Menu Close

HOW-TO: Install Graylog on a single server

Here’s a no-frills rundown of the procedure that I followed to install the Graylog 2.5 Log management application on a RHEL 7.6 VM with outbound connectivity (tcp/443) to the internet:

STEP 1: Install Java and Utilities

sudo yum install java-1.8.0-openjdk-headless.x86_64 epel-release
sudo yum install pwgen

STEP 2: Install and start mongoDB

  • Configure the mongodb repository by creating /etc/yum.repos.d/mongodb-org-3.6.repo with the following:
[mongodb-org-3.6]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.6/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.6.asc
  • Install and start mongodb
sudo yum install -y mongodb-org
sudo systemctl enable mongod.service
sudo systemctl start mongod.service

STEP 3: Install and start Elasticsearch

  • Create /etc/yum.repos.d/elasticsearch.repo with the following:
[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=1
enabled=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
autorefresh=1
type=rpm-md
  • Install elasticsearch
sudo yum install elasticsearch
  • Configure elasticsearch by editing /etc/elasticsearch/elasticsearch.yml and setting the following:
cluster.name: graylog
  • Enable and start elasticsearch
sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service

 

STEP 4: Install and start Graylog

  • Install Graylog
sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-2.5-repository_latest.rpm
sudo yum install graylog-server
  • Generate a password for Graylog
echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
  • Edit /etc/graylog/server/server.conf and set password_secret (use instructions in file), root_password_sha2 (use command above) rest_listen_uri and web_listen_uri
  • Enable and start the graylog server
sudo systemctl enable graylog-server.service
sudo systemctl start graylog-server.service

STEP 5: Install and setup nginx (reverse proxy for Graylog) – Optional

If you do not wish (or cannot due to blocked ports) to access the Graylog UI at port 9000, you may set up an nginx reverse proxy as per the following:

  • Install nginx
sudo yum install nginx
  • Configure nginx

Set up the following nginx configuration file

server
{
    listen      443 ssl spdy;
    server_name graylog.example.org;
    # &lt;- your SSL Settings here!
 
    location /
    {
      proxy_set_header Host $http_host;
      proxy_set_header X-Forwarded-Host $host;
      proxy_set_header X-Forwarded-Server $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Graylog-Server-URL https://$server_name/api;
      proxy_pass       http://127.0.0.1:9000;
    }
}
  • Start nginx
sudo systemctl enable nginx
sudo systemctl start nginx

You may now access the Graylog Web application (UI) at http://<hostname>:9000 (if you did not set up nginx) or https://<hostname> (with nginx).

 

VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)
Print Friendly, PDF & Email
(Visited 259 times, 1 visits today)

Leave a Reply

Your email address will not be published. Required fields are marked *