Graylog 2.3.x How to install on Centos7 with Syslog input

Graylog 2.3.x How to install on Centos7 with Syslog input

 

yum install java-1.8.0-openjdk-headless.x86_64

 

  • MongoDB Install

make file for mongodb repo

vi /etc/yum.repos.d/mongodb-org-3.2.repo

mongodb-org-3.2.repo

[mongodb-org-3.2]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.2.asc

install mongodb

yum install mongodb-org
#insert Service base
chkconfig --add mongod
systemctl daemon-reload
systemctl enable mongod.service
systemctl start mongod.service

 

  • ElasticSearch Install

make file for elasticsearch repo

rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
vi /etc/yum.repos.d/elasticsearch.repo

elasticsearch.repo

[elasticsearch-2.x]
name=Elasticsearch repository for 2.x packages
baseurl=https://packages.elastic.co/elasticsearch/2.x/centos
gpgcheck=1
gpgkey=https://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1

install elasticsearch

yum install elasticsearch

edit elasticsearch configuration file

vi /etc/elasticsearch/elasticsearch.yml

cluster.name: graylog


#insert Service base 
chkconfig --add elasticsearch 
systemctl daemon-reload 
systemctl enable elasticsearch.service 
systemctl restart elasticsearch.service

 

  • Graylog Install

make file for graylog repo

rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-2.3-repository_latest.rpm

install graylog

yum install graylog-server

make password

echo -n yourpassword | sha256sum

edit graylog configuration file

vi /etc/graylog/server/server.conf

password_secret = yourpassword_hash
root_password_sha2 = yourpassword_hash

web_listen_uri = http://youripaddress:9000/
rest_listen_uri = http://youripaddress:9000/api

insert service base

chkconfig --add graylog-server
systemctl daemon-reload
systemctl enable graylog-server.service
systemctl start graylog-server.service

 

firewall open

firewall-cmd --permanent --zone=public --add-port=9000/tcp

Now you can see webbrowser. http://youripaddress:9000

 

 

  • Centering log collecting

Make Syslog Input Listener on Syslog : listen port is UDP 10514

Graylog 2.3.x How to install on Centos7 with Syslog input

 

Enable listen to rsyslog by rsyslog.conf

 

vi /etc/rsyslog.conf

 

enable to $ModLoad imudp and $UDPServerRun 514

 

Syslog messages will forward enable Like this

*.* @127.0.0.1:10514;RSYSLOG_SyslogProtocol23Format

 

Finally, firewall open udp 514 port

firewall-cmd --permanent --zone=public --add-port=514/udp
firewall-com --reload

Facebook Comments

Leave A Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.