How to install and configure Graylog on CentOS 7

Graylog is an open-source log management system. This tutorial provides a step-by-step guide on installing and configuring Graylog with SSL on CentOS 7.

Graylog is an open-source log management system. Founded by a Texas-based company with the same name, Graylog was formerly called Torch, which began as an open-source project in Hamburg, Germany, in the year 2009.

Graylog centrally captures, stores, and enables real-time search and log analysis against terabytes of machine data from any component in IT infrastructure and applications. The software uses Elasticsearch-based three-tier architecture and scalable storage. Graylog created a niche as a fast, affordable, and viable alternative to Splunk.

Installing Graylog on CentOS 7

1. Pre-setup

Fire up a terminal and enter the following command to set a Hostname.

hostnamectl set-hostname graylog

Update the system.

yum update -y

Install Epel Repository.

yum install epel-release

Install needed packages.

yum install pwgen vim

2. Setup JAVA

Install JAVA.

yum install java-1.8.0-openjdk-headless.x86_64

Install JAVA
Install JAVA

Check the java version.

java -version

Check Java Version
Check Java Version

3. Install MongoDB

Create a repository file.

vim /etc/yum.repos.d/mongodb-org.repo

Add the following contents.

[mongodb-org-4.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc

List repo.

yum repolist

Install MongoDB.

yum install mongodb-org

Install Mongo
Install Mongo

Enable mongo service on system boot.

systemctl enable mongod.service

Start service.

systemctl start mongod.service

Check mongo port.

netstat -tunlp | grep 27017

Mongo Port
Mongo Port

4. Installing Elasticsearch

Install the Elastic GPG key.

rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

Create a repository.

vim /etc/yum.repos.d/elasticsearch.repo

Add the following contents to the file.

[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/oss-6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

List repositories.

yum repolist

Install the open-source version of Elasticsearch.

yum install elasticsearch-oss

Install Elastic Search
Install Elastic Search

Modify the Elasticsearch configuration file.

Set the cluster name to Graylog and add “action.auto_create_index: false” to the file.

vim /etc/elasticsearch/elasticsearch.yml

Configurations
Configurations

Save and exit the file. Enable elastic search on system boot.

systemctl enable elasticsearch.service

Enable Elastic Search On System-boot
Enable Elastic Search On System-boot

Check the status of the service.

systemctl status elasticsearch.service

Start service.

systemctl start elasticsearch.service

Check logs.

tail -f /var/log/elasticsearch/graylog.log

Check elastic search health.

curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'

Check Elastic Search health
Check Elastic Search health

5. Installing the Graylog

Setup repository.

rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-3.2-repository_latest.rpm

Install Repo
Install Repo

List repositories.

yum repolist

Install Graylog-server.

yum install graylog-server

Install Graylog
Install Graylog

6. Configure Graylog

You should now add “password_secret” and “root_password_sha2” to server.conf file.

Generate password_secret.

pwgen -N 1 -s 96

Generate root_password_sha2.

echo -n [email protected] | sha256sum

Add generated values to file.

vim /etc/graylog/server/server.conf

Modified File
Modified File

Change bind-address.

vim /etc/graylog/server/server.conf

Uncomment the following line.

http_bind_address = 127.0.0.1:9000

Enable service on system boot.

systemctl enable graylog-server.service

Start service.

systemctl start graylog-server.service

Monitor server logs.

tail -f /var/log/graylog-server/server.log

Graylog Server Log
Graylog Server Log

check Server Port.

netstat -tunlp | grep 9000

Graylog Server Port
Graylog Server Port

7. Configuring Nginx reverse proxy with SSL

I. Install and configure Nginx

yum install nginx -y

Enable Nginx on boot.

systemctl enable nginx

Check status.

systemctl status nginx

Start service.

systemctl start nginx

II. Setup DNS record

Then go to your DNS manager and add A record for your server.

A Domain Name Server IP

III. Install and configure SSL with Certbot

Install certbot.

yum install certbot python2-certbot-nginx

There are few ways to get and configure SSL using Certbot, but here is the easiest way. Run the below command to get a certificate and apply it to Nginx.

certbot --nginx

Provide needed information when it asks. e.g., you need to provide email, domain name, etc.

Get SSL
Get SSL

When it asks to redirect all traffic to Https, enter the relevant number.

HTTPS Redirection
HTTPS Redirection

IV. Modify Nginx configurations

vim /etc/nginx/nginx.conf

Add the following contents to the Location Blocks.

 location /
{
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL https://$server_name/;
proxy_pass http://127.0.0.1:9000;
}

Check Nginx for syntax errors.

nginx -t

Restart Nginx.

systemctl restart nginx

8. Set SELinux policy

setsebool -P httpd_can_network_connect 1

9. Browse using your Domain name

https://graylog.fosslinux.com/

Then you will get the login interface.

Login Window
Login Window

Login with username “admin” and root password set inside server.conf. After login, you should see an interface like below.

After Login
After Login

Now we need to set up the input and push log files to the server.

Notification
Notification

That’s all about the installation and configuration of Graylog with SSL on CentOS. I hope you liked the tutorial.

Darshana
Hey! I'm Darshana, a Linux / DevOps Engineer and also a contributor to FOSS Linux. I enjoy working on various kind of Linux distributions and cloud technologies. During my free time, I love to swim and hike across nature trails. Linux is my love and I'm here to share all my learnings with all of you! Hope you enjoyed reading my article.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

STAY CONNECTED

23,874FansLike
265FollowersFollow
16SubscribersSubscribe

LATEST ARTICLES

How to create Manjaro Linux Live USB drive in Windows PC

Create Manjaro Live USB flash drive
Manjaro Linux is based on the independently developed Arch operating system.  Arch Linux is already known to be an exceptionally fast, powerful, and lightweight distribution. But Arch Linux is typically targeted to geeks who have some Linux background and command-line usage.
Linux file system type
Any Operating system in the market whether its Windows, Linux, Unix, macOS, and any other, must be able to access and manage files and data on storage devices.
best linux distros programmers
Linux distros have long been a favorite among programmers since the rise in popularity of the OS in the nineties. Programmers are technical by nature, and Linux distros appeal to that technical nature. Let's discuss why Linux is a great desktop OS for programmers and developers, and find out best distros suitable for them.