Here’s a no-frills rundown of the procedure that I followed to install the Graylog 2.5 Log management application on a RHEL 7.6 VM with outbound connectivity (tcp/443) to the internet:
STEP 1: Install Java and Utilities
sudo yum install java-1.8.0-openjdk-headless.x86_64 epel-release
sudo yum install pwgen |
sudo yum install java-1.8.0-openjdk-headless.x86_64 epel-release
sudo yum install pwgen
STEP 2: Install and start mongoDB
[mongodb-org-3.6]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.6/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.6.asc |
[mongodb-org-3.6]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.6/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.6.asc
sudo yum install -y mongodb-org
sudo systemctl enable mongod.service
sudo systemctl start mongod.service |
sudo yum install -y mongodb-org
sudo systemctl enable mongod.service
sudo systemctl start mongod.service
STEP 3: Install and start Elasticsearch
- Create /etc/yum.repos.d/elasticsearch.repo with the following:
[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=1
enabled=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
autorefresh=1
type=rpm-md |
[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/6.x/yum
gpgcheck=1
enabled=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
autorefresh=1
type=rpm-md
sudo yum install elasticsearch |
sudo yum install elasticsearch
sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service |
sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service
STEP 4: Install and start Graylog
sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-2.5-repository_latest.rpm
sudo yum install graylog-server |
sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-2.5-repository_latest.rpm
sudo yum install graylog-server
- Generate a password for Graylog
echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1 |
echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
- Edit /etc/graylog/server/server.conf and set password_secret (use instructions in file), root_password_sha2 (use command above) rest_listen_uri and web_listen_uri
- Enable and start the graylog server
sudo systemctl enable graylog-server.service
sudo systemctl start graylog-server.service |
sudo systemctl enable graylog-server.service
sudo systemctl start graylog-server.service
STEP 5: Install and setup nginx (reverse proxy for Graylog) – Optional
If you do not wish (or cannot due to blocked ports) to access the Graylog UI at port 9000, you may set up an nginx reverse proxy as per the following:
Set up the following nginx configuration file
server
{
listen 443 ssl spdy;
server_name graylog.example.org;
# <- your SSL Settings here!
location /
{
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL https://$server_name/api;
proxy_pass http://127.0.0.1:9000;
}
} |
server
{
listen 443 ssl spdy;
server_name graylog.example.org;
# <- your SSL Settings here!
location /
{
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL https://$server_name/api;
proxy_pass http://127.0.0.1:9000;
}
}
sudo systemctl enable nginx
sudo systemctl start nginx |
sudo systemctl enable nginx
sudo systemctl start nginx
You may now access the Graylog Web application (UI) at http://<hostname>:9000 (if you did not set up nginx) or https://<hostname> (with nginx).
VN:F [1.9.22_1171]