How To Install Graylog on CentOS 7

Graylog is a free and open source powerful centralized log management tool based on Elasticsearch and MongoDB. Graylog helps you to collect, index and analyze any machine logs centrally.

Table of Contents

Step 1. First let’s start by ensuring your system is up-to-date.

Step 2. Installing Java.

Step 3. Installing MongoDB.

Step 4. Installing Elasticsearch.

Step 5. Configuring Elasticsearch.

Step 6. Installing Graylog.

Step 7. Accessing Graylog.

Prerequisites

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo’ to the commands to get root privileges. I will show you through the step by step installation Graylog on a CentOS 7 server.
Install Graylog on CentOS 7

Step 1. First let’s start by ensuring your system is up-to-date.

yum clean all
yum -y update

Step 2. Installing Java.

Now you will need to install JAVA, run the following command to download the RPM package using the following command:

wget --no-cookies --no-check-certificate --header "Cookie:oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/8u91-b14/jdk-8u91-linux-x64.rpm"

Once you have downloaded the RPM file, you can install the package using following command:

yum localinstall jdk-8u91-linux-x64.rpm

Check if it is successfully installed with the following command:

java -version

Step 3. Installing MongoDB.

MongoDB is not available in the default CentOS repository. You will need to add the MongoDB repo first:

nano /etc/yum.repos.d/mongodb.repo

Add the following contents:

[mongodb]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.2.asc

Install MongoDB by running the following command:

yum install mongodb-org -y

Start the MongoDB service and enable it to start on boot with the following command:

systemctl enable mongod.service
systemctl start mongod.service

Step 4. Installing Elasticsearch.

In order to install Elasticsearch using the official repository, we have to download and install the public signing key:

rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch

Create and add the following in your /etc/yum.repos.d/ director:

nano /etc/yum.repos.d/elasticsearch.repo

Add the following contents:

[elasticsearch-2.x]
name=Elasticsearch repository for 2.x packages
baseurl=https://packages.elastic.co/elasticsearch/2.x/centos
gpgcheck=1
gpgkey=https://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1

Now, install Elasticsearch using the follwing command:

yum install elasticsearch -y

Start the elasticsearch service and enable it to start on boot time with the following command:

systemctl enable elasticsearch.service
systemctl start elasticsearch.service

Step 5. Configuring Elasticsearch.

First, open up the Elasticsearch configuration file:

nano /etc/elasticsearch/elasticsearch.yml

Change the file as shown below:

cluster.name: graylog

Let’s prevent possible remote code executions. Add the following lines:

script.inline: false
script.indexed: false
script.file: false

Restart the elasticsearch service:

systemctl restart elasticsearch.service

Check the health of the Elasticsearch with the following command:

curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'

Step 6. Installing Graylog.

We need to download and install the Graylog repository using the following command:

rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-2.2-repository_latest.rpm

Install Graylog server using yum:

yum install graylog-server -y

After you have installed the Graylog Server, you have to generate secret key for Graylog using the following command:

### pwgen -N 1 -s 96 
MTtPFSMZxAvoLsUiXXauggyJ761hwkGn1ZTN2ovb8wN2tO1LzyeNbaatOrpLukp96p0MxwHQosmMGPbmw46ojnnSORVvr2

Now create a hash password for the root user that can be used to log in to the Graylog web server using the following command:

### echo -n Password | sha256sum
e7cf3ef4f17c3999a94f2c6f612e8bmwe46b1026878e4e19398b23bd38ec221a
1
2
	
### echo -n Password | sha256sum
e7cf3ef4f17c3999a94f2c6f612e8bmwe46b1026878e4e19398b23bd38ec221a

Edit the server.conf file:

nano /etc/graylog/server/server.conf

Make changes to the file as shown below:

password_secret= MTtPFSMZxAvoLsUiXXauggyJ761hwkGn1ZTN2ovb8wN2tO1LzyeNbaatOrpLukp96p0MxwHQosmMGPborm1YRojnnSORVvr2
root_password_sha2= e7cf3ef4f17c3999a94f2c6f612e8a888e5b10268bmwe4619398b23bd38ec221a
[email protected]
root_timezone=UTC
elasticsearch_discovery_zen_ping_unicast_hosts = ipaddress:9300
elasticsearch_shards=1
script.inline: false
script.indexed: false
script.file: false

To enable the Graylog web interface, make changes to the file as shown below:

rest_listen_uri = http://your-server-ip:12900/
web_listen_uri = http://your-server-ip:9000/

After you have modified the configuration file, you can start Graylog Service using the following commands:

systemctl enable graylog-server.service
systemctl start graylog-server.service

Step 7. Accessing Graylog.

Graylog will be available on HTTP port 8080 by default. Open your favorite browser and navigate to http://yourdomain.com:9000 or http://server-ip:9000 and complete the required the steps to finish the installation.
Installing-Graylog-LoginScreen
Congratulation’s! You have successfully installed Graylog. Thanks for using this tutorial for installing Graylog in CentOS 7 system. For additional help or useful information, we recommend you to check the official Graylog web site.

Leave a Reply