How to install and configure Graylog on CentOS 7

Graylog is an open-source log management system. This tutorial provides a step-by-step guide on installing and configuring Graylog with SSL on CentOS 7.

Graylog is an open-source log management system. Founded by a Texas-based company with the same name, Graylog was formerly called Torch, which began as an open-source project in Hamburg, Germany, in the year 2009.

Graylog centrally captures, stores, and enables real-time search and log analysis against terabytes of machine data from any component in IT infrastructure and applications. The software uses Elasticsearch-based three-tier architecture and scalable storage. Graylog created a niche as a fast, affordable, and viable alternative to Splunk.

Installing Graylog on CentOS 7

1. Pre-setup

Fire up a terminal and enter the following command to set a Hostname.

hostnamectl set-hostname graylog

Update the system.

yum update -y

Install Epel Repository.

yum install epel-release

Install needed packages.

yum install pwgen vim

2. Setup JAVA

Install JAVA.

yum install java-1.8.0-openjdk-headless.x86_64

Install JAVA
Install JAVA

Check the java version.

java -version

Check Java Version
Check Java Version

3. Install MongoDB

Create a repository file.

vim /etc/yum.repos.d/mongodb-org.repo

Add the following contents.

[mongodb-org-4.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc

List repo.

yum repolist

Install MongoDB.

yum install mongodb-org

Install Mongo
Install Mongo

Enable mongo service on system boot.

systemctl enable mongod.service

Start service.

systemctl start mongod.service

Check mongo port.

netstat -tunlp | grep 27017

Mongo Port
Mongo Port

4. Installing Elasticsearch

Install the Elastic GPG key.

rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

Create a repository.

vim /etc/yum.repos.d/elasticsearch.repo

Add the following contents to the file.

[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/oss-6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

List repositories.

yum repolist

Install the open-source version of Elasticsearch.

yum install elasticsearch-oss

Install Elastic Search
Install Elastic Search

Modify the Elasticsearch configuration file.

Set the cluster name to Graylog and add “action.auto_create_index: false” to the file.

vim /etc/elasticsearch/elasticsearch.yml

Configurations
Configurations

Save and exit the file. Enable elastic search on system boot.

systemctl enable elasticsearch.service

Enable Elastic Search On System-boot
Enable Elastic Search On System-boot

Check the status of the service.

systemctl status elasticsearch.service

Start service.

systemctl start elasticsearch.service

Check logs.

tail -f /var/log/elasticsearch/graylog.log

Check elastic search health.

curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'

Check Elastic Search health
Check Elastic Search health

5. Installing the Graylog

Setup repository.

rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-3.2-repository_latest.rpm

Install Repo
Install Repo

List repositories.

yum repolist

Install Graylog-server.

yum install graylog-server

Install Graylog
Install Graylog

6. Configure Graylog

You should now add “password_secret” and “root_password_sha2” to server.conf file.

Generate password_secret.

pwgen -N 1 -s 96

Generate root_password_sha2.

echo -n foss@dan123 | sha256sum

Add generated values to file.

vim /etc/graylog/server/server.conf

Modified File
Modified File

Change bind-address.

vim /etc/graylog/server/server.conf

Uncomment the following line.

http_bind_address = 127.0.0.1:9000

Enable service on system boot.

systemctl enable graylog-server.service

Start service.

systemctl start graylog-server.service

Monitor server logs.

tail -f /var/log/graylog-server/server.log

Graylog Server Log
Graylog Server Log

check Server Port.

netstat -tunlp | grep 9000

Graylog Server Port
Graylog Server Port

7. Configuring Nginx reverse proxy with SSL

I. Install and configure Nginx

yum install nginx -y

Enable Nginx on boot.

systemctl enable nginx

Check status.

systemctl status nginx

Start service.

systemctl start nginx

II. Setup DNS record

Then go to your DNS manager and add A record for your server.

A Domain Name Server IP

III. Install and configure SSL with Certbot

Install certbot.

yum install certbot python2-certbot-nginx

There are few ways to get and configure SSL using Certbot, but here is the easiest way. Run the below command to get a certificate and apply it to Nginx.

certbot --nginx

Provide needed information when it asks. e.g., you need to provide email, domain name, etc.

Get SSL
Get SSL

When it asks to redirect all traffic to Https, enter the relevant number.

HTTPS Redirection
HTTPS Redirection

IV. Modify Nginx configurations

vim /etc/nginx/nginx.conf

Add the following contents to the Location Blocks.

 location /
{
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL https://$server_name/;
proxy_pass http://127.0.0.1:9000;
}

Check Nginx for syntax errors.

nginx -t

Restart Nginx.

systemctl restart nginx

8. Set SELinux policy

setsebool -P httpd_can_network_connect 1

9. Browse using your Domain name

https://graylog.fosslinux.com/

Then you will get the login interface.

Login Window
Login Window

Login with username “admin” and root password set inside server.conf. After login, you should see an interface like below.

After Login
After Login

Now we need to set up the input and push log files to the server.

Notification
Notification

That’s all about the installation and configuration of Graylog with SSL on CentOS. I hope you liked the tutorial.

Darshana
Hey! I'm Darshana, a Linux / DevOps Engineer and also a contributor to FOSS Linux. I enjoy working on various kind of Linux distributions and cloud technologies. During my free time, I love to swim and hike across nature trails. Linux is my love and I'm here to share all my learnings with all of you! Hope you enjoyed reading my article.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

STAY CONNECTED

23,241FansLike
388FollowersFollow
16SubscribersSubscribe

LATEST ARTICLES

MUST READ

The Ubuntu Cinnamon Remix brings together Linux Mint's Cinnamon desktop with the Ubuntu Core. While some users are welcoming the new flavor of Ubuntu with open arms, others are scratching their heads, wondering where it fits in.
The wait is finally over (almost) for all you Ubuntu fans out there. The latest version of Ubuntu, 20.10 codenamed "Groovy Gorilla," is currently available in the beta version. I have tested out the distro myself, and it is stable enough to take out for a spin.

10 Best Screen Capturing Software for Linux

Do you want to make a video tutorial for YouTube or show-off your epic victory royale to your friends? Look no further — as we have compiled the 10 Best Screen Capturing Software for Linux. Whether you need to record your desktop screen or take a simple screenshot, FOSSLinux has got your back.

Manjaro vs. Ubuntu – which is better for you?

If you are a person associated with Computer technology and spend most of the time in the open-source arena, you must have heard or worked with some of the popular Linux distributions we have in the market. Some of the names that you will never miss are; Ubuntu, Arch Linux, Debian, and Mint.

5 ways to send emails using the command-line in Linux

Did you master using the command-line in Linux? There is no limit to what one can do via the Linux Terminal. One of such things we are going to discuss today are methods of sending an email using the command-line.

VIDEO: Linux Lite 4.8 Features and Desktop Tour

Linux Lite eases Windows 7 users transition to Linux much more comfortable by offering simple software like Team Viewer, VLC, Firefox, TimeShift backup utility, and a full Microsoft Office compatible office suite in LibreOffice.