Graylog 2.3.x How to install on Centos7 with Syslog input

Graylog 2.3.x How to install on Centos7 with Syslog input


yum install java-1.8.0-openjdk-headless.x86_64


  • MongoDB Install

make file for mongodb repo

vi /etc/yum.repos.d/mongodb-org-3.2.repo


name=MongoDB Repository

install mongodb

yum install mongodb-org
#insert Service base
chkconfig --add mongod
systemctl daemon-reload
systemctl enable mongod.service
systemctl start mongod.service


  • ElasticSearch Install

make file for elasticsearch repo

rpm --import
vi /etc/yum.repos.d/elasticsearch.repo


name=Elasticsearch repository for 2.x packages

install elasticsearch

yum install elasticsearch

edit elasticsearch configuration file

vi /etc/elasticsearch/elasticsearch.yml graylog

#insert Service base 
chkconfig --add elasticsearch 
systemctl daemon-reload 
systemctl enable elasticsearch.service 
systemctl restart elasticsearch.service


  • Graylog Install

make file for graylog repo

rpm -Uvh

install graylog

yum install graylog-server

make password

echo -n yourpassword | sha256sum

edit graylog configuration file

vi /etc/graylog/server/server.conf

password_secret = yourpassword_hash
root_password_sha2 = yourpassword_hash

web_listen_uri = http://youripaddress:9000/
rest_listen_uri = http://youripaddress:9000/api

insert service base

chkconfig --add graylog-server
systemctl daemon-reload
systemctl enable graylog-server.service
systemctl start graylog-server.service


firewall open

firewall-cmd --permanent --zone=public --add-port=9000/tcp

Now you can see webbrowser. http://youripaddress:9000



  • Centering log collecting

Make Syslog Input Listener on Syslog : listen port is UDP 10514

Graylog 2.3.x How to install on Centos7 with Syslog input


Enable listen to rsyslog by rsyslog.conf


vi /etc/rsyslog.conf


enable to $ModLoad imudp and $UDPServerRun 514


Syslog messages will forward enable Like this

*.* @;RSYSLOG_SyslogProtocol23Format


Finally, firewall open udp 514 port

firewall-cmd --permanent --zone=public --add-port=514/udp
firewall-com --reload

Facebook Comments

Leave A Reply

Detection ADBlockPlease, Disable or add to white list on our site.