Installing Gray Log - tconklin-champlain/Tech-Journal GitHub Wiki
Install Pre Req:
sudo yum install java-<version_number>-openjdk-headless.x86_64
MongoDB:
sudo touch /etc/yum.repos.d/mongodb-org.repo
sudo nano /etc/yum.repos.d/mongodb-org.repo
!!COPY AND PASTE BELOW!!
---
[mongodb-org-4.2]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.2.asc
---
sudo systemctl daemon-reload
sudo systemctl enable mongod.service
sudo systemctl start mongod.service
sudo systemctl --type=service --state=active | grep mongod
---
Elastic Search
sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
sudo touch /etc/yum.repos.d/elasticsearch.repo
sudo nano /etc/yum.repos.d/elasticsearch.repo
!!COPY AND PASTE BELOW!!
---
[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/oss-7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
---
sudo yum install elasticsearch-oss
sudo nano /etc/elasticsearch/elasticsearch.yml
sudo tee -a /etc/elasticsearch/elasticsearch.yml > /dev/null <<EOT
cluster.name: graylog
action.auto_create_index: false
EOT
---
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service
sudo systemctl --type=service --state=active | grep elasticsearch
Finally Graylog
sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-4.2-repository_latest.rpm
sudo yum install graylog-server graylog-enterprise-plugins graylog-integrations-plugins graylog-enterprise-integrations-plugins
---
echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
!!! COPY AND PASTE THE HASH TO THESE LOCATIONS !!!
/etc/graylog/server/server.conf:
- password_secret = ( HERE )
- root_password_sha2 = ( HERE )
!!! UNCOMMENT AND CHANGE HTTP BIND ADDRESS TO LOG SERVER !!!
http_bind_address = ( LOG SERVER IP )
sudo systemctl daemon-reload
sudo systemctl enable egraylog-server.service
sudo systemctl restart graylog-server.service
sudo systemctl --type=service --state=active | grep graylog-server
---
Firewall Config
sudo firewall-cmd --permanent --add-port=9000/tcp
sudo firewall-cmd --reload
Graylog Resource
Configuring a new log input is easy in case you forget!Make sure to open any firewall port you use in config!