Modern server architectures and configurations are managed in many different ways. Some people still put new software somewhere in opt manually for each server while others have already jumped on the configuration management train and fully automated reproducible setups.
Graylog can be installed in many different ways so you can pick whatever works best for you. We recommend to start with the virtual machine appliances for the fastest way to get started and then pick one of the other, more flexible installation methods to build an easier to scale setup. (Note: The virtual machine appliances are suitable for production usage because they are also prepared to scale out to some level when required.)
The Graylog web interface has the following prerequisites:
- Some modern Linux distribution (Debian Linux, Ubuntu Linux, or CentOS recommended)
- Oracle Java SE 7 or later (Oracle Java SE 8 is supported, OpenJDK 7 and OpenJDK 8 also work; latest point release is recommended)
4. Graylog Web Interface
1. ElasticSearch works based on Java, so we can install OpendJDK.
To install OpenJDK Use command like,
[root@localhost ~]# yum install java
To verify Java version ,use command like,
Installing EPEL :
Configure EPEL repository on CENTOS 7/ RHEL 7:
This explains that how to enable EPEL (Extra Packages for Enterprise Linux) on newly released CentOS 7 / RHEL 7, it is maintained by a special interest group from Fedora that creates, maintains and manage high quality of additional packages for Enterprise Linux Variants which includes Red Hat Enterprise Linux (RHEL), CentOS and Scientific Linux (SL), Oracle Enterprise Linux(OEL).
Install EPEL repository:
Install EPEL rpm by using the following command like,
Output will look like,
List the installed repo’s:
You can find the EPEL repo in the list.
Output will look like,
Packages list will look like,
Install the package:
Elasticsearch is an open source search server, it offers a realtime distributed search and analytics with RESTful web interface. Elasticsearch stores all the logs sent by the Graylog server and displays the messages when the graylog web interface requests for full filling user request over the web interface.
Import the GPG key:
Add ElasticSearch repository,
Install the ElasticSearch by using command like,
Configure Elasticseach to start during system startup.
The only important thing is to set a cluster name as “graylog2“, that is being used by graylog. Now edit the configuration file of Elasticsearch.
Disable dynamic scripts to avoid remote execution, that can be done by adding the following line at the end of above file.
Once it is done, we are good to go. Before that, restart the ElasticSearch services to load the modified configuration.
Wait at least a minute to let the Elasticsearch get fully restarted, otherwise testing will fail. Elastisearch should be now listen on 9200 for processing HTTP request, we can use CURL to get the response. Ensure
that it returns with cluster name as “graylog2”
Optional: Use the following command to check the Elasticsearch cluster health, you must get a cluster status as “green” for graylog to work.
MongoDB is available in RPM format and same can be downloaded from the official website. Add the following repository information on the system to install MongoDB using yum.
Install MongoDB by using command like,
If you use SELinux, you must install below package to configure certain elements of SELinux policy.
Run the following command to configure SELinux to allow MongoDB to start.
Start the MongoDB service and enable it to start automatically during the system start-up.
Graylog-server accepts and process the log messages, also spawns the RESTAPI for the requests that comes from graylog-web-interface. Download the latest version of graylog from graylog.org.
Install Graylog repository by using command like,
Install the latest graylog server by using command like,
Edit the server.conf file.
Configure the following variables in the above file.
Set a secret to secure the user passwords, use the following command to generate a secret, use at least
Note: Do not forget to configure EPEL repository on CentOS 7 / RHEL 7. As explained above.
If you get a “pwgen: command not found“, use the following command to install pwgen.
Place the secret.
Next is to set a hash password for the root user (not to be confused with system user, root user of graylog is admin). You will use this password for login into the web interface, admin’s password can not be changed using web interface, must edit this variable to set.
continue… in link Installation Steps of Graylog-Part2