RHEL BasedRocky Linux

How To Install Graylog on Rocky Linux 9

r00t

Install Graylog on Rocky Linux 9

In this tutorial, we will show you how to install Graylog on Rocky Linux 9. For those of you who didn’t know, Graylog is an open-source project for a solution that can be used for centralized log analysis. It’s written in Java and built on top of other open-source software like MongoDB and Elasticsearch. With Graylog, we can easily gather logs to one place, analyze them using Elasticsearch and visualize them on the Graylog dashboard.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Graylog on Rocky Linux. 9.

Prerequisites

  • A server running one of the following operating systems: Rocky Linux 9.
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • SSH access to the server (or just open Terminal if you’re on a desktop).
  • A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install Graylog on Rocky Linux 9

Step 1. The first step is to update your system to the latest version of the package list. To do so, run the following commands:

sudo dnf check-update
sudo dnf install dnf-utils

Step 2. Installing MariaDB Database.

By default, MariaDB is available on Rocky Linux 9 base repository. Now run the following command below to install the latest stable version of MariaDB to your system:

sudo dnf install mariadb-server mariadb

Once the installation is complete, start the MariaDB service and enable it to automatically start on boot by running the following command below:

sudo systemctl enable mariadb --now
sudo systemctl start mariadb
sudo systemctl status mariadb

To check the version of MariaDB installed, run the command below:

mariadb --version

By default, MariaDB is not hardened. You can secure MariaDB using the mysql_secure_installation script. you should read and below each step carefully which will set a root password, remove anonymous users, disallow remote root login, and remove the test database and access to secure MariaDB:

mysql_secure_installation

Configure it like this:

- Set root password? [Y/n] y
- Remove anonymous users? [Y/n] y
- Disallow root login remotely? [Y/n] y
- Remove test database and access to it? [Y/n] y
- Reload privilege tables now? [Y/n] y

Step 3. Installing Elasticsearch.

By default, Elasticsearch is not available on the Rocky Linux 9 base repository. Now we add the Elasticsearch repository to your Rocky Linux system:

cat <<EOF | sudo tee /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF

After that, install the Elasticsearch package using the dnf command:

sudo dnf update
sudo dnf install elasticsearch

Next, edit the default Elasticsearch configuration file ‘/etc/elasticsearch/elasticsearch.yml‘ using the following command:

sudo nano /etc/elasticsearch/elasticsearch.yml

Add and uncomment the following basic Elasticsearch configuration:

cluster.name: graylog-idroot
action.auto_create_index: false

Save and close the file, then start the ElasticSearch service using the following command below:

sudo systemctl daemon-reload
sudo systemctl start elasticsearch

Now we test and see if the installed Elasticsearch is working. Elasticsearch should be running on port 9200. Test this using the curl command as below:

curl localhost:9200

Output:

[root@idroot.us ~]# curl -X GET "localhost:9200/"
{
    "name" : "node-1",
    "cluster_name" : "graylog-idroot",
    "cluster_uuid" : "BMWe46CQmeilanaBCp9EBmw",
    "version" : {
        "number" : "7.17.5",
        "build_flavor" : "default",
        "build_type" : "rpm",
        "build_hash" : "5ciye1c6fkud260ce95akp008175c6f3",
        "build_date" : "2022-08-19T22:16:12.081071350CI",
        "build_snapshot" : false,
        "lucene_version" : "8.11.2",
        "minimum_wire_compatibility_version" : "6.8.0",
        "minimum_index_compatibility_version" : "6.0.0-beta1"
    },
    "tagline" : "You Know, for Search"
}

Step 4. Installing Java OpenJDK.

The Graylog Server is an application server mainly written in Java. Now run the following command to install Java OpenJDK to your Rocky Linux system:

sudo dnf install java-11-openjdk-devel

Verify the Java OpenJDK version installation:

java version

Step 5. Installing Graylog Server.

First, run the following command to set up the Elasticsearch repository for the Rocky Linux system:

cat <<EOF | sudo tee /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF

After the repository was added, now install the Elasticsearch package using the dnf command below:

sudo dnf update
sudo dnf install graylog-server graylog-integrations-plugins

Next, you have to generate a secret key for Graylog using the following command:

sudo dnf install pwgen
sudo pwgen -N 1 -s 96

Now run the following command to generate the sha256 hash password of the ‘root_password_sha2‘ for the Graylog Server. this password will be used to log in to the Graylog Server dashboard. Be sure to use the strong password and copy the generated sha256 hash password to your note:

echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1

Then, edit the Graylog Server config file /etc/graylog/server/server.conf‘ using the following command:

sudo nano /etc/graylog/server/server.conf

Make changes to the file as shown below:

password_secret = R8zwuO2NDewUg0detzDm07tn6AppmwThty0aagxOoqMDWNfr3akzpz7DdQyQVY1uHqmeyNkZnBLuXQf3B1giq5RKX
root_password_sha2 = a7fdfe53e2a13cb602dbmwe46388fitmen51c67e60eestance68a1c709449111
http_bind_address = 0.0.0.0:9000

Save and close the file, then reload the systemd manager and apply the Graylog Server service file:

sudo systemctl daemon-reload
sudo systemctl start graylog-server

Step 6. Configure Firewall.

We need to configure the firewall to allow traffic through port 9000 for the Graylog server:

sudo firewall-cmd --add-port=9000/tcp --permanent
sudo firewall-cmd --reload

Step 7. Accessing Graylog Web Interface.

Once successfully installed, open your web browser and access the Graylog using the URL http://your-IP-address:9000. You will be redirected to the following page:

Install Graylog on Rocky Linux 9

Congratulations! You have successfully installed Graylog. Thanks for using this tutorial for installing the Graylog on your Rocky Linux 9 system. For additional help or useful information, we recommend you check the official Graylog website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
Photo of r00t

r00t

r00t is a seasoned Linux system administrator with a wealth of experience in the field. Known for his contributions to idroot.us, r00t has authored numerous tutorials and guides, helping users navigate the complexities of Linux systems. His expertise spans across various Linux distributions, including Ubuntu, CentOS, and Debian. r00t's work is characterized by his ability to simplify complex concepts, making Linux more accessible to users of all skill levels. His dedication to the Linux community and his commitment to sharing knowledge makes him a respected figure in the field.
Copyright © 2024 idroot.us | All Rights Reserved.
Back to top button