For this install, I am installing on my own host on VirtualBox with CentOS7. Inspiration for this install was taken from the official graylog docs here Make sure that you install guest additions:
sudo yum install kernel-devel gcc make perl sudo yum install kernel-headers sudo reboot
Check network connectivity
nmtui
sudo yum install epel-release sudo yum update
sudo nano /etc/selinux/config SELINUX=disabled
sudo yum install java-1.8.0-openjdk-headless.x86_64 pwgen
sudo nano /etc/yum.repos.d/mongodb.org.repo [mongodb-org-4.2] name=MongoDB Repository baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.2/x86_64/ gpgcheck=1 enabled=1 gpgkey=https://www.mongodb.org/static/pgp/server-4.2.asc
sudo yum install mongodb-org
sudo systemctl daemon-reload sudo systemctl enable mongod.service sudo systemctl start mongod.service
sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
sudo nano /etc/yum.repos.d/elasticsearch.repo [elasticsearch-6.x] name=Elasticsearch repository for 6.x packages baseurl=https://artifacts.elastic.co/packages/oss-6.x/yum gpgcheck=1 gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch enabled=1 autorefresh=1 type=rpm-md
sudo yum install elasticsearch-oss
sudo chmod -R 755 /etc/elastricsearch
sudo nano /etc/elasticsearch/elasticsearch.yml
sudo systemctl daemon-reload sudo systemctl enable elasticsearch.service sudo systemctl restart elasticsearch.service
sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-3.1-repository_latest.rpm
sudo yum install graylog-server graylog-enterprise-plugins graylog-integrations-plugins graylog-enterprise-integrations-plugins
sudo nano /etc/graylog/server/server.conf root_username = admin
In new terminal run:
pwgen -N 1 -s 96
Output: L8MvVDKYyqJMdgzTknFEJDQbNi5EtGTmHxV5YqmSTghW2RRV4XrWGXz2R71Xy9WsWdkB3AquVCDNDJ52Bf4BhEUD6ao5T3Mj
Copy this into password_secret of /etc/graylog/server/server.conf
Next, create a sha256 sum for your root users password:
echo -n cheekyweenandos | sha256sum
Output: 29b2a3ef07b9b8c6c800542a9f13c3cbae3e9ce865d922d787653cf5728fcbbe
Copy and paste this into the root_password_sha2 entry of /etc/gray/log/server/server.conf
Next, still in /etc/graylog/server/server.conf. edit the IP address to reach your machine:
Following this, find elasticsearch_shards and change to these settings:
elasticsearch_shards = 1 elasticsearch_replicas = 0
sudo systemctl daemon-reload sudo systemctl enable graylog-server sudo systemctl restart graylog-server sudo systemctl enable graylog-server
Next, add firewall rules to allow browsing to the web interface:
sudo firewall-cmd --permanent --add-port=9000/tcp sudo firewall-cmd --reload
Then go to the IP set in /etc/graylog/server/server.conf e.g:
http://10.0.2.15:9000
Use your sha256sum password with the admin username, in my case, ‘cheekyweenandos’
You now have a successfully installed Graylog server!