Scribd
Upload
154 views3 pages

Graylog Setup Guide for CentOS Users

This document provides installation instructions for Graylog in 3 main steps: 1. Install prerequisites including Java, MongoDB, and Elasticsearch. 2. Install Graylog using RPM and configure settings such as the server IP and passwords. 3. Start the Graylog service and access the web UI on port 9000.

Uploaded by

hirland noer
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
154 views3 pages

Graylog Setup Guide for CentOS Users

This document provides installation instructions for Graylog in 3 main steps: 1. Install prerequisites including Java, MongoDB, and Elasticsearch. 2. Install Graylog using RPM and configure settings such as the server IP and passwords. 3. Start the Graylog service and access the web UI on port 9000.

Uploaded by

hirland noer
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

GRAYLOG

Installation and deployment reference guide for CENTOS :

https://docs.graylog.org/v1/docs/centos

1. Install Java

yum -y update
yum install java-1.8.0-openjdk

and then set java environtment

2. Install MongoDB :

First add the repository file /etc/yum.repos.d/mongodb-org.repo with the following contents:

[mongodb-org-4.2]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.2.asc

and then install mongoDB

sudo yum install mongodb-org.

start the service :

sudo systemctl daemon-reload


sudo systemctl enable mongod.service
sudo systemctl start mongod.service
sudo systemctl --type=service --state=active | grep mongod
3. Install Elasticsearch :

Run this command :

 rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

then add repository file /etc/yum.repos.d/elasticsearch.repo with the following content :

[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/oss-7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

Install Elasticsearch :

sudo yum install elasticsearch-oss.

4. Modify the Elasticsearch configuration file /etc/elasticsearch/elasticsearch.yml and set


the cluster name to graylog and uncomment action.auto_create_index: false to enable
the action:

sudo tee -a /etc/elasticsearch/elasticsearch.yml > /dev/null <<EOT


cluster.name: graylog
action.auto_create_index: false
EOT

Start the service :

sudo systemctl daemon-reload


sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service
sudo systemctl --type=service --state=active | grep elasticsearch

5. Install Graylog with the following command :

sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-4.2-repository_latest.rpm

sudo yum install graylog-server graylog-enterprise-plugins graylog-integrations-plugins graylog-


enterprise-integrations-plugins
6. Read the instructions within the configurations file and edit as needed, located
at /etc/graylog/server/server.conf

Set the IP Adrress of the Graylog Server

Additionally add password_secret and root_password_sha2 as these are mandatory


and Graylog will not start without them.

To create your root_password_sha2 run the following command:

echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1

7. Start Graylog service :

sudo systemctl daemon-reload


sudo systemctl enable graylog-server.service
sudo systemctl start graylog-server.service
sudo systemctl --type=service --state=active | grep graylog

8. Access Graylog via web browser at http://GraylogserverIP:9000/

You might also like