How To Install Graylog on CentOS 8

Install Graylog on CentOS 8

In this tutorial, we will show you how to install Graylog on CentOS 8. For those of you who didn’t know, Graylog is an open-source log management system that allows System Administrators/Developers to aggregate up to terabytes of log data, from multiple log sources management tool based on Elasticsearch and MongoDB. Graylog helps you to collect, index and analyze any machine logs centrally.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step by step installation Graylog on a CentOS 8 server.

Install Graylog on CentOS 8

Step 1. First, let’s start by ensuring your system is up-to-date.

sudo dnf update
sudo dnf install wget pwgen perl-Digest-SH

Step 2. Installing Java.

Elasticsearch requires Java to be installed on the system. So, install either OpenJDK or Oracle JDK using the following command:

sudo dnf install java-1.8.0-openjdk-headless

Check if it is successfully installed:

java -version

Step 3. Installing Elasticsearch.

First, import the GPG signing key before the installation:

rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

Now, we Add Elasticsearch repository:

cat << EOF > /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/oss-6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF

Then, install Elasticsearch using the following command:

sudo dnf install elasticsearch-os

Step 4. Configuring Elasticsearch for Graylog.

You need to modify the Elasticsearch configuration file and set the cluster name to Graylog:

nano /etc/elasticsearch/elasticsearch.yml

Change the file as shown below:

cluster.name: graylog
action.auto_create_index: false

Reload the systemctl daemon and enable Elasticsearch to start automatically on the system startup:

sudo systemctl daemon-reload
sudo systemctl enable elasticsearch
sudo systemctl restart elasticsearch

Check the health of the Elasticsearch with the following command:

curl -X GET http://localhost:9200

Step 5. Installing MongoDB.

MongoDB is not available in the default CentOS repository. You will need to add the MongoDB repo first:

cat << EOF > /etc/yum.repos.d/mongodb-org-4.0.repo
[mongodb-org-4.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/8Server/mongodb-org/4.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc
EOF

Install MongoDB by running the following command:

sudo dnf install mongodb-org

Start the MongoDB service and enable it to start on boot with the following command:

sudo systemctl enable mongod.service
sudo systemctl start mongod.service

Step 6. Installing Graylog CentOS 8.

Now install the Graylog repository configuration:

sudo dnf install https://packages.graylog2.org/repo/packages/graylog-3.2-repository_latest.rpm

Install Graylog server using dnf:

sudo dnf install graylog-server

After you have installed the Graylog Server, you have to generate secret key for Graylog using the following command:

pwgen -N 1 -s 96

Results:

1dcw10Snsvk1bKgkARGNaalO3QeZqkPG8pUcbJO3oFmeilanamariarFixOR95Nrv40FCFRClXIdnxwknGtl4HDrTspWmom

Next, create a hash password for the root user that can be used to log in to the Graylog web server using the following command:

echo -n yourpassword | shasum -a 256

Results:

e3c652f0ba0b4801205814f8b6bc4967ramonafb89b22cdeb4e951

Then, edit the server.conf file to begin the Graylog configuration:

nano /etc/graylog/server/server.conf

Make changes to the file as shown below:

password_secret = 1dcw10Snsvk1bKgkARGNaalO3QeZqkPG8pUcbJO3oFmeilanamariarFixOR95Nrv40FCFRClXIdnxwknGtl4HDrTspWmom
root_password_sha2 = e7cf3ef4f17c3999a94f2c6f612e8a888e5b10268bmwe4619398b23bd38ec221a
root_email= "godet@idroot.us"
root_timezone = UTC

Step 7. Configure Graylog web interface.

Enable the Graylog web interface by editing the server.conf file:

nano /etc/graylog/server/server.conf
http_bind_address = your-server-ip:9000
http_external_uri = http://your-server-ip:9000/

After you have modified the configuration file, restart Graylog service:

sudo systemctl daemon-reload
sudo systemctl restart graylog-server
sudo systemctl enable graylog-server

Step 8. Accessing Graylog.

Graylog will be available on HTTP port 9000 by default. Open your favourite browser and navigate to http://your-domain.com:9000 or http://your-server-ip:9000/ and complete the required steps to finish the installation. Log in with username admin and the password you configured at root_password_sha2 on server.conf.

Install Graylog on CentOS 8

Congratulation’s! You have successfully installed Graylog. Thanks for using this tutorial for installing Graylog in CentOS 8 system. For additional help or useful information, we recommend you to check the official Graylog website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get a best deal!