Felipe FerreiraHowTo, Linux 

yum install epel-release -y
vi /etc/yum.conf
yum clean all
yum install epel-release -y
yum install pwgen -y
yum install mongodb-org -y
systemctl daemon-reload
systemctl enable mongod.service
systemctl start mongod.service
yum install java-1.8.0-openjdk-headless -y
yum install elasticsearch -y
vi /etc/elasticsearch/elasticsearch.yml
cluster.name: graylog
vi /etc/elasticsearch/elasticsearch.yml
cluster.name: graylog
systemctl daemon-reload
systemctl enable elasticsearch.service
systemctl restart elasticsearch.service
curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'
rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-2.3-repository_latest.rpm yum clean all
yum install graylog-server -y
pwgen -N 1 -s 96
echo -n Password | sha256sum
vi /etc/graylog/server/server.conf
password_secret=jJnklMMQRt1M9Xuygo6hluSYrI9878eBnbSESfPSxHpbZrTGKBjMflJkwnLI4hF0R9uZougNDbiZjyqvr6ig3
root_password_sha2=e7cf3ef4f17c3999a9812e8a888e5b1026878e4e19398b23bd38ec221a -
root_email=felipe@d.it
root_timezone=UTC
elasticsearch_discovery_zen_ping_unicast_hosts = :9300
elasticsearch_shards=1
script.inline: false
script.indexed: false
script.file: false
rest_listen_uri = http://:12900/ web_listen_uri = http://:9000/
chkconfig –add graylog-server
systemctl daemon-reload
systemctl enable graylog-server.service
systemctl start graylog-server.service
TEST GRAYLOG w/ netcat to GELF TCP
echo -e '{“version”: “1.1”,“host”:“example.org”,“short_message”:“Short message”,“full_message”:“Backtrace here\n\nmore stuff”,“level”:1,“_user_id”:9001,“_some_info”:“foo”,“_some_env_var”:“bar”}\0' | nc -w 1 my.graylog.server 12201
ref:

How To Install and Configure Graylog Server on CentOS 7/ RHEL7

GRAYLOG CLIENT LINUX

CENTOS 5
wget http://centreon/f/filebeat5.rpm yum –nogpgcheck localinstall filebeat5.rpm
CENTOS 6
yum install libdbi.x86_64
wget centreon/f/nxlog-6.rpm
rpm -ivh nxlog-6.rpm
CENTOS 7
yum -y install libdbi.x86_64 apr.x86_64
rpm -ivh https://centreon.datamanagement.it/f/nxlog-7.rpm
rpm -ivh https://centreon.datamanagement.it/f/sidecar.rpm graylog-collector-sidecar -service install
gpasswd -a nxlog root
chown -R nxlog.nxlog /var/spool/collector-sidecar/nxlog
ln -s /etc/nxlog.conf /etc/graylog/collector-sidecar/generated/nxlog.conf
mv -fv /etc/graylog/collector-sidecar/collector_sidecar.yml /etc/graylog/collector-sidecar/collector_sidecar.orig
wget -O /etc/graylog/collector-sidecar/collector_sidecar.yml https://centreon.datamanagement.it/f/collector_sidecar.yml
#Edit the file with the defiend TAG
vi /etc/graylog/collector-sidecar/collector_sidecar.yml
systemctl enable collector-sidecar
systemctl start collector-sidecar
tail -f /var/log/graylog/collector-sidecar/collector_sidecar.log
now go ahead and configure the TAG on the graylog gui
http:///system/collectors
LOGS:
/var/log/nxlog/nxlog.log
/var/log/graylog/collector-sidecar/collector_sidecar.log

HOW TO COMPILE NXLOG CENTOS5

yum install pcre-devel.x86_64 expat-devel.x86_64 libtool.x86_64 libcap-devel.x86_64 libdbi-devel.x86_64 pcre-devel.x86_64
yum install gcc
wget http://search.cpan.org/CPAN/authors/id/D/DO/DOUGM/ExtUtils-Embed-1.14.tar.gz tar -zxvf ExtUtils-Embed-1.14.tar.gz
perl Makefile
make
make install
wget https://nxlog.co/system/files/products/files/348/nxlog-ce-2.8.1248.tar.gz tar -zxvf nxlog-ce-2.8.1248.tar.gz
cd nxlog-ce-2.8.1248/packaging/redhat/
vi nxlog.spec (REMOVE THE: perl-ExtUtils-Embed )
bash make_rpm.sh
cd /tmp/nxlog/nxlog-ce-2.8.1248/packaging/redhat/rpmbuild/BUILD/nxlog-ce-2.8.1248
make
make install
which nxlog
/usr/bin/nxlog -h
nxlog-ce-2.8.1248
REF:
http://docs.graylog.org/en/2.2/pages/collector_sidecar.html#
REPO CONFIG
/etc/yum.repos.d/elasticsearch.repo [elasticsearch-2.x]
name=Elasticsearch repository for 2.x packages
baseurl=https://packages.elastic.co/elasticsearch/2.x/centos gpgcheck=1
gpgkey=https://packages.elastic.co/GPG-KEY-elasticsearch enabled=1
/etc/yum.repos.d/graylog.repo [graylog]
name=graylog
baseurl=https://packages.graylog2.org/repo/el/stable/2.2/$basearch/
enabled=1
gpgcheck=0
/etc/yum.repos.d/mongodb-org-3.2.repo [mongodb-org-3.2]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.2.asc

NXLOG CLIENT EXAMPLE

Input 2 text files
/etc/nxlog.conf

define ROOT /usr/bin

  Module xm_gelf

User nxlog
Group nxlog
Moduledir /usr/libexec/nxlog/modules
CacheDir /var/spool/nxlog
PidFile /var/run/nxlog/nxlog.pid
define LOGFILE /var/log/graylog/nxlog.log
LogFile %LOGFILE%
LogLevel INFO

    Module  xm_fileop
    
        When    @daily
        Exec    file_cycle('%LOGFILE%', 7);
     


        Module im_file
        File '/var/log/httpd/access.log'
        PollInterval 5
        SavePos True
        ReadFromLast True
        Recursive False
        RenameCheck False
        InputType LineBased
        Exec $FileName = file_name(); # Send file name with each message


        Module im_file
        File '/var/log/messages'
        PollInterval 5
        SavePos True
        ReadFromLast True
        Recursive False
        RenameCheck False
        InputType LineBased
        Exec $FileName = file_name(); # Send file name with each message


        Module om_tcp
        Host 
        Port 2209
        OutputType  GELF_TCP
        Exec $short_message = $raw_event; # Avoids truncation of the short_message field.
        Exec $gl2_source_collector = 'a1061394-f7f7-4d4e-9f1e-1b2d37be6c05';
        Exec $collector_node_id = 'graylog-nxlog-prd';
        Exec $Hostname = hostname_fqdn();


    Path filein1,filein2 => outcredemprod

Leave a Reply

Your email address will not be published. Required fields are marked *