Installing Graylog on CentOS 7

For this install, I am installing on my own host on VirtualBox with CentOS7.  Inspiration for this install was taken from the official graylog docs here Make sure that you install guest additions:

sudo yum install kernel-devel gcc make perl

sudo yum install kernel-headers

sudo reboot

 

Check network connectivity

nmtui
sudo yum install epel-release

sudo yum update
sudo nano /etc/selinux/config

SELINUX=disabled
sudo yum install java-1.8.0-openjdk-headless.x86_64 pwgen
sudo nano /etc/yum.repos.d/mongodb.org.repo

[mongodb-org-4.2]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.2.asc

 

sudo yum install mongodb-org

sudo systemctl daemon-reload
sudo systemctl enable mongod.service
sudo systemctl start mongod.service

 

sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
sudo nano /etc/yum.repos.d/elasticsearch.repo

[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/oss-6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
sudo yum install elasticsearch-oss
sudo chmod -R 755 /etc/elastricsearch
sudo nano /etc/elasticsearch/elasticsearch.yml

sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service
sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-3.1-repository_latest.rpm
sudo yum install graylog-server graylog-enterprise-plugins graylog-integrations-plugins graylog-enterprise-integrations-plugins
sudo nano /etc/graylog/server/server.conf

root_username = admin

In new terminal run:

pwgen -N 1 -s 96
Output:
L8MvVDKYyqJMdgzTknFEJDQbNi5EtGTmHxV5YqmSTghW2RRV4XrWGXz2R71Xy9WsWdkB3AquVCDNDJ52Bf4BhEUD6ao5T3Mj

Copy this into password_secret of /etc/graylog/server/server.conf

Next, create a sha256 sum for your root users password:

echo -n cheekyweenandos | sha256sum
Output:
29b2a3ef07b9b8c6c800542a9f13c3cbae3e9ce865d922d787653cf5728fcbbe

 

Copy and paste this into the root_password_sha2 entry of /etc/gray/log/server/server.conf

Next, still in /etc/graylog/server/server.conf. edit the IP address to reach your machine:

Following this, find elasticsearch_shards and change to these settings:

elasticsearch_shards = 1

elasticsearch_replicas = 0

 

sudo systemctl daemon-reload
sudo systemctl enable graylog-server
sudo systemctl restart graylog-server
sudo systemctl enable graylog-server

Next, add firewall rules to allow browsing to the web interface:

sudo firewall-cmd --permanent --add-port=9000/tcp
sudo firewall-cmd --reload

 

Then go to the IP set in /etc/graylog/server/server.conf e.g:

http://10.0.2.15:9000

 

Use your sha256sum password with the admin username, in my case, ‘cheekyweenandos’

 

 

You now have a successfully installed Graylog server!

 

Leave a Comment

Your email address will not be published. Required fields are marked *