certs/ca-bundle.crt
' > /etc/yum.repos.d/grafana.repo
sudo yum install -y grafana
grafana-cli plugins install grafana-piechart-panel
sudo -E sed -i -e 's/;http_addr =/http_addr = 127.0.0.1/' /etc/grafana/grafana.ini
systemctl start grafana-server
systemctl status grafana-server
systemctl enable grafana-server
Nginx Proxy
yum install nginx -y
echo 'server {
listen 80;
server_name graylog.devopstales.intra;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL http://$server_name/;
proxy_pass http://127.0.0.1:9400;
}
}' > /etc/nginx/conf.d/graylog.conf
echo 'server {
listen 80;
server_name grafana.devopstales.intra;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:3000;
}
}' > /etc/nginx/conf.d/grafana.conf
nginx -t
systemctl restart nginx
systemctl enable nginx