-->

DEVOPSZONES

  • Recent blogs

    How to Install Graylog 3 with Elasticsearch 6.x and mongodb 4.x on CentOS 8 / RHEL 8 Linux

    How to Install Graylog 3 with Elasticsearch 6.x and mongodb 4.x on CentOS 8 / RHEL 8 Linux

    Install Graylog 3 with Elasticsearch 6.x and mongodb 4.x on CentOS 8 / RHEL 8 Linux

    In this guide, we will take you through the steps to Install Graylog on CentOS 8 / RHEL 8 with Elasticsearch 6.x and MongoDB 4.x. Graylog is an open-source log management system that allows operations team to aggregate tons of log data, from multiple log sources.

    Graylog comes with out of the box GUI, powerful search feature, alerting and reporting. Graylog UI is simple and intuitive with complete user management and security.

    Install Graylog 3.x on CentOS 8 / RHEL 8 Linux

    Graylog requires Java, Elasticsearch, and MongoDB. Elasticsearch is responsible for logs storage and search. Enough talk, Lets begin with the installation of the dependencies and then install Graylog.

    Install Java on RHEL 8 / CentOS 8

    As Elasticsearch depends on Java 8, you need it installed it before Elasticsearch RHEL 8 / CentOS 8.

    yum install java-1.8.0-openjdk java-1.8.0-openjdk-devel
    [root@graylogserver3centos8 ~]# yum install java-1.8.0-openjdk java-1.8.0-openjdk-devel
    Loaded plugins: fastestmirror
    base                                                                                                     | 3.6 kB  00:00:00
    docker-ce-edge                                                                                           | 3.5 kB  00:00:00
    docker-ce-stable                                                                                         | 3.5 kB  00:00:00
    extras                                                                                                   | 2.9 kB  00:00:00
    updates                                                                                                  | 2.9 kB  00:00:00
    (1/8): docker-ce-stable/x86_64/updateinfo                                                                |   55 B  00:00:01
    (2/8): docker-ce-stable/x86_64/primary_db                                                                |  37 kB  00:00:00

    Install Elasticsearch 6 on RHEL 8 / CentOS 8


    Add Elasticsearch repository:

    [root@graylogserver3centos8 ~]# cat <<EOF |  tee /etc/yum.repos.d/elasticsearch.repo
     [elasticsearch-6.x]
     name=Elasticsearch repository for 6.x packages
     baseurl=https://artifacts.elastic.co/packages/oss-6.x/yum
     gpgcheck=1
     gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
     enabled=1
     autorefresh=1
     type=rpm-md
     EOF
    [root@graylogserver3centos8 ~]#

    Install Elasticsearch:


    [root@graylogserver3centos8 ~]# yum -y install elasticsearch-oss
    Loaded plugins: fastestmirror
    elasticsearch-6.x                                                                                        | 1.3 kB  00:00:00
    elasticsearch-6.x/primary                                                                                | 125 kB  00:00:02
    Loading mirror speeds from cached hostfile
     * base: mirrors.piconets.webwerks.in
     * extras: mirrors.piconets.webwerks.in
     * updates: mirrors.piconets.webwerks.in
    elasticsearch-6.x                                                                                                       393/393
    Resolving Dependencies

    Configure Elasticsearch for Graylog

    You need to modify the Elasticsearch configuration file and set the cluster name to graylog and add action.auto_create_index: false to the configuration file:

    The file to edit is /etc/elasticsearch/elasticsearch.yml.

    $  vi /etc/elasticsearch/elasticsearch.yml
    cluster.name: graylog
    action.auto_create_index: false

    Start and enable elasticsearch service:


     systemctl daemon-reload
     systemctl enable --now elasticsearch

    Confirm service status:

    [root@graylogserver3centos8 ~]# systemctl daemon-reload
    [root@graylogserver3centos8 ~]# systemctl enable --now elasticsearch
    Created symlink from /etc/systemd/system/multi-user.target.wants/elasticsearch.service to /usr/lib/systemd/system/elasticsearch.service.
    [root@graylogserver3centos8 ~]# systemctl status elasticsearch
    ● elasticsearch.service - Elasticsearch
       Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
       Active: active (running) since Wed 2019-12-11 19:25:03 IST; 15s ago
         Docs: http://www.elastic.co
     Main PID: 2063 (java)
       Memory: 840.0M
       CGroup: /system.slice/elasticsearch.service
               └─2053 /bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiating...

    Dec 11 19:25:03 graylogserver3centos8.org systemd[1]: Started Elasticsearch.
    Dec 11 19:25:03 graylogserver3centos8.org systemd[1]: Starting Elasticsearch...
    Dec 11 19:25:04 graylogserver3centos8.org elasticsearch[2053]: OpenJDK 64-Bit Server VM warning: If the number of processors ...ds=N
    Hint: Some lines were ellipsized, use -l to show in full.
    [root@graylogserver3centos8 ~]#


    Install MongoDB on RHEL 8 / CentOS 8

    MongoDB is used for storing Graylog related configurations. Install it on CentOS 8 / RHEL 8 using the steps shared in the article below.

    How to Install MongoDB 4 on RHEL 8 / CentOS 8


    Now install the Graylog repository :


     rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-3.1-repository_latest.rpm
    Graylog rpm packages are available on added repository.

    [root@graylogserver3centos8 ~]# rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-3.1-repository_latest.rpm
    Retrieving https://packages.graylog2.org/repo/packages/graylog-3.1-repository_latest.rpm
    Preparing...                          ################################# [100%]
    Updating / installing...
       1:graylog-3.1-repository-1-1       ################################# [100%]
     

    Install the Graylog Server :


     yum install graylog-server
    [root@graylogserver3centos8 ~]# yum install graylog-server -y
    Loaded plugins: fastestmirror
    graylog                                                                                                  | 2.9 kB  00:00:00
    graylog/x86_64/primary_db                                                                                | 9.5 kB  00:00:02
    Loading mirror speeds from cached hostfile

    ################################################################################
    Graylog does NOT start automatically!

    Please run the following commands if you want to start Graylog automatically on system boot:

         systemctl enable graylog-server.service

         systemctl start graylog-server.service

    ################################################################################
      Verifying  : graylog-server-3.1.3-1.noarch                                                                                1/1

    Installed:
      graylog-server.noarch 0:3.1.3-1

    Complete!
    [root@graylogserver3centos8 ~]#


    You need to set  password_secret and root_password_sha2 variables under /etc/graylog/server/server.conf. These settings are mandatory and without them, Graylog will not start!

    Use the following command to create your root_password_sha2:

    echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
    Set generated value in root_password_sha2

    $  vi /etc/graylog/server/server.conf

    root_username = admin
    root_password_sha2 = Sha2Passowrd
    Generate password_secret.

    $  yum -y install pwgen
    $ pwgen -N 1 -s 96
    <password_secret>

    How to use PWGEN  on Linux -- A command line random password generator

    $  vi /etc/graylog/server/server.conf
    password_secret = <password_secret>

    To be able to connect to Graylog you should set http_bind_address  IP address of the machine you can connect to.

    http_bind_address = 0.0.0.0:9000

    Now enable and start Graylog service:


        systemctl daemon-reload
        systemctl enable graylog-server.service
        systemctl start graylog-server.service
    [root@graylogserver3centos8 ~]# systemctl status graylog-server.service
    ● graylog-server.service - Graylog server
       Loaded: loaded (/usr/lib/systemd/system/graylog-server.service; enabled; vendor preset: disabled)
       Active: active (running) since Thu 2019-12-12 21:26:28 IST; 5s ago
         Docs: http://docs.graylog.org/


    graylog

    graylog

    Install Graylog 3 with Elasticsearch 6.x and mongodb 4.x on CentOS 7 / RHEL 7 Linux

    No comments