How to Install Graylog with Elasticsearch on CentOS 8
Graylog is an open-source log management system that provides alerts and logs history, and search systems using Elasticsearch as the main index database from multiple log sources. Graylog is a log management solution for collecting, storing, indexing, and analyzing real-time data from applications with an intuitive UI, fast and powerful search feature, alerting, and reporting.
Requirement
- Java
- Elastic Search
- Mongo DB
Update System
sudo dnf update
Install EPEL Repository
sudo dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
Install Java
Java 8 is pre-requisite for Elasticsearch
sudo dnf install java-11-openjdk java-11-openjdk-devel
Check Java version
$ java -version
openjdk version "11.0.15" 2022-04-19 LTS
OpenJDK Runtime Environment 18.9 (build 11.0.15+9-LTS)
OpenJDK 64-Bit Server VM 18.9 (build 11.0.15+9-LTS, mixed mode, sharing)
SELinux Configuration
sudo dnf -y install curl vim policycoreutils policycoreutils-python-utils python3-policycoreutils
sudo setsebool -P httpd_can_network_connect 1
sudo semanage port -a -t http_port_t -p tcp 9000
sudo semanage port -a -t http_port_t -p tcp 9200
sudo semanage port -a -t mongod_port_t -p tcp 27017
Install Elasticsearch
For installing Elasticsearch, the Elasticsearch repository needs to install with the below commands.
sudo vim /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/oss-7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
Install the Elasticsearch and its dependencies.
sudo dnf -y install elasticsearch-oss
Configure Elasticsearch for Graylog
Modify the Elasticsearch configuration file and set the cluster name to graylog.
Uncomment the line (remove the # as first character) cluster.name: my-application
and set it to cluster.name: graylog
. Add action.auto_create_index: false
to the configuration file
Elastic configuration file: /etc/elasticsearch/elasticsearch.yml
$ sudo vim /etc/elasticsearch/elasticsearch.yml
cluster.name: graylog
action.auto_create_index: false
Start and enable the Elasticsearch services at boot time.
sudo systemctl daemon-reload
sudo systemctl start elasticsearch
sudo systemctl enable elasticsearch
Install MongoDB
MongoDB is used to store Graylog-related configurations. For installing MongoDB, the respective repository needs to install with the below commands.
sudo vim /etc/yum.repos.d/mongodb-org-4.repo
[mongodb-org-4]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.4.asc
Install MongoDB and its dependencies.
sudo dnf -y install mongodb-org
Start and enable the Elasticsearch services at boot time.
sudo systemctl start mongod
sudo systemctl enable mongod
Install Graylog
Install Graylog repository.
sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-4.2-repository_latest.rpm
Install Graylog and its dependencies.
sudo dnf -y install graylog-server
Generate root_password_sha2 & password_secret variables and add under /etc/graylog/server/server.conf configuration file.
Below command will generate root_password_sha2
value.
echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
14c8c4ea3ef197b1ea44b3c2a27976e03491745b718td9d547da255dbd2d76gc
Uncomment the line (remove the # as first character) root_username = admin
and set the generated value in root_password_sha2
.
In below we have used the generated value of <SHA2Password>. Use your own SHA password generated with above command.
$ sudo vim /etc/graylog/server/server.conf
root_username = admin
root_password_sha2 = 14c8c4ea3ef197b1ea44b3c2a27976e03491745b718td9d547da255dbd2d76gc
Below command will generate password_secret
value.
$ sudo dnf -y install pwgen
$ pwgen -N 1 -s 96
x97hMk5iMTN470Q2eYwGOjiqgW2vNUZ3MX7Zb7h7aMLP1E4zGlNLcTY46jULierObsZYYwnGIzBrGUL7S7e1lJzlZvFgYPph
Set password_secret.
$ sudo vim /etc/graylog/server/server.conf
password_secret = x97hMk5iMTN470Q2eYwGOjiqgW2vNUZ3MX7Zb7h7aMLP1E4zGlNKcFV46jULierObsZYYwnGIzBrGUL7S7e1lJzlZvFgYPph
To connect Graylog, set http_bind_address
to the public host name or a public IP address of the machine under /etc/graylog/server/server.conf.
$ sudo vim /etc/graylog/server/server.conf
http_bind_address = 0.0.0.0:9000
Allow http and other ports access from Firewall
sudo firewall-cmd --add-port={9000/tcp,80/tcp,514/udp} --permanent
sudo firewall-cmd --reload
Open browser and navigate to http://<server-ip>:9000
example- http://10.0.0.10:9000

Login with username admin and password configured at graylog server.conf file.
