How To Install Graylog on RHEL / CentOS / Oracle / Rocky / AlmaLinux 8

An open-source log management solution called Graylog enables you to gather, store, and examine computer logs in one place.

This guide takes you through the installation of Graylog with Elasticsearch. More information can be found on Graylog Official website HERE!

STEPS

1.   Install EPEL Repository

      #   yum install -y epel-release

2.    Install additional packages

      #    yum install -y java-11-openjdk java-11-openjdk-devel
      #    yum install -y pwgen wget curl perl-Digest-SHA

3.  Install Elasticsearch

Elasticsearch is an open-source, distributed real-time search and analytics engine that is versatile and strong. Java is the programming language used to create Elasticsearch. More information can be found on Elasticsearch Official website

     i) Install Java

      #     yum install -y java-11-openjdk java-11-openjdk-devel

     ii) Configure Elasticsearch yum repository

      #    rpm –import https://artifacts.elastic.co/GPG-KEY-elasticsearch
      #    cd /etc/yum.repos.d/
      #    vi elasticsearch.repo

Copy paste below content into the file.

     [elasticsearch]
     name=Elasticsearch repository for 8.x packages
     baseurl=https://artifacts.elastic.co/packages/8.x/yum
     gpgcheck=1
     gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
     enabled=0
     autorefresh=1
     type=rpm-md

     iii) Install Elasticsearch

      #    yum install –enablerepo=elasticsearch elasticsearch

If you have issue with yum install, you can download and install the packages manually:

      #    cd /tmp
      #    wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.2.3-x86_64.rpm
      #    wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.2.3-x86_64.rpm.sha512
      #    shasum -a 512 -c elasticsearch-8.2.3-x86_64.rpm.sha512
      #    rpm –install elasticsearch-8.2.3-x86_64.rpm

     iv) Start and enable elastic search service:

      #    systemctl daemon-reload
      #    systemctl enable elasticsearch
      #    systemctl start elasticsearch
      #    systemctl status elasticsearch

Elasticsearch is now installed on your machine: You can view configuration using command below:

      #    curl -X GET “localhost:9200/?pretty”

4.  Configure Elasticsearch for Graylog

Modify the Elasticsearch configuration file (/etc/elasticsearch/elasticsearch.yml) and set the cluster name to graylog and uncomment action.auto_create_index: false to enable the action:

      #    tee -a /etc/elasticsearch/elasticsearch.yml > /dev/null <
cluster.name: graylog
action.auto_create_index: false
EOT

5.   Restart Elasticsearch service

      #    systemctl restart elasticsearch

6.  Install MongoDB Community Edition

A NoSQL database program based on documents is called MongoDB. It permits data to be saved in various ways in various documents, unlike MySQL. The data format is flexible and allows for different fields in various texts.
More information can be found on the official MongoDB website

     i) Add MongoDB Repository

      #     /etc/yum.repos.d/mongodb-org-5.0.repo

Add the following content into the file:

[mongodb-org-5.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/5.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-5.0.asc

     ii) Install MongoDB

      #    yum install -y mongodb-org

     iii) Start and enable MongoDB

      #    systemctl daemon-reload
      #    systemctl enable mongod.service
      #    systemctl start mongod.service
      #    systemctl status mongod.service

MongoDB is now installed in your server.

NOTE: If you have issue with yum, you can also download the .rpm files directly from the official website HERE

For quick start and tutorials, kindly use the MongoDB Tutorials

7)  Configure GrayLog yum repository.

      #    rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-4.2-repository_latest.rpm

8)  Install GrayLog

      #    yum install -y graylog-server graylog-enterprise-plugins graylog-integrations-plugins graylog-enterprise-integrations-plugins

9)  Edit the GrayLog Configuration File

First, create a password hash

      #    echo -n “Enter Password: ” && head -1 </dev/stdin | tr -d ‘\n’ | sha256sum | cut -d” ” -f1

Copy the hash generate above for your password.

Open and edit the Graylog config file

      #     vi /etc/graylog/server/server.conf

Edit below parameters

http_bind_address = 0.0.0.0:9000
password_secret = <YourPasswordHash>
root_password_sha2 = <YourPasswordHash>

10)  Enable and start Graylog service:

      #    systemctl daemon-reload
      #    systemctl enable graylog-server.service
      #    systemctl start graylog-server.service
      #    systemctl status graylog-server.service

11)  Open firewall ports:

      #    firewall-cmd –add-port={9000/tcp,9200/tcp,27017/tcp,80/tcp,514/udp} –permanent

You have installed Graylog server. You can access it using the URL http://serverip-or-hostname:9000/

IMPORTANT: If you using SELinux, Kindly consider running the commands below

      #   setsebool -P httpd_can_network_connect 1
      #  semanage port -a -t http_port_t -p tcp 9000
      #  semanage port -a -t http_port_t -p tcp 9200
      #  semanage port -a -t mongod_port_t -p tcp 27017

For Quick Start and Usage tutorials kindly get it HERE

0 Comments

Leave a reply

Your email address will not be published. Required fields are marked *

*

©2024 ZMATECH: Innovative solutions for your IT challenges.

Log in with your credentials

Forgot your details?