How to Install Graylog 3 with Elasticsearch 6.x and mongodb 4.x on CentOS 8 / RHEL 8 Linux
How to Install Graylog 3 with Elasticsearch 6.x and mongodb 4.x on CentOS 8 / RHEL 8 Linux
In this guide, we will take you through the steps to Install Graylog on CentOS 8 / RHEL 8 with Elasticsearch 6.x and MongoDB 4.x. Graylog is an open-source log management system that allows operations team to aggregate tons of log data, from multiple log sources.
Graylog comes with out of the box GUI, powerful search feature, alerting and reporting. Graylog UI is simple and intuitive with complete user management and security.
Install Graylog 3.x on CentOS 8 / RHEL 8 Linux
Graylog requires Java, Elasticsearch, and MongoDB. Elasticsearch is responsible for logs storage and search. Enough talk, Lets begin with the installation of the dependencies and then install Graylog.Install Java on RHEL 8 / CentOS 8
As Elasticsearch depends on Java 8, you need it installed it before Elasticsearch RHEL 8 / CentOS 8.
yum install java-1.8.0-openjdk java-1.8.0-openjdk-devel
[root@graylogserver3centos8 ~]# yum install java-1.8.0-openjdk java-1.8.0-openjdk-devel
Loaded plugins: fastestmirror
base | 3.6 kB 00:00:00
docker-ce-edge | 3.5 kB 00:00:00
docker-ce-stable | 3.5 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/8): docker-ce-stable/x86_64/updateinfo | 55 B 00:00:01
(2/8): docker-ce-stable/x86_64/primary_db | 37 kB 00:00:00
[root@graylogserver3centos8 ~]# yum install java-1.8.0-openjdk java-1.8.0-openjdk-devel
Loaded plugins: fastestmirror
base | 3.6 kB 00:00:00
docker-ce-edge | 3.5 kB 00:00:00
docker-ce-stable | 3.5 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/8): docker-ce-stable/x86_64/updateinfo | 55 B 00:00:01
(2/8): docker-ce-stable/x86_64/primary_db | 37 kB 00:00:00
Install Elasticsearch 6 on RHEL 8 / CentOS 8
Add Elasticsearch repository:
[root@graylogserver3centos8 ~]# cat <<EOF | tee /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/oss-6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF
[root@graylogserver3centos8 ~]#
[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/oss-6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF
[root@graylogserver3centos8 ~]#
Install Elasticsearch:
[root@graylogserver3centos8 ~]# yum -y install elasticsearch-oss
Loaded plugins: fastestmirror
elasticsearch-6.x | 1.3 kB 00:00:00
elasticsearch-6.x/primary | 125 kB 00:00:02
Loading mirror speeds from cached hostfile
* base: mirrors.piconets.webwerks.in
* extras: mirrors.piconets.webwerks.in
* updates: mirrors.piconets.webwerks.in
elasticsearch-6.x 393/393
Resolving Dependencies
Loaded plugins: fastestmirror
elasticsearch-6.x | 1.3 kB 00:00:00
elasticsearch-6.x/primary | 125 kB 00:00:02
Loading mirror speeds from cached hostfile
* base: mirrors.piconets.webwerks.in
* extras: mirrors.piconets.webwerks.in
* updates: mirrors.piconets.webwerks.in
elasticsearch-6.x 393/393
Resolving Dependencies
Configure Elasticsearch for Graylog
You need to modify the Elasticsearch configuration file and set the cluster name to graylog and add action.auto_create_index: false to the configuration file:The file to edit is /etc/elasticsearch/elasticsearch.yml.
$ vi /etc/elasticsearch/elasticsearch.yml
cluster.name: graylog
action.auto_create_index: false
cluster.name: graylog
action.auto_create_index: false
Start and enable elasticsearch service:
systemctl daemon-reload
systemctl enable --now elasticsearch
systemctl enable --now elasticsearch
Confirm service status:
[root@graylogserver3centos8 ~]# systemctl daemon-reload
[root@graylogserver3centos8 ~]# systemctl enable --now elasticsearch
Created symlink from /etc/systemd/system/multi-user.target.wants/elasticsearch.service to /usr/lib/systemd/system/elasticsearch.service.
[root@graylogserver3centos8 ~]# systemctl status elasticsearch
● elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2019-12-11 19:25:03 IST; 15s ago
Docs: http://www.elastic.co
Main PID: 2063 (java)
Memory: 840.0M
CGroup: /system.slice/elasticsearch.service
└─2053 /bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiating...
Dec 11 19:25:03 graylogserver3centos8.org systemd[1]: Started Elasticsearch.
Dec 11 19:25:03 graylogserver3centos8.org systemd[1]: Starting Elasticsearch...
Dec 11 19:25:04 graylogserver3centos8.org elasticsearch[2053]: OpenJDK 64-Bit Server VM warning: If the number of processors ...ds=N
Hint: Some lines were ellipsized, use -l to show in full.
[root@graylogserver3centos8 ~]#
[root@graylogserver3centos8 ~]# systemctl enable --now elasticsearch
Created symlink from /etc/systemd/system/multi-user.target.wants/elasticsearch.service to /usr/lib/systemd/system/elasticsearch.service.
[root@graylogserver3centos8 ~]# systemctl status elasticsearch
● elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2019-12-11 19:25:03 IST; 15s ago
Docs: http://www.elastic.co
Main PID: 2063 (java)
Memory: 840.0M
CGroup: /system.slice/elasticsearch.service
└─2053 /bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiating...
Dec 11 19:25:03 graylogserver3centos8.org systemd[1]: Started Elasticsearch.
Dec 11 19:25:03 graylogserver3centos8.org systemd[1]: Starting Elasticsearch...
Dec 11 19:25:04 graylogserver3centos8.org elasticsearch[2053]: OpenJDK 64-Bit Server VM warning: If the number of processors ...ds=N
Hint: Some lines were ellipsized, use -l to show in full.
[root@graylogserver3centos8 ~]#
Install MongoDB on RHEL 8 / CentOS 8
MongoDB is used for storing Graylog related configurations. Install it on CentOS 8 / RHEL 8 using the steps shared in the article below.How to Install MongoDB 4 on RHEL 8 / CentOS 8
Now install the Graylog repository :
rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-3.1-repository_latest.rpm
Graylog rpm packages are available on added repository.
[root@graylogserver3centos8 ~]# rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-3.1-repository_latest.rpm
Retrieving https://packages.graylog2.org/repo/packages/graylog-3.1-repository_latest.rpm
Preparing... ################################# [100%]
Updating / installing...
1:graylog-3.1-repository-1-1 ################################# [100%]
Graylog rpm packages are available on added repository.
[root@graylogserver3centos8 ~]# rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-3.1-repository_latest.rpm
Retrieving https://packages.graylog2.org/repo/packages/graylog-3.1-repository_latest.rpm
Preparing... ################################# [100%]
Updating / installing...
1:graylog-3.1-repository-1-1 ################################# [100%]
Install the Graylog Server :
yum install graylog-server
[root@graylogserver3centos8 ~]# yum install graylog-server -y
Loaded plugins: fastestmirror
graylog | 2.9 kB 00:00:00
graylog/x86_64/primary_db | 9.5 kB 00:00:02
Loading mirror speeds from cached hostfile
################################################################################
Graylog does NOT start automatically!
Please run the following commands if you want to start Graylog automatically on system boot:
systemctl enable graylog-server.service
systemctl start graylog-server.service
################################################################################
Verifying : graylog-server-3.1.3-1.noarch 1/1
Installed:
graylog-server.noarch 0:3.1.3-1
Complete!
[root@graylogserver3centos8 ~]#
[root@graylogserver3centos8 ~]# yum install graylog-server -y
Loaded plugins: fastestmirror
graylog | 2.9 kB 00:00:00
graylog/x86_64/primary_db | 9.5 kB 00:00:02
Loading mirror speeds from cached hostfile
################################################################################
Graylog does NOT start automatically!
Please run the following commands if you want to start Graylog automatically on system boot:
systemctl enable graylog-server.service
systemctl start graylog-server.service
################################################################################
Verifying : graylog-server-3.1.3-1.noarch 1/1
Installed:
graylog-server.noarch 0:3.1.3-1
Complete!
[root@graylogserver3centos8 ~]#
You need to set password_secret and root_password_sha2 variables under /etc/graylog/server/server.conf. These settings are mandatory and without them, Graylog will not start!
Use the following command to create your root_password_sha2:
echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
Set generated value in root_password_sha2
$ vi /etc/graylog/server/server.conf
root_username = admin
root_password_sha2 = Sha2Passowrd
Generate password_secret.
$ yum -y install pwgen
$ pwgen -N 1 -s 96
<password_secret>
root_username = admin
root_password_sha2 = Sha2Passowrd
Generate password_secret.
$ yum -y install pwgen
$ pwgen -N 1 -s 96
<password_secret>
How to use PWGEN on Linux -- A command line random password generator
$ vi /etc/graylog/server/server.conf
password_secret = <password_secret>
To be able to connect to Graylog you should set http_bind_address IP address of the machine you can connect to.
http_bind_address = 0.0.0.0:9000
password_secret = <password_secret>
To be able to connect to Graylog you should set http_bind_address IP address of the machine you can connect to.
http_bind_address = 0.0.0.0:9000
Now enable and start Graylog service:
systemctl daemon-reload
systemctl enable graylog-server.service
systemctl start graylog-server.service
[root@graylogserver3centos8 ~]# systemctl status graylog-server.service
● graylog-server.service - Graylog server
Loaded: loaded (/usr/lib/systemd/system/graylog-server.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2019-12-12 21:26:28 IST; 5s ago
Docs: http://docs.graylog.org/
systemctl enable graylog-server.service
systemctl start graylog-server.service
[root@graylogserver3centos8 ~]# systemctl status graylog-server.service
● graylog-server.service - Graylog server
Loaded: loaded (/usr/lib/systemd/system/graylog-server.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2019-12-12 21:26:28 IST; 5s ago
Docs: http://docs.graylog.org/
Install Graylog 3 with Elasticsearch 6.x and mongodb 4.x on CentOS 7 / RHEL 7 Linux
No comments