본문 바로가기
Linux

Graylog 2.x How to install on Centos7 with Syslog input

by 올엠 2020. 11. 18.
반응형

centos7, graylog, HTTPS, install, log, nbsp, syslog], yum

https://www.youtube.com/watch?v=9j_X2VJQfCQ

 

1. Java 8 JDK Install

yum install java-1.8.0-openjdk-headless.x86_64

 

2. MongoDB Install

make file for mongodb repo

#vi /etc/yum.repos.d/mongodb-org-3.2.repo

mongodb-org-3.2.repo

[mongodb-org-3.2]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.2.asc

install mongodb

#yum install mongodb-org

#chkconfig --add mongod
#systemctl daemon-reload
#systemctl enable mongod.service
#systemctl start mongod.servic

3. ElasticSearch Install

make file for elasticsearch repo

#rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch
#vi /etc/yum.repos.d/elasticsearch.repo

elasticsearch.repo file

[elasticsearch]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=0
autorefresh=1
type=rpm-md

install elasticsearch

#yum install elasticsearch

edit elasticsearch configuration file

#vi /etc/elasticsearch/elasticsearch.yml
cluster.name: graylog

insert Service base

#chkconfig --add elasticsearch 
#systemctl daemon-reload 
#systemctl enable elasticsearch.service 
#systemctl restart elasticsearch.service

3. Graylog Install

make file for graylog repo

#rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-2.3-repository_latest.rpm

install graylog

#yum install graylog-server

make password

#echo -n yourpassword | sha256sum

edit graylog configuration file

vi /etc/graylog/server/server.conf
password_secret = yourpassword_hash
root_password_sha2 = yourpassword_hash

web_listen_uri = http://youripaddress:9000/
rest_listen_uri = http://youripaddress:9000/api

insert service base

#chkconfig --add graylog-server
#systemctl daemon-reload
#systemctl enable graylog-server.service
#systemctl start graylog-server.service

firewall open

#firewall-cmd --permanent --zone=public --add-port=9000/tcp

Now you can see webbrowser. http://youripaddress:9000

 

4. Centering log collecting

Make Syslog Input Listener on Syslog : listen port is UDP 10514

Enable listen to rsyslog by rsyslog.conf

#vi /etc/rsyslog.conf

enable to $ModLoad imudp and $UDPServerRun 514

Syslog messages will forward enable Like this

*.* @127.0.0.1:10514;RSYSLOG_SyslogProtocol23Format

Finally, firewall open udp 514 port

#firewall-cmd --permanent --zone=public --add-port=514/udp
#firewall-com --reload

 

반응형