Home CentOS How to install and configure Graylog on CentOS 7

How to install and configure Graylog on CentOS 7

by Darshana
Graylog installation centos

Graylog is an open-source log management system. Founded by a Texas-based company with the same name, Graylog was formerly called Torch, which began as an open-source project in Hamburg, Germany, in the year 2009.

Graylog centrally captures, stores, and enables real-time search and log analysis against terabytes of machine data from any component in IT infrastructure and applications. The software uses Elasticsearch-based three-tier architecture and scalable storage. Graylog created a niche as a fast, affordable, and viable alternative to Splunk.

Installing Graylog on CentOS 7

1. Pre-setup

Fire up a terminal and enter the following command to set a Hostname.

hostnamectl set-hostname graylog

Update the system.

yum update -y

Install Epel Repository.

yum install epel-release

Install needed packages.

yum install pwgen vim

2. Setup JAVA

Install JAVA.

yum install java-1.8.0-openjdk-headless.x86_64
Install JAVA

Install JAVA

Check the java version.

java -version
Check Java Version

Check Java Version

3. Install MongoDB

Create a repository file.

vim /etc/yum.repos.d/mongodb-org.repo

Add the following contents.

[mongodb-org-4.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc

List repo.

yum repolist

Install MongoDB.

yum install mongodb-org
Install Mongo

Install Mongo

Enable mongo service on system boot.

systemctl enable mongod.service

Start service.

systemctl start mongod.service

Check mongo port.

netstat -tunlp | grep 27017
Mongo Port

Mongo Port

4. Installing Elasticsearch

Install the Elastic GPG key.

rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

Create a repository.

vim /etc/yum.repos.d/elasticsearch.repo

Add the following contents to the file.

[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/oss-6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

List repositories.

yum repolist

Install the open-source version of Elasticsearch.

yum install elasticsearch-oss
Install Elastic Search

Install Elastic Search

Modify the Elasticsearch configuration file.

Set the cluster name to Graylog and add “action.auto_create_index: false” to the file.

vim /etc/elasticsearch/elasticsearch.yml
Configurations

Configurations

Save and exit the file. Enable elastic search on system boot.

systemctl enable elasticsearch.service
Enable Elastic Search On System-boot

Enable Elastic Search On System-boot

Check the status of the service.

systemctl status elasticsearch.service

Start service.

systemctl start elasticsearch.service

Check logs.

tail -f /var/log/elasticsearch/graylog.log

Check elastic search health.

curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'
Check Elastic Search health

Check Elastic Search health

5. Installing the Graylog

Setup repository.

rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-3.2-repository_latest.rpm
Install Repo

Install Repo

List repositories.

yum repolist

Install Graylog-server.

yum install graylog-server
Install Graylog

Install Graylog

6. Configure Graylog

You should now add “password_secret” and “root_password_sha2” to server.conf file.

Generate password_secret.

pwgen -N 1 -s 96

Generate root_password_sha2.

echo -n foss@dan123 | sha256sum

Add generated values to file.

vim /etc/graylog/server/server.conf
Modified File

Modified File

Change bind-address.

vim /etc/graylog/server/server.conf

Uncomment the following line.

http_bind_address = 127.0.0.1:9000

Enable service on system boot.

systemctl enable graylog-server.service

Start service.

systemctl start graylog-server.service

Monitor server logs.

tail -f /var/log/graylog-server/server.log
Graylog Server Log

Graylog Server Log

check Server Port.

netstat -tunlp | grep 9000
Graylog Server Port

Graylog Server Port

7. Configuring Nginx reverse proxy with SSL

I. Install and configure Nginx

yum install nginx -y

Enable Nginx on boot.

systemctl enable nginx

Check status.

systemctl status nginx

Start service.

systemctl start nginx

II. Setup DNS record

Then go to your DNS manager and add A record for your server.

A Domain Name Server IP

III. Install and configure SSL with Certbot

Install certbot.

yum install certbot python2-certbot-nginx

There are few ways to get and configure SSL using Certbot, but here is the easiest way. Run the below command to get a certificate and apply it to Nginx.

certbot --nginx

Provide needed information when it asks. e.g., you need to provide email, domain name, etc.

Get SSL

Get SSL

When it asks to redirect all traffic to Https, enter the relevant number.

HTTPS Redirection

HTTPS Redirection

IV. Modify Nginx configurations

vim /etc/nginx/nginx.conf

Add the following contents to the Location Blocks.

 location /
{
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL https://$server_name/;
proxy_pass http://127.0.0.1:9000;
}

Check Nginx for syntax errors.

nginx -t

Restart Nginx.

systemctl restart nginx

8. Set SELinux policy

setsebool -P httpd_can_network_connect 1

9. Browse using your Domain name

https://graylog.fosslinux.com/

Then you will get the login interface.

Login Window

Login Window

Login with username “admin” and root password set inside server.conf. After login, you should see an interface like below.

After Login

After Login

Now we need to set up the input and push log files to the server.

Notification

Notification

That’s all about the installation and configuration of Graylog with SSL on CentOS. I hope you liked the tutorial.

You may also like

2 comments

Shetu April 19, 2021 - 5:47 AM

How do i send data from remote client?
My graylog server ip is 192.168.11.30
I can send log from sub-net. How do I send data from 192.168.25.107?

Reply
emy May 5, 2022 - 5:11 AM

how can i send logs from cisco router to graylog server?

Reply

Leave a Comment

fl_logo_v3_footer

ENHANCE YOUR LINUX EXPERIENCE.



FOSS Linux is a leading resource for Linux enthusiasts and professionals alike. With a focus on providing the best Linux tutorials, open-source apps, news, and reviews written by team of expert authors. FOSS Linux is the go-to source for all things Linux.

Whether you’re a beginner or an experienced user, FOSS Linux has something for everyone.

Follow Us

Subscribe

©2016-2023 FOSS LINUX

A PART OF VIBRANT LEAF MEDIA COMPANY.

ALL RIGHTS RESERVED.

“Linux” is the registered trademark by Linus Torvalds in the U.S. and other countries.