How to install and configure Graylog on CentOS 7

Graylog is an open-source log management system. This tutorial provides a step-by-step guide on installing and configuring Graylog with SSL on CentOS 7.

-Advertisement-

Graylog is an open-source log management system. Founded by a Texas-based company with the same name, Graylog was formerly called Torch, which began as an open-source project in Hamburg, Germany, in the year 2009.

Graylog centrally captures, stores, and enables real-time search and log analysis against terabytes of machine data from any component in IT infrastructure and applications. The software uses Elasticsearch-based three-tier architecture and scalable storage. Graylog created a niche as a fast, affordable, and viable alternative to Splunk.

Installing Graylog on CentOS 7

1. Pre-setup

Fire up a terminal and enter the following command to set a Hostname.

hostnamectl set-hostname graylog
-Advertisement-

Update the system.

yum update -y

Install Epel Repository.

yum install epel-release
-Advertisement-

Install needed packages.

yum install pwgen vim

2. Setup JAVA

Install JAVA.

yum install java-1.8.0-openjdk-headless.x86_64
-Advertisement-

Install JAVA
Install JAVA

Check the java version.

java -version

Check Java Version
Check Java Version

3. Install MongoDB

Create a repository file.

vim /etc/yum.repos.d/mongodb-org.repo

Add the following contents.

[mongodb-org-4.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc

List repo.

yum repolist

Install MongoDB.

yum install mongodb-org

Install Mongo
Install Mongo

Enable mongo service on system boot.

systemctl enable mongod.service

Start service.

systemctl start mongod.service

Check mongo port.

netstat -tunlp | grep 27017

Mongo Port
Mongo Port

4. Installing Elasticsearch

Install the Elastic GPG key.

rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

Create a repository.

vim /etc/yum.repos.d/elasticsearch.repo

Add the following contents to the file.

[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/oss-6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

List repositories.

yum repolist

Install the open-source version of Elasticsearch.

yum install elasticsearch-oss

Install Elastic Search
Install Elastic Search

Modify the Elasticsearch configuration file.

Set the cluster name to Graylog and add “action.auto_create_index: false” to the file.

vim /etc/elasticsearch/elasticsearch.yml

Configurations
Configurations

Save and exit the file. Enable elastic search on system boot.

systemctl enable elasticsearch.service

Enable Elastic Search On System-boot
Enable Elastic Search On System-boot

Check the status of the service.

systemctl status elasticsearch.service

Start service.

systemctl start elasticsearch.service

Check logs.

tail -f /var/log/elasticsearch/graylog.log

Check elastic search health.

curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'

Check Elastic Search health
Check Elastic Search health

5. Installing the Graylog

Setup repository.

rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-3.2-repository_latest.rpm

Install Repo
Install Repo

List repositories.

yum repolist

Install Graylog-server.

yum install graylog-server

Install Graylog
Install Graylog

6. Configure Graylog

You should now add “password_secret” and “root_password_sha2” to server.conf file.

Generate password_secret.

pwgen -N 1 -s 96

Generate root_password_sha2.

echo -n foss@dan123 | sha256sum

Add generated values to file.

vim /etc/graylog/server/server.conf

Modified File
Modified File

Change bind-address.

vim /etc/graylog/server/server.conf

Uncomment the following line.

http_bind_address = 127.0.0.1:9000

Enable service on system boot.

systemctl enable graylog-server.service

Start service.

systemctl start graylog-server.service

Monitor server logs.

tail -f /var/log/graylog-server/server.log

Graylog Server Log
Graylog Server Log

check Server Port.

netstat -tunlp | grep 9000

Graylog Server Port
Graylog Server Port

7. Configuring Nginx reverse proxy with SSL

I. Install and configure Nginx

yum install nginx -y

Enable Nginx on boot.

systemctl enable nginx

Check status.

systemctl status nginx

Start service.

systemctl start nginx

II. Setup DNS record

Then go to your DNS manager and add A record for your server.

A Domain Name Server IP

III. Install and configure SSL with Certbot

Install certbot.

yum install certbot python2-certbot-nginx

There are few ways to get and configure SSL using Certbot, but here is the easiest way. Run the below command to get a certificate and apply it to Nginx.

certbot --nginx

Provide needed information when it asks. e.g., you need to provide email, domain name, etc.

Get SSL
Get SSL

When it asks to redirect all traffic to Https, enter the relevant number.

HTTPS Redirection
HTTPS Redirection

IV. Modify Nginx configurations

vim /etc/nginx/nginx.conf

Add the following contents to the Location Blocks.

 location /
{
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL https://$server_name/;
proxy_pass http://127.0.0.1:9000;
}

Check Nginx for syntax errors.

nginx -t

Restart Nginx.

systemctl restart nginx

8. Set SELinux policy

setsebool -P httpd_can_network_connect 1

9. Browse using your Domain name

https://graylog.fosslinux.com/

Then you will get the login interface.

Login Window
Login Window

Login with username “admin” and root password set inside server.conf. After login, you should see an interface like below.

After Login
After Login

Now we need to set up the input and push log files to the server.

Notification
Notification

That’s all about the installation and configuration of Graylog with SSL on CentOS. I hope you liked the tutorial.

-Advertisement-
Darshana
Hey! I'm Darshana, a Linux / DevOps Engineer and also a contributor to FOSS Linux. I enjoy working on various kind of Linux distributions and cloud technologies. During my free time, I love to swim and hike across nature trails. Linux is my love and I'm here to share all my learnings with all of you! Hope you enjoyed reading my article.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

STAY CONNECTED

23,641FansLike
362FollowersFollow
16SubscribersSubscribe

LATEST ARTICLES

Top 20 Git Commands with Practical Examples

If you are here reading this post, there is a high probability that you have heard or interacted with Github, and you now want to learn Git. Before we continue with showing you some of the cool Git commands, let's understand the difference between Git and GitHub.

Top 10 New Features in Linux Kernel 5.7

Linus Torvalds has announced the release of Linux Kernel 5.7 after seven weeks of development. The release announcement comes as a piece of exciting news as it brings a host of new features for the hardware manufacturers as well as the developers.

How to install CMake on Ubuntu

CMake is a cross-platform free and open-source software tool designed to build, test, and package the software. CMake uses a simple platform and compiler-independent configuration files to control the software compilation process.

How to install Lightworks on Ubuntu

Even though Linux may not get a native installer of video editing software like Adobe Premiere or Final Cut Pro, that doesn't mean there are no industry standards tools available. Lightworks is non-linear editing (NLE) video mastering app for Windows, Linux, and macOS. Installing it on Ubuntu is simple due to deb package availability.

How to install DaVinci Resolve on Fedora

Davinci Resolve is a professional application used for color correction, video editing, visual effects, and motion graphics. It is one of the extensively used software by movie industries located in Hollywood.

The 10 Best Programming Languages for Hacking

One of the significant entities we have in Cyber Security is Ethical Hacking (ETH). It is the process of detecting and finding flaws or vulnerabilities in a system that a hacker would exploit.

MUST READ

Linux is growing faster than ever. As per the latest report, there is a drop in the Windows 10 market share for the first time, and Linux's market share has improved to 2.87% this month. Most of the features in the list were rolled out in the Pop OS 20.04. Let's a detailed look into the new features, how to upgrade, and a ride through video.
Elementary OS 5.1 Hera has received a point release with a handful of new features and bug fixes, and we will be reviewing the significant changes in this article. For those new to elementary OS, this Ubuntu-based Linux distribution uses their inhouse built Pantheon desktop environment and AppCenter.

Pop!_OS 20.04 Review: Professional Linux Distribution Ever Made

Linux is growing faster than ever. As per the latest report, there is a drop in the Windows 10 market share for the first time, and Linux's market share has improved to 2.87% this month. Most of the features in the list were rolled out in the Pop OS 20.04. Let's a detailed look into the new features, how to upgrade, and a ride through video.

VIDEO: Linux Lite 4.8 Features and Desktop Tour

Linux Lite eases Windows 7 users transition to Linux much more comfortable by offering simple software like Team Viewer, VLC, Firefox, TimeShift backup utility, and a full Microsoft Office compatible office suite in LibreOffice.

6 ways to find out your Linux file system type

Any Operating system in the market whether its Windows, Linux, Unix, macOS, and any other, must be able to access and manage files and data on storage devices.

Top 20 must-have apps for your Ubuntu PC

OK, this one is going to be a long one, so grab a cup of coffee and scroll through the best apps that we think are must-have for your Ubuntu PC. We have hand-picked each one of these considering the most common categories that suit an average Linux user.