How to Install Graylog with Elasticsearch on CentOS 8

 

This information takes you thru the set up of Graylog with Elasticsearch 7.x on CentOS 8. Graylog is an opensource log administration resolution that was based in 2009 for capturing and centralizing real-time logs from varied gadgets in a community. It’s an ideal software for analyzing essential logs reminiscent of SSH logins, breaches or any fishy or uncommon incidents which can level to a system breach. With real-time logging functionality, it comes throughout as excellent cybersecurity software that operation groups can use to mitigate small points earlier than they snowball into large threats.

Graylog is made up of three essential elements:

  • Elasticsearch: That is an opensource analytics engine that indexes knowledge obtained from the Graylog server.
  • MongoDB: That is an opensource NoSQL database that shops meta data and configurations.
  • Graylog server: This passes logs and supplies an online interface the place logs are visualized.

With that abstract, we’re going to straight away set up Graylog on CentOS 8.

Stipulations for Graylog server

As you get began, guarantee your CentOS Eight occasion meets the next necessities:

  • 2 CPUs
  • Four GB RAM
  • Quick and secure web connection

Step 1) Set up Java Eight with dnf command

Elasticsearch is constructed on Java and thus, we have to set up Java and extra particularly Java Eight earlier than the rest. You have got the choice of putting in OpenJDK or Oracle Java. On this information, we’re putting in OpenJDK 8.

$ sudo dnf set up -y java-1.8.0-openjdk java-1.8.0-openjdk-devel

To verify the model of Java put in, run:

$ java -version

Step 2) Set up Elasticsearch 7.x

We’re going to set up the most recent model of Elasticsearch which by the point of penning down this information, is Elasticsearch 7.9.2. Elasticsearch isn’t obtainable on CentOS Eight repositories, and so we’ll create an area repository. However first, let’s import the GPG key as proven.

$ sudo rpm –import https://artifacts.elastic.co/GPG-KEY-elasticsearch

Utilizing your textual content editor, create a brand new repository file as proven:

$ sudo vi /and many others/yum.repos.d/elasticsearch.repo

Paste the content material proven beneath

[elasticsearch-7.x] identify=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
sort=rpm-md

Save and exit the configuration file. To put in Elasticsearch, run the command:

$ sudo dnf set up -y elasticsearch

Install-elasticsearch-centos8Install-elasticsearch-centos8

As soon as the set up is full, notify systemd and allow Elasticsearch.

$ sudo systemctl daemon-reload
$ sudo systemctl allow elasticsearch

We have to make Elasticsearch work with Graylog and due to this fact, we’ll replace the cluster identify to ‘graylog’ as proven:

$ sudo vi /and many others/elasticsearch/elasticsearch.yml
………
cluster.identify:  graylog
………

Save & exit the file and restart elasticsearch for the modifications to take impact.

$ sudo systemctl restart elasticsearch

To confirm that Elasticsearch is working, we’ll ship a HTTP request by way of port 9200 as proven.

$ curl -X GET “localhost:9200/”

It’s best to get the output as proven beneath.

Elasticsearch-Status-CentOS8Elasticsearch-Status-CentOS8

Step 3) Set up MongoDB 4

To put in MongoDB, create an area repository file

$ sudo vi /and many others/yum.repos.d/mongodb-org-4.repo

Paste the configuration proven beneath

[mongodb-org-4] identify=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.2.asc

Save and exit after which set up MongoDB utilizing the command proven.

$ sudo dnf set up -y mongodb-org

As soon as MongoDB is put in then begin MongoDB and ensure its standing as proven

$ sudo systemctl begin mongod
$ sudo systemctl allow mongod
$ sudo systemctl standing mongod

MongoDB-Service-Status-CentOS8MongoDB-Service-Status-CentOS8

Good, above output confirms that mongodb service is began efficiently and working superb.

Step 4) Set up and configure Graylog server

To put in the Graylog server, first start by putting in the Graylog repository as proven:

$ sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-3.3-repository_latest.rpm

As soon as the repository is added, set up the Graylog server as proven.

$ sudo dnf set up -y graylog-server

Install-Graylog-Server-with-dnf-CentOS8Install-Graylog-Server-with-dnf-CentOS8

Upon profitable set up, you possibly can verify extra particulars in regards to the Graylog server by working:

$ rpm -qi graylog-server

Graylog-Server-RPM-Info-CentOS8Graylog-Server-RPM-Info-CentOS8

Let’s now make a number of configurations. First, we’ll generate a secret password that can be handed within the password_secret directive within the /and many others/graylog/server/server.conf configuration file. To do that we’ll generate a random password utilizing a random password generator referred to as pwgen. To put in it, first we have to allow EPEL repository for CentOS 8.

$ sudo dnf set up -y epel-release
$ sudo dnf set up -y pwgen

As soon as put in, you possibly can generate a random password utilizing the command.

$ sudo pwgen -N 1 -s 96

Output of command could be appear like beneath:

[[email protected] ~]$ sudo pwgen -N 1 -s 96
EtUtR16i9xwRsGbXROMFhSazZ3PvNe1tYui8wM5Q7h1UiXY0RTDdGygkhuDEJi9fpGwwXhMbYjcv9aFLh9DNF15JPBnMD0ne
[[email protected] ~]$

Copy the encrypted password and reserve it someplace, ideally on a textual content editor. You will have this some other place.

Subsequent, generate a password for the root_password_sha2 attribute as proven.

$ echo -n [email protected]@123# | sha256sum

Output could be,

[[email protected] ~]$ echo -n [email protected]@123# | sha256sum
a8f1a91ef8c534d678c82841a6a88fa01d12c2d184e641458b6bec67eafc0f7c  –
[[email protected] ~]$

As soon as once more, save this encrypted password someplace. Now open Graylog’s configuration file.

$ sudo vi /and many others/graylog/server/server.conf

Find the password_secret and root_password_sha2 attributes and paste the corresponding encrypted passwords.

password-secret-root-password-graylog-centos8password-secret-root-password-graylog-centos8

Subsequent, uncomment the http_bind_address attribute and enter your server’s IP.

http-bind-address-graylog-centos8http-bind-address-graylog-centos8

Reload systemd, begin and allow Graylog.

$ sudo systemctl daemon-reload
$ sudo systemctl begin graylog-server
$ sudo systemctl allow graylog-server

Run following command to confirm the Graylog service standing:

$ sudo systemctl standing graylog-server

Graylog-Service-Status-CentOS8Graylog-Service-Status-CentOS8

You can even confirm the graylog service standing utilizing its log file “/var/log/graylog-server/server.log”

Permit Graylog Server in firewall:

In case firewall is enabled and working then permit 9000 tcp port utilizing beneath instructions,

$ sudo firewall-cmd –permanent –add-port=9000/tcp
$ sudo firewall-cmd –reload

To entry Graylog on a browser, browse your server’s IP handle as proven:

http://server-IP:9000

You’ll want to log in with the username admin and the password that your set for the basis consumer as specified within the configuration file.

Graylog-Login-Page-CentOS8Graylog-Login-Page-CentOS8

Graylog-Dashboard-CentOS8Graylog-Dashboard-CentOS8

This wraps up our matter for in the present day. We’ve taken you a step-by-step process of putting in Graylog on CentOS 8. Please do share your suggestions and feedback.

pwgen command not found centos,graylog configuration centos 7,redhat graylog,fedora graylog,graylog latest version,how to upgrade graylog,mongodb on rhel 8,graylog server configuration,graylog installation,graylog architecture,graylog tutorial for beginners,install graylog centos 7,install pwgen centos 8,graylog install,install mongodb centos 8,graylog on centos 8,graylog download

You May Also Like