{"id":3072,"date":"2019-05-25T18:32:58","date_gmt":"2019-05-25T15:32:58","guid":{"rendered":"https:\/\/kifarunix.com\/?p=3072"},"modified":"2019-05-31T13:41:25","modified_gmt":"2019-05-31T10:41:25","slug":"install-graylog-3-0-on-centos-7","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-graylog-3-0-on-centos-7\/","title":{"rendered":"Install Graylog 3.0 on CentOS 7"},"content":{"rendered":"\n<p>Hello there. Today we are going to learn how to install Graylog 3.0 on CentOS 7. <a rel=\"noreferrer noopener\" aria-label=\"Graylog (opens in a new tab)\" href=\"https:\/\/www.graylog.org\/about\" target=\"_blank\">Graylog<\/a> is a leading open-source log management tool that provides real time collection, storage, analysis and enrichment of machine data. It makes it easy to search, explore and visualize on the analysed data.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Installing Graylog 3.0 on CentOS 7<\/h2>\n\n\n\n<p>This guide focuses on the minimal installation of Graylog 3.0 on CentOS 7. In order to get Graylog up and running, there are other components that needs to be installed along with it namely, MongoDB and Elasticsearch where;<\/p>\n\n\n\n<p><strong>MongoDB<\/strong> &#8211; Graylog uses MongoDB to store configuration metadata such as such as user information or stream configurations.<\/p>\n\n\n\n<p><strong>Elasticsearch<\/strong> &#8211; Is a search analytics engine that provides Graylog with a central log data storage. You can search any kind of document from Elasticsearch<\/p>\n\n\n\n<p>While installing Graylog on CentOS 7, both MongoDB and Elasticsearch should be the first components to be installed before Graylog installation.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Disabling SELinux<\/h4>\n\n\n\n<p>While I do not recommend disabling SELinux, since this guide is for demonstration purposes, SELinux is disabled. Note that a reboot is required to effect the changes.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sed -i 's\/=enforcing\/=disabled\/g' \/etc\/selinux\/config\nsystemctl reboot<\/code><\/pre>\n\n\n\n<p>According to Graylog, if you are using SELinux, consider doing the following;<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Allow the web server to access the network:<br><code>sudo&nbsp;setsebool&nbsp;-P&nbsp;httpd_can_network_connect&nbsp;1<\/code><\/li><li>To allow access to each port individually:<ul><li>Graylog REST API and web interface:<br><code>sudo&nbsp;semanage&nbsp;port&nbsp;-a&nbsp;-t&nbsp;http_port_t&nbsp;-p&nbsp;tcp&nbsp;9000<\/code><\/li><li>Elasticsearch (only if the HTTP API is being used):<br><code>sudo&nbsp;semanage&nbsp;port&nbsp;-a&nbsp;-t&nbsp;http_port_t&nbsp;-p&nbsp;tcp&nbsp;9200<\/code><\/li><\/ul><\/li><li>Allow using MongoDB\u2019s default port (27017\/tcp):<br><code>sudo&nbsp;semanage&nbsp;port&nbsp;-a&nbsp;-t&nbsp;mongod_port_t&nbsp;-p&nbsp;tcp&nbsp;27017<\/code><\/li><\/ul>\n\n\n\n<p>Ensure that you have the <strong>policycoreutils-python<\/strong> package installed to manage SELinux.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>yum install policycoreutils-python<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Install MongoDB 4.0 on CentOS 7<\/h3>\n\n\n\n<p>As stated above, Graylog uses MongoDB for storing configuration metadata. You can check the instructions for installation of MongoDB 4 on CentOS 7 in our previous guide by following the link below;<\/p>\n\n\n\n<p><a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/kifarunix.com\/install-mongodb-4-on-fedora-30-29-centos-7\/\" target=\"_blank\">Install MongoDB 4 on Fedora 30\/29\/CentOS 7<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Install Elasticsearch 6.x on CentOS 7<\/h3>\n\n\n\n<p>Graylog doesn&#8217;t work with Elasticsearch 7.x yet. Hence you need to install Elasticsearch 6.x. <\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Install Java 8 on CentOS 7<\/h4>\n\n\n\n<p>Elasticsearch is built using Java, and requires at least&nbsp;Java 8&nbsp;in order to run. Hence, before you can install Elasticsearch, you need to install Java 8.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>yum install java-1.8.0-openjdk-headless<\/code><\/pre>\n\n\n\n<p>You can verify Java Version using the <strong>java -version<\/strong> command.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>java -version\nopenjdk version \"1.8.0_212\"\nOpenJDK Runtime Environment (build 1.8.0_212-b04)\nOpenJDK 64-Bit Server VM (build 25.212-b04, mixed mode)<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li><a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/kifarunix.com\/install-oracle-java-12-on-centos-7-fedora-29\/\" target=\"_blank\">Install Oracle Java 12 on CentOS 7\/Fedora 29<\/a><\/li><li><a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/kifarunix.com\/install-oracle-java-11-on-fedora-29-centos-7\/\" target=\"_blank\">Install Oracle Java 11 on Fedora 29\/CentOS 7<\/a><\/li><\/ul>\n\n\n\n<h4 class=\"wp-block-heading\">Install Elasticsearch 6.x on CentOS 7<\/h4>\n\n\n\n<p>To install Elasticsearch 6.x from RPM repository, you need to create the repository as shown below;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cat > \/etc\/yum.repos.d\/elasticsearc-6.repo &lt;&lt; EOL\n[elasticsearch-6.x]\nname=Elasticsearch repository for 6.x packages\nbaseurl=https:\/\/artifacts.elastic.co\/packages\/6.x\/yum\ngpgcheck=1\ngpgkey=https:\/\/artifacts.elastic.co\/GPG-KEY-elasticsearch\nenabled=1\nautorefresh=1\ntype=rpm-md\nEOL<\/code><\/pre>\n\n\n\n<p>Import Elasticsearch PGP repo signing key.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>rpm --import https:\/\/artifacts.elastic.co\/GPG-KEY-elasticsearch<\/code><\/pre>\n\n\n\n<p>Install Elasticsearch 6.x<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>yum install elasticsearch<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Configure Elasticsearch<\/h4>\n\n\n\n<p>In its basic configuration, Graylog requires that the Elasticsearch cluster name be set to <strong>graylog<\/strong>. Hence, edit Elasticsearch configuration file, <strong>\/etc\/elasticsearch\/elasticsearch.yml<\/strong>.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>vim \/etc\/elasticsearch\/elasticsearch.yml<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>...\n# ---------------------------------- Cluster -----------------------------------\n#\n# Use a descriptive name for your cluster:\n#\n#cluster.name: my-application\ncluster.name: graylog\n#\n...<\/code><\/pre>\n\n\n\n<p>Once that is done, restart Elasticsearch and enable it to run on system boot.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sudo systemctl daemon-reload\nsystemctl restart elasticsearch\nsystemctl enable  elasticsearch<\/code><\/pre>\n\n\n\n<p>To verify that all is well with Elasticsearch, run the command below after it has fully started.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>curl -X GET http:\/\/localhost:9200\n{\n  \"name\" : \"x55YNL_\",\n  \"cluster_name\" : \"graylog\",\n  \"cluster_uuid\" : \"CQBqPDoCRKW7tt955kq5Uw\",\n  \"version\" : {\n    \"number\" : \"6.8.0\",\n    \"build_flavor\" : \"default\",\n    \"build_type\" : \"rpm\",\n    \"build_hash\" : \"65b6179\",\n    \"build_date\" : \"2019-05-15T20:06:13.172855Z\",\n    \"build_snapshot\" : false,\n    \"lucene_version\" : \"7.7.0\",\n    \"minimum_wire_compatibility_version\" : \"5.6.0\",\n    \"minimum_index_compatibility_version\" : \"5.0.0\"\n  },\n  \"tagline\" : \"You Know, for Search\"\n}<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Installing Graylog<\/h3>\n\n\n\n<p>After you have installed both MongoDB and Elasticsearch, proceed to install Graylog.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Add Graylog 3.x RPM repository<\/h4>\n\n\n\n<p>Run the command below to install Graylog 3.0 RPM repository.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>rpm -Uvh https:\/\/packages.graylog2.org\/repo\/packages\/graylog-3.0-repository_latest.rpm<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Install Graylog 3.0<\/h4>\n\n\n\n<p>Next, install Graylog 3.0 server.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>yum install graylog-server<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Configuring Graylog<\/h4>\n\n\n\n<p>Once the installation is done, there are a few basic configurations that needs to be done. These include setting the <strong>password secret<\/strong> and the root user (admin)<strong> password hash<\/strong>.<\/p>\n\n\n\n<p>To generate password secret, you can use the <strong>pwgen<\/strong> random password generator. To install <strong>pwgen<\/strong>, run the command below (For CentOS 7, you need to install EPEL repos, <strong>yum install epel-release<\/strong>).<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>yum install epel-release\nyum install pwgen<\/code><\/pre>\n\n\n\n<p>Next, generate the password secret by running the <strong>pwgen<\/strong> as shown below.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>pwgen -N 1 -s 96\nzYYdkClD9UOgtujYZ5btftmxvl1s3Hd9Q4DbX5TIX8hUYrvBtqEWR0iU1mCETv43TqTdyuEsgC9bENq1RBidWyGP9xZeohnQ<\/code><\/pre>\n\n\n\n<p>To generate admin user password hash;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>echo -n \"<strong>YouStrongPAsswordhere<\/strong>\" | sha256sum | cut -d\" \" -f1\ne7d3685715939842749dd27b38d0ddb9706d4d14a5304ef9eee093780eab5df9<\/code><\/pre>\n\n\n\n<p>Next, open the Graylog server configuration file for editing.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>vim \/etc\/graylog\/server\/server.conf\n...\npassword_secret = zYYdkClD9UOgtujYZ5btftmxvl1s3Hd9Q4DbX5TIX8hUYrvBtqEWR0iU1mCETv43TqTdyuEsgC9bENq1RBidWyGP9xZeohnQ\n...\nroot_password_sha2 = e7d3685715939842749dd27b38d0ddb9706d4d14a5304ef9eee093780eab5df9\n...<\/code><\/pre>\n\n\n\n<p>If you need to publicly access Graylog, set the correct IP address for Graylog server for the <strong>http_bind_address<\/strong> parameter.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Default: 127.0.0.1:9000\n#http_bind_address = 127.0.0.1:9000\nhttp_bind_address = 192.168.43.98:9000\n<\/code><\/pre>\n\n\n\n<p>If you are running a single node Elasticsearch, be sure to set the value for <strong>elasticsearch_shards<\/strong> to 1.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>#elasticsearch_shards = 4\nelasticsearch_shards = 1<\/code><\/pre>\n\n\n\n<p>If firewalld is running, be sure to open TCP port 9200 to allow external access.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>firewall-cmd --add-port=9200\/tcp --permanent\nfirewall-cmd --reload<\/code><\/pre>\n\n\n\n<p>In its basic settings, that is just is about Graylog configuration.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Running Graylog<\/h4>\n\n\n\n<p>Run the commands below to start and enable Graylog server to run on system reboot.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl start graylog-server\nsystemctl enable graylog-server<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Access Graylog Web Interface<\/h4>\n\n\n\n<p>Now that Graylog server is running, you can access it via the browser using the address: <strong>http:\/\/&lt;server-IP&gt;:9000<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2019\/05\/graylog-login.png\"><img loading=\"lazy\" decoding=\"async\" width=\"731\" height=\"371\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2019\/05\/graylog-login.png\" alt=\"install Graylog 3.0 on Fedora 30\/29\/CentOS 7: Graylog login interface\" class=\"wp-image-3077\" title=\"\"><\/a><\/figure>\n\n\n\n<p>Login with username <strong>admin<\/strong> and the password whose hash you generated above. When you login, you will land on Graylog getting started dashboard.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2019\/05\/Graylog-getting-stared-dashboard.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1329\" height=\"535\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2019\/05\/Graylog-getting-stared-dashboard.png\" alt=\"install Graylog 3.0 on Fedora 30\/29\/CentOS 7: Graylog getting started dashboard\" class=\"wp-image-3078\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2019\/05\/Graylog-getting-stared-dashboard.png 1329w, https:\/\/kifarunix.com\/wp-content\/uploads\/2019\/05\/Graylog-getting-stared-dashboard-768x309.png 768w\" sizes=\"(max-width: 1329px) 100vw, 1329px\" \/><\/a><\/figure>\n\n\n\n<p>That is it on how to install Graylog 3.0 on CentOS 7. In our next guide covers how ingest Squid access logs into Graylog for analysis. See the link below. Enjoy.<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/monitor-squid-access-logs-with-graylog-server\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">Monitor Squid Access Logs with Graylog Server<\/a><\/p>\n\n\n\n<p><strong>Reference<\/strong>;<\/p>\n\n\n\n<p><a rel=\"noreferrer noopener\" aria-label=\"Graylog CentOS installation (opens in a new tab)\" href=\"https:\/\/docs.graylog.org\/en\/3.0\/pages\/installation\/os\/centos.html\" target=\"_blank\">Graylog CentOS installation<\/a><\/p>\n\n\n\n<p>You can check our other articles by following the links below;<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-and-configure-telegraf-on-freebsd-12\/\">Install and Configure Telegraf on FreeBSD 12<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-and-setup-tig-stack-on-fedora-30\/\">Install and Setup TIG Stack on Fedora 30<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-influxdb-on-fedora-30-fedora-29\/\">Install InfluxDB on Fedora 30\/Fedora 29<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-elastic-stack-7-on-ubuntu-18-04-debian-9-8\/\">Install Elastic Stack 7 on Ubuntu 18.04\/Debian 9.8<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/nagios-snmp-monitoring-of-linux-hosts-on-alienvault-usm-ossim\/\">Nagios SNMP Monitoring of Linux Hosts on AlienVault USM\/OSSIM<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hello there. Today we are going to learn how to install Graylog 3.0 on CentOS 7. Graylog is a leading open-source log management tool that<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[962,121,72],"tags":[88,964,289,963,961],"class_list":["post-3072","post","type-post","status-publish","format-standard","hentry","category-graylog","category-howtos","category-monitoring","tag-centos-7","tag-elasticsearch","tag-fedora-29","tag-graylog","tag-mongodb","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/3072"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=3072"}],"version-history":[{"count":11,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/3072\/revisions"}],"predecessor-version":[{"id":3196,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/3072\/revisions\/3196"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=3072"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=3072"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=3072"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}