How To Install Graylog on RHEL / CentOS / Oracle / Rocky / AlmaLinux 8
An open-source log management solution called Graylog enables you to gather, store, and examine computer logs in one place.
This guide takes you through the installation of Graylog with Elasticsearch. More information can be found on Graylog Official website HERE!
STEPS
1. Install EPEL Repository
# yum install -y epel-release
2. Install additional packages
# yum install -y java-11-openjdk java-11-openjdk-devel
# yum install -y pwgen wget curl perl-Digest-SHA
3. Install Elasticsearch
Elasticsearch is an open-source, distributed real-time search and analytics engine that is versatile and strong. Java is the programming language used to create Elasticsearch. More information can be found on Elasticsearch Official website
i) Install Java
# yum install -y java-11-openjdk java-11-openjdk-devel
ii) Configure Elasticsearch yum repository
# rpm –import https://artifacts.elastic.co/GPG-KEY-elasticsearch
# cd /etc/yum.repos.d/
# vi elasticsearch.repo
Copy paste below content into the file.
[elasticsearch]
name=Elasticsearch repository for 8.x packages
baseurl=https://artifacts.elastic.co/packages/8.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=0
autorefresh=1
type=rpm-md
iii) Install Elasticsearch
# yum install –enablerepo=elasticsearch elasticsearch
If you have issue with yum install, you can download and install the packages manually:
# cd /tmp
# wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.2.3-x86_64.rpm
# wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.2.3-x86_64.rpm.sha512
# shasum -a 512 -c elasticsearch-8.2.3-x86_64.rpm.sha512
# rpm –install elasticsearch-8.2.3-x86_64.rpm
iv) Start and enable elastic search service:
# systemctl daemon-reload
# systemctl enable elasticsearch
# systemctl start elasticsearch
# systemctl status elasticsearch
Elasticsearch is now installed on your machine: You can view configuration using command below:
# curl -X GET “localhost:9200/?pretty”
4. Configure Elasticsearch for Graylog
Modify the Elasticsearch configuration file (/etc/elasticsearch/elasticsearch.yml) and set the cluster name to graylog and uncomment action.auto_create_index: false to enable the action:
# tee -a /etc/elasticsearch/elasticsearch.yml > /dev/null <
cluster.name: graylog
action.auto_create_index: false
EOT
5. Restart Elasticsearch service
# systemctl restart elasticsearch
6. Install MongoDB Community Edition
A NoSQL database program based on documents is called MongoDB. It permits data to be saved in various ways in various documents, unlike MySQL. The data format is flexible and allows for different fields in various texts.
More information can be found on the official MongoDB website
i) Add MongoDB Repository
# /etc/yum.repos.d/mongodb-org-5.0.repo
Add the following content into the file:
[mongodb-org-5.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/5.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-5.0.asc
ii) Install MongoDB
# yum install -y mongodb-org
iii) Start and enable MongoDB
# systemctl daemon-reload
# systemctl enable mongod.service
# systemctl start mongod.service
# systemctl status mongod.service
MongoDB is now installed in your server.
NOTE: If you have issue with yum, you can also download the .rpm files directly from the official website HERE
For quick start and tutorials, kindly use the MongoDB Tutorials
7) Configure GrayLog yum repository.
# rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-4.2-repository_latest.rpm
8) Install GrayLog
# yum install -y graylog-server graylog-enterprise-plugins graylog-integrations-plugins graylog-enterprise-integrations-plugins
9) Edit the GrayLog Configuration File
First, create a password hash
# echo -n “Enter Password: ” && head -1 </dev/stdin | tr -d ‘\n’ | sha256sum | cut -d” ” -f1
Copy the hash generate above for your password.
Open and edit the Graylog config file
# vi /etc/graylog/server/server.conf
Edit below parameters
http_bind_address = 0.0.0.0:9000
password_secret = <YourPasswordHash>
root_password_sha2 = <YourPasswordHash>
10) Enable and start Graylog service:
# systemctl daemon-reload
# systemctl enable graylog-server.service
# systemctl start graylog-server.service
# systemctl status graylog-server.service
11) Open firewall ports:
# firewall-cmd –add-port={9000/tcp,9200/tcp,27017/tcp,80/tcp,514/udp} –permanent
You have installed Graylog server. You can access it using the URL http://serverip-or-hostname:9000/
IMPORTANT: If you using SELinux, Kindly consider running the commands below
# setsebool -P httpd_can_network_connect 1
# semanage port -a -t http_port_t -p tcp 9000
# semanage port -a -t http_port_t -p tcp 9200
# semanage port -a -t mongod_port_t -p tcp 27017
For Quick Start and Usage tutorials kindly get it HERE