Scribd Logo
Upload

Welcome to Scribd!

  • Graylog Deployment

    Uploaded by

    hirland noer
    16 views3 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    16 views3 pages

    Graylog Deployment

    Uploaded by

    hirland noer

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    GRAYLOG

    Installation and deployment reference guide for CENTOS :

    https://docs.graylog.org/v1/docs/centos

    1. Install Java

    yum -y update
    yum install java-1.8.0-openjdk

    and then set java environtment

    2. Install MongoDB :

    First add the repository file /etc/yum.repos.d/mongodb-org.repo with the following contents:

    [mongodb-org-4.2]
    name=MongoDB Repository
    baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.2/x86_64/
    gpgcheck=1
    enabled=1
    gpgkey=https://www.mongodb.org/static/pgp/server-4.2.asc

    and then install mongoDB

    sudo yum install mongodb-org.

    start the service :

    sudo systemctl daemon-reload


    sudo systemctl enable mongod.service
    sudo systemctl start mongod.service
    sudo systemctl --type=service --state=active | grep mongod
    3. Install Elasticsearch :

    Run this command :

     rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

    then add repository file /etc/yum.repos.d/elasticsearch.repo with the following content :

    [elasticsearch-7.x]
    name=Elasticsearch repository for 7.x packages
    baseurl=https://artifacts.elastic.co/packages/oss-7.x/yum
    gpgcheck=1
    gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
    enabled=1
    autorefresh=1
    type=rpm-md

    Install Elasticsearch :

    sudo yum install elasticsearch-oss.

    4. Modify the Elasticsearch configuration file /etc/elasticsearch/elasticsearch.yml and set


    the cluster name to graylog and uncomment action.auto_create_index: false to enable
    the action:

    sudo tee -a /etc/elasticsearch/elasticsearch.yml > /dev/null <<EOT


    cluster.name: graylog
    action.auto_create_index: false
    EOT

    Start the service :

    sudo systemctl daemon-reload


    sudo systemctl enable elasticsearch.service
    sudo systemctl restart elasticsearch.service
    sudo systemctl --type=service --state=active | grep elasticsearch

    5. Install Graylog with the following command :

    sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-4.2-repository_latest.rpm

    sudo yum install graylog-server graylog-enterprise-plugins graylog-integrations-plugins graylog-


    enterprise-integrations-plugins
    6. Read the instructions within the configurations file and edit as needed, located
    at /etc/graylog/server/server.conf

    Set the IP Adrress of the Graylog Server

    Additionally add password_secret and root_password_sha2 as these are mandatory


    and Graylog will not start without them.

    To create your root_password_sha2 run the following command:

    echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1

    7. Start Graylog service :

    sudo systemctl daemon-reload


    sudo systemctl enable graylog-server.service
    sudo systemctl start graylog-server.service
    sudo systemctl --type=service --state=active | grep graylog

    8. Access Graylog via web browser at http://GraylogserverIP:9000/

    You might also like