How to Install Graylog on Centos 7

How to Install Graylog on Centos 7

graylog

yum install epel-release -y
vi /etc/yum.conf
yum clean all
yum install epel-release -y
yum install pwgen -y
yum install mongodb-org -y

systemctl daemon-reload
systemctl enable mongod.service
systemctl start mongod.service

yum install java-1.8.0-openjdk-headless -y
yum install elasticsearch -y
vi /etc/elasticsearch/elasticsearch.yml
cluster.name: graylog

vi /etc/elasticsearch/elasticsearch.yml
cluster.name: graylog

systemctl daemon-reload
systemctl enable elasticsearch.service
systemctl restart elasticsearch.service

curl -XGET ‘http://localhost:9200/_cluster/health?pretty=true’

rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-2.3-repository_latest.rpm yum clean all
yum install graylog-server -y

pwgen -N 1 -s 96
echo -n Password | sha256sum

vi /etc/graylog/server/server.conf
password_secret=jJnklMMQRt1M9Xuygo6hluSYrI9878eBnbSESfPSxHpbZrTGKBjMflJkwnLI4hF0R9uZougNDbiZjyqvr6ig3
root_password_sha2=e7cf3ef4f17c3999a9812e8a888e5b1026878e4e19398b23bd38ec221a –
root_email=felipe@d.it
root_timezone=UTC
elasticsearch_discovery_zen_ping_unicast_hosts = :9300
elasticsearch_shards=1
script.inline: false
script.indexed: false
script.file: false
rest_listen_uri = http://:12900/ web_listen_uri = http://:9000/

chkconfig –add graylog-server
systemctl daemon-reload
systemctl enable graylog-server.service
systemctl start graylog-server.service

TEST GRAYLOG w/ netcat to GELF TCP
echo -e ‘{“version”: “1.1”,“host”:“example.org”,“short_message”:“Short message”,“full_message”:“Backtrace here\n\nmore stuff”,“level”:1,“_user_id”:9001,“_some_info”:“foo”,“_some_env_var”:“bar”}\0’ | nc -w 1 my.graylog.server 12201

ref:

How To Install and Configure Graylog Server on CentOS 7/ RHEL7



GRAYLOG CLIENT LINUX

CENTOS 5
wget http://centreon/f/filebeat5.rpm yum –nogpgcheck localinstall filebeat5.rpm

CENTOS 6
yum install libdbi.x86_64
wget centreon/f/nxlog-6.rpm
rpm -ivh nxlog-6.rpm

CENTOS 7
yum -y install libdbi.x86_64 apr.x86_64
rpm -ivh https://centreon.datamanagement.it/f/nxlog-7.rpm

rpm -ivh https://centreon.datamanagement.it/f/sidecar.rpm graylog-collector-sidecar -service install
gpasswd -a nxlog root
chown -R nxlog.nxlog /var/spool/collector-sidecar/nxlog
ln -s /etc/nxlog.conf /etc/graylog/collector-sidecar/generated/nxlog.conf

mv -fv /etc/graylog/collector-sidecar/collector_sidecar.yml /etc/graylog/collector-sidecar/collector_sidecar.orig

wget -O /etc/graylog/collector-sidecar/collector_sidecar.yml https://centreon.datamanagement.it/f/collector_sidecar.yml

#Edit the file with the defiend TAG
vi /etc/graylog/collector-sidecar/collector_sidecar.yml

systemctl enable collector-sidecar
systemctl start collector-sidecar

tail -f /var/log/graylog/collector-sidecar/collector_sidecar.log

now go ahead and configure the TAG on the graylog gui
http:///system/collectors

LOGS:
/var/log/nxlog/nxlog.log
/var/log/graylog/collector-sidecar/collector_sidecar.log

HOW TO COMPILE NXLOG CENTOS5

yum install pcre-devel.x86_64 expat-devel.x86_64 libtool.x86_64 libcap-devel.x86_64 libdbi-devel.x86_64 pcre-devel.x86_64
yum install gcc
wget http://search.cpan.org/CPAN/authors/id/D/DO/DOUGM/ExtUtils-Embed-1.14.tar.gz tar -zxvf ExtUtils-Embed-1.14.tar.gz
perl Makefile
make
make install

wget https://nxlog.co/system/files/products/files/348/nxlog-ce-2.8.1248.tar.gz tar -zxvf nxlog-ce-2.8.1248.tar.gz
cd nxlog-ce-2.8.1248/packaging/redhat/
vi nxlog.spec (REMOVE THE: perl-ExtUtils-Embed )

bash make_rpm.sh
cd /tmp/nxlog/nxlog-ce-2.8.1248/packaging/redhat/rpmbuild/BUILD/nxlog-ce-2.8.1248
make
make install

which nxlog
/usr/bin/nxlog -h
nxlog-ce-2.8.1248

REF:
http://docs.graylog.org/en/2.2/pages/collector_sidecar.html#

REPO CONFIG

/etc/yum.repos.d/elasticsearch.repo [elasticsearch-2.x]
name=Elasticsearch repository for 2.x packages
baseurl=https://packages.elastic.co/elasticsearch/2.x/centos gpgcheck=1
gpgkey=https://packages.elastic.co/GPG-KEY-elasticsearch enabled=1

/etc/yum.repos.d/graylog.repo [graylog]
name=graylog
baseurl=https://packages.graylog2.org/repo/el/stable/2.2/$basearch/
enabled=1
gpgcheck=0

/etc/yum.repos.d/mongodb-org-3.2.repo [mongodb-org-3.2]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.2.asc

NXLOG CLIENT EXAMPLE

Input 2 text files

/etc/nxlog.conf

 
define ROOT /usr/bin 

 
  Module xm_gelf 
 

User nxlog 
Group nxlog 

Moduledir /usr/libexec/nxlog/modules 
CacheDir /var/spool/nxlog 
PidFile /var/run/nxlog/nxlog.pid 

define LOGFILE /var/log/graylog/nxlog.log 
LogFile %LOGFILE% 
LogLevel INFO 

 
    Module  xm_fileop 
     
        When    @daily 
        Exec    file_cycle('%LOGFILE%', 7); 
      
 
 
        Module im_file 
        File '/var/log/httpd/access.log' 
        PollInterval 5 
        SavePos True 
        ReadFromLast True 
        Recursive False 
        RenameCheck False 
        InputType LineBased 
        Exec $FileName = file_name(); # Send file name with each message 

 
        Module im_file 
        File '/var/log/messages' 
        PollInterval 5 
        SavePos True 
        ReadFromLast True 
        Recursive False 
        RenameCheck False 
        InputType LineBased 
        Exec $FileName = file_name(); # Send file name with each message 
 
 
        Module om_tcp 
        Host 
        Port 2209 
        OutputType  GELF_TCP 
        Exec $short_message = $raw_event; # Avoids truncation of the short_message field. 
        Exec $gl2_source_collector = 'a1061394-f7f7-4d4e-9f1e-1b2d37be6c05'; 
        Exec $collector_node_id = 'graylog-nxlog-prd'; 
        Exec $Hostname = hostname_fqdn(); 
 
 
    Path filein1,filein2 => outcredemprod 
 

Leave a Reply

Your email address will not be published. Required fields are marked *

VAMOVE *

*