Installing Gray Log - tconklin-champlain/Tech-Journal GitHub Wiki

Install Pre Req:

sudo yum install java-<version_number>-openjdk-headless.x86_64

MongoDB:

sudo touch /etc/yum.repos.d/mongodb-org.repo
sudo nano /etc/yum.repos.d/mongodb-org.repo
!!COPY AND PASTE BELOW!!
---
[mongodb-org-4.2]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.2.asc
---
sudo systemctl daemon-reload
sudo systemctl enable mongod.service
sudo systemctl start mongod.service
sudo systemctl --type=service --state=active | grep mongod
---

Elastic Search

sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
sudo touch /etc/yum.repos.d/elasticsearch.repo
sudo nano /etc/yum.repos.d/elasticsearch.repo
!!COPY AND PASTE BELOW!!
---
[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/oss-7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
---
sudo yum install elasticsearch-oss
sudo nano /etc/elasticsearch/elasticsearch.yml
sudo tee -a /etc/elasticsearch/elasticsearch.yml > /dev/null <<EOT
cluster.name: graylog
action.auto_create_index: false
EOT
---
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service
sudo systemctl --type=service --state=active | grep elasticsearch

Finally Graylog

sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-4.2-repository_latest.rpm
sudo yum install graylog-server graylog-enterprise-plugins graylog-integrations-plugins graylog-enterprise-integrations-plugins
---
echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
!!! COPY AND PASTE THE HASH TO THESE LOCATIONS !!!
/etc/graylog/server/server.conf:
- password_secret = ( HERE )
- root_password_sha2 = ( HERE )
!!! UNCOMMENT AND CHANGE HTTP BIND ADDRESS TO LOG SERVER !!!
http_bind_address = ( LOG SERVER IP )
sudo systemctl daemon-reload
sudo systemctl enable egraylog-server.service
sudo systemctl restart graylog-server.service
sudo systemctl --type=service --state=active | grep graylog-server
---

Firewall Config

sudo firewall-cmd --permanent --add-port=9000/tcp sudo firewall-cmd --reload

Installing Gray Log - tconklin-champlain/Tech-Journal GitHub Wiki

Install Pre Req:

MongoDB:

Elastic Search

Finally Graylog

Firewall Config

Configuring a new log input is easy in case you forget! Graylog Resource

Make sure to open any firewall port you use in config!