Graylog 2.x How to install on Centos7 with Syslog input

centos7, graylog, HTTPS, install, log, nbsp, syslog], yum

https://www.youtube.com/watch?v=9j_X2VJQfCQ

1. Java 8 JDK Install

yum install java-1.8.0-openjdk-headless.x86_64

2. MongoDB Install

make file for mongodb repo

#vi /etc/yum.repos.d/mongodb-org-3.2.repo

mongodb-org-3.2.repo

[mongodb-org-3.2]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.2.asc

install mongodb

#yum install mongodb-org

#chkconfig --add mongod
#systemctl daemon-reload
#systemctl enable mongod.service
#systemctl start mongod.servic

3. ElasticSearch Install

make file for elasticsearch repo

#rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
#vi /etc/yum.repos.d/elasticsearch.repo

elasticsearch.repo file

[elasticsearch]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=0
autorefresh=1
type=rpm-md

install elasticsearch

#yum install elasticsearch

edit elasticsearch configuration file

#vi /etc/elasticsearch/elasticsearch.yml

cluster.name: graylog

insert Service base

#chkconfig --add elasticsearch 
#systemctl daemon-reload 
#systemctl enable elasticsearch.service 
#systemctl restart elasticsearch.service

3. Graylog Install

make file for graylog repo

#rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-2.3-repository_latest.rpm

install graylog

#yum install graylog-server

make password

#echo -n yourpassword | sha256sum

edit graylog configuration file

vi /etc/graylog/server/server.conf

password_secret = yourpassword_hash
root_password_sha2 = yourpassword_hash

web_listen_uri = http://youripaddress:9000/
rest_listen_uri = http://youripaddress:9000/api

insert service base

#chkconfig --add graylog-server
#systemctl daemon-reload
#systemctl enable graylog-server.service
#systemctl start graylog-server.service

firewall open

#firewall-cmd --permanent --zone=public --add-port=9000/tcp

Now you can see webbrowser. http://youripaddress:9000

4. Centering log collecting

Make Syslog Input Listener on Syslog : listen port is UDP 10514

Enable listen to rsyslog by rsyslog.conf

#vi /etc/rsyslog.conf

enable to $ModLoad imudp and $UDPServerRun 514

Syslog messages will forward enable Like this

*.* @127.0.0.1:10514;RSYSLOG_SyslogProtocol23Format

Finally, firewall open udp 514 port

#firewall-cmd --permanent --zone=public --add-port=514/udp
#firewall-com --reload

'Linux' 카테고리의 다른 글

Linux 쉘에서 파일 다운로드 받기 (0)	2020.11.18
find -exec 특정 파일에서 특정 문구 찾기 (0)	2020.11.18
How to Use Multi-Factor in SSH on Ubuntu/CentOS (0)	2020.11.18
Installing VMware Tools for Ubuntu/CentOS virtual machine (0)	2020.11.16
.Net/core - make service for auto-start when boot on Ubuntu (0)	2020.11.12

Asecurity

Graylog 2.x How to install on Centos7 with Syslog input

1. Java 8 JDK Install

2. MongoDB Install

3. ElasticSearch Install

3. Graylog Install

4. Centering log collecting

'Linux' 카테고리의 다른 글

티스토리툴바

Graylog 2.x How to install on Centos7 with Syslog input

1. Java 8 JDK Install

2. MongoDB Install

3. ElasticSearch Install

3. Graylog Install

4. Centering log collecting

'Linux' 카테고리의 다른 글

관련글

티스토리툴바