Graylog Installation:

Modern server architectures and configurations are managed in many different ways. Some people still put new software somewhere in opt manually for each server while others have already jumped on the configuration management train and fully automated reproducible setups.

Graylog can be installed in many different ways so you can pick whatever works best for you. We recommend to start with the virtual machine appliances for the fastest way to get started and then pick one of the other, more flexible installation methods to build an easier to scale setup. (Note: The virtual machine appliances are suitable for production usage because they are also prepared to scale out to some level when required.)

The Graylog web interface has the following prerequisites:

  1. Some modern Linux distribution (Debian Linux, Ubuntu Linux, or CentOS recommended)
  2. Oracle Java SE 7 or later (Oracle Java SE 8 is supported, OpenJDK 7 and OpenJDK 8 also work; latest point release is recommended)

Components:

              1. MongoDB

              2. ElasticSearch

              3. Graylog

              4. Graylog Web Interface

Installation Steps:


Installing Java:


    1. ElasticSearch works based on Java, so we can install OpendJDK.

      To install OpenJDK Use command like,

       [root@localhost ~]# yum install java


    /wp-content/uploads/2016/05/1_955132.png

       To verify Java version ,use command like,

    /wp-content/uploads/2016/05/2_955148.jpg

Installing EPEL :

Configure EPEL repository on CENTOS 7/ RHEL 7:

This explains that how to enable EPEL (Extra Packages for Enterprise Linux) on newly released CentOS 7 / RHEL 7, it is maintained by a special interest group from Fedora that creates, maintains and manage high quality of additional packages for Enterprise Linux Variants which includes Red Hat Enterprise Linux (RHEL), CentOS and Scientific Linux (SL), Oracle Enterprise Linux(OEL).

Install EPEL repository:

Install EPEL rpm by using the following command like,

  /wp-content/uploads/2016/05/3_955149.png

Output will look like,

   /wp-content/uploads/2016/05/4_955150.png

List the installed repo’s:

You can find the EPEL repo in the list.

   /wp-content/uploads/2016/05/5_955154.png

Output will look like,

   /wp-content/uploads/2016/05/6_955155.png

EPEL packages:

    /wp-content/uploads/2016/05/7_955156.png

Packages list will look like,

    /wp-content/uploads/2016/05/8_955163.png

Install the package:

     /wp-content/uploads/2016/05/9_955164.png

Install ElasticSearch:

Elasticsearch is an open source search server, it offers a realtime distributed search and analytics with RESTful web interface. Elasticsearch stores all the logs sent by the Graylog server and displays the messages when the graylog web interface requests for full filling user request over the web interface.

Import the GPG key:

     /wp-content/uploads/2016/05/10_955165.png

Add ElasticSearch repository,

   /wp-content/uploads/2016/05/11_955169.png

Install the ElasticSearch by using command like,

   /wp-content/uploads/2016/05/12_955170.png

Configure Elasticseach to start during system startup.

   /wp-content/uploads/2016/05/13_955171.png

The only important thing is to set a cluster name as “graylog2“, that is being used by graylog. Now edit the configuration file of Elasticsearch.

   /wp-content/uploads/2016/05/14_955176.png

Disable dynamic scripts to avoid remote execution, that can be done by adding the following line at the end of above file.

   /wp-content/uploads/2016/05/15_955177.png

Once it is done, we are good to go. Before that, restart the ElasticSearch services to load the modified configuration.

   /wp-content/uploads/2016/05/16_955179.png

Wait at least a minute to let the Elasticsearch get fully restarted, otherwise testing will fail. Elastisearch should be now listen on 9200 for processing HTTP request, we can use CURL to get the response. Ensure

that it returns with cluster name as “graylog2”

    /wp-content/uploads/2016/05/17_955180.png

Optional: Use the following command to check the Elasticsearch cluster health, you must get a cluster status as “green” for graylog to work.

   /wp-content/uploads/2016/05/18_955185.png

Install MongoDB:

  MongoDB is available in RPM format and same can be downloaded from the official website. Add the following repository information on the system to install MongoDB using yum.

   /wp-content/uploads/2016/05/19_955186.png

Install MongoDB by using command like,

  /wp-content/uploads/2016/05/20_955187.png

If you use SELinux, you must install below package to configure certain elements of SELinux policy.

  /wp-content/uploads/2016/05/21_955188.png

Run the following command to configure SELinux to allow MongoDB to start.

  /wp-content/uploads/2016/05/22_955189.png

Start the MongoDB service and enable it to start automatically during the system start-up.

  /wp-content/uploads/2016/05/23_955190.png

Install Graylog:

  Graylog-server accepts and process the log messages, also spawns the RESTAPI for the requests that comes from graylog-web-interface. Download the latest version of graylog from graylog.org.

  Install Graylog repository by using command like,

   /wp-content/uploads/2016/05/24_955191.png

Install the latest graylog server by using command like,

   /wp-content/uploads/2016/05/25_955192.png

Edit the server.conf file.

   /wp-content/uploads/2016/05/26_955199.png

Configure the following variables in the above file.

Set a secret to secure the user passwords, use the following command to generate a secret, use at least

64 character’s.

  /wp-content/uploads/2016/05/27_955200.png

Note: Do not forget to configure EPEL repository on CentOS 7 / RHEL 7. As explained above.

If you get a “pwgen: command not found“, use the following command to install pwgen.

  /wp-content/uploads/2016/05/28_955201.png

Place the secret.

   /wp-content/uploads/2016/05/29_955202.png

Next is to set a hash password for the root user (not to be confused with system user, root user of graylog is admin). You will use this password for login into the web interface, admin’s password can not be changed using web interface, must edit this variable to set.

   /wp-content/uploads/2016/05/30_955203.jpg

continue… in link Installation Steps of Graylog-Part2

To report this post you need to login first.

Be the first to leave a comment

You must be Logged on to comment or reply to a post.

Leave a Reply