Linux

Installing Graylog on CentOS: A Step-by-Step Guide

8 months ago

Graylog is a powerful open-source log management solution that easily collects, analyzes, and monitors log data. This guide will walk you through the installation of Graylog on CentOS. Before starting, make sure you have root or sudo privileges on your CentOS server.

Prerequisites

  1. CentOS 7 or 8: Graylog works well on both CentOS 7 and 8.
  2. Java (OpenJDK): Graylog requires Java to run.
  3. MongoDB: Graylog uses MongoDB to store data.
  4. Elasticsearch: Graylog needs Elasticsearch to index and search log data.

Step 1: Update the System

Before starting, it’s a good idea to update your system packages to the latest versions.

Bash
sudo yum update -y

Step 2: Install Java

Graylog requires Java to run. We’ll install OpenJDK 11.

Bash
sudo yum install java-11-openjdk-devel -y

Verify the Java installation:

Bash
java -version

Step 3: Install and Configure MongoDB

MongoDB is required by Graylog to store its configuration data.

  1. First, create a MongoDB repository file:
Bash
sudo vi /etc/yum.repos.d/mongodb-org.repo
  1. Add the following content to the file:
INI
[mongodb-org-4.4]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.4/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.4.asc
  1. Install MongoDB:
Bash
sudo yum install -y mongodb-org
  1. Start and enable MongoDB:
Bash
sudo systemctl start mongod
sudo systemctl enable mongod

Step 4: Install and Configure Elasticsearch

Graylog uses Elasticsearch to store log data, so you need to install it.

  1. Download the Elasticsearch repository:
Bash
sudo vi /etc/yum.repos.d/elasticsearch.repo
  1. Add the following content:
INI
[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
  1. Install Elasticsearch:
Bash
sudo yum install elasticsearch -y
  1. Open the Elasticsearch configuration file:
Bash
sudo vi /etc/elasticsearch/elasticsearch.yml

Uncomment the following lines and set them as follows:

YAML
cluster.name: graylog
network.host: 127.0.0.1
  1. Start and enable Elasticsearch:
Bash
sudo systemctl start elasticsearch
sudo systemctl enable elasticsearch

Step 5: Install and Configure Graylog

  1. First, download and install the Graylog repository:
Bash
sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-4.3-repository_latest.rpm
  1. Install Graylog:
Bash
sudo yum install graylog-server -y
  1. Configure Graylog by editing the configuration file:
Bash
sudo vi /etc/graylog/server/server.conf

Set a password secret and a hashed password for the admin user. You can generate the password secret using the following command:

Bash
pwgen -N 1 -s 96

Place this generated string in the password_secret field.

You can also generate an admin password hash:

Bash
echo -n yourpassword | sha256sum

Add this hash to the root_password_sha2 field.

Set the rest_listen_uri and web_listen_uri fields to the server’s IP or localhost, depending on your setup.

Step 6: Start and Enable Graylog

  1. Start the Graylog service:
Bash
sudo systemctl start graylog-server
  1. Enable Graylog to start on boot:
Bash
sudo systemctl enable graylog-server

Step 7: Access the Graylog Web Interface

Once Graylog is up and running, you can access the web interface by going to http://your-server-ip:9000 in your web browser. Use the admin username and the password you set earlier to log in.

You have successfully installed Graylog on CentOS. You can begin configuring inputs to collect logs from various sources and start analyzing your data!

Tags:
Shares: