jeudi 25 mai 2017

How to Install and Configure Graylog Server on Ubuntu 16.04







How to Install and Configure
Graylog Server on Ubuntu 16.04

12th January 2017  1,835k 






Graylog is a free and open source powerful centralized log management tool based on Elasticsearch and MongoDB. Graylog helps you to collect and analyze your system logs to debug applications.
Graylog is made up of three components Elasticsearch, MongoDB and Graylog server. Elasticsearch is used to store the log messages and provide searching facilities. MongoDB isused to store the configuration and meta information. Graylog server collects the logs from various inputs and provides a web interface for managing the logs.
In this tutorial, we will explain how to install and configure Graylog server on Ubuntu 16.04.

Prerequisites

  • A server running Ubuntu 16.04.
  • A non-root user with sudo privileges setup on your server.
  • A static IP address 192.168.15.110 configure on your server.
##Update the System
First, update your system to the latest stable version by running the following command:
sudo apt-get update -y sudo apt-get upgrade -y
Once your system is up to date, you can proceed to the next step.

Installing Elasticsearch

Elasticsearch is one of the main components of Graylog server. Elasticsearch stores all the logs sent by Graylog server and displays the messages over the built-in web interface.
Before starting, Elasticsearch requires Java to be installed on your server. So you will need to install Java first.
By default Java is not available in Ubuntu default repository. So first add the Oracle Java PPA to apt with the following command:
sudo add-apt-repository ppa:webupd8team/java
Next, update your apt package database with the following command:
sudo apt-get update -y
Next, Install the latest stable version of Oracle Java 8 with the following command:
sudo apt-get install oracle-java8-installer
Next, Verify the Java version by running the following command:
java -version
Output:
java version "1.8.0_91"
Java(TM) SE Runtime Environment (build 1.8.0_91-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.91-b14, mixed mode)
Before installing Elasticsearch, you will need to download and install a GPG signing key.
sudo wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
Next, configure Eleasticsearch repository with the following command:
sudo echo "deb https://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch.list
Next, update the repository database with the following command:
sudo apt-get update -y
Then, install elasticsearch with the following command:
sudo apt-get install elasticsearch -y
Start the elasticsearch service and enable it to start on boot time with the following command:
sudo systemctl start elasticsearch sudo systemctl enable elasticsearch
Next, you will need to make some changes in elasticsearch.yml file:
sudo nano /etc/elasticsearch/elasticsearch.yml
Change the file as shown below:
cluster.name: graylog
network.bind_host: localhost
script.disable_dynamic: true
Save the file and restart the Elasticsearch service:
sudo service elasticsearch restart
Next, verify Elasticsearch is running properly or not with the following command:
curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'
If everything is ok, you should see the following output:
{
  "cluster_name" : "graylog",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 1,
  "number_of_data_nodes" : 1,
  "active_primary_shards" : 0,
  "active_shards" : 0,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}
Once you are done, you can proceed to the next step.

Installing MongoDB

First, you will need to import the MongoDB public GPG key into apt.
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927
Next, create the MongoDB source list file with the following command:
sudo echo 'deb http://downloads-distro.mongodb.org/repo/debian-sysvinit dist 10gen' | sudo tee /etc/apt/sources.list.d/mongodb.list
Update your apt database and install MongoDB with the following command:
sudo apt-get update -y sudo apt-get install mongodb-org
Next, start the MongoDB service and enable it to start on boot:
sudo systemctl start mongod sudo systemctl enable mongod

Installing Graylog

First, you will need to download and install graylog repository on your system.
You can do this by using wget command:
============> La version 2.2 de Graylog existe
wget https://packages.graylog2.org/repo/packages/graylog-2.0-repository_latest.deb
Next, install graylog repository with the following command:
sudo dpkg -i graylog-2.0-repository_latest.deb
Next, Install https support and update the repository cache with the following commands:
sudo apt-get install apt-transport-https -y sudo apt-get update -y
Finally install Graylog server with the following command:
sudo apt-get install -y graylog-server
Next, you will need to install pwgen to generate password secret keys for graylog server.
sudo apt-get install pwgen
Next, generate a secret key using pwgen command:
pwgen -N 1 -s 96
You should see the following output:
eK76Gx7mwdQGIVYzOm7GYmucqiGShvZQ96vIQFyf0PHEi0bTFSQemte2ADkMZllv0epvpeSGqiInvnnXxxxRpQyYLKCyvL8v
Next, set a hash password for the root user that can be used to to login into the web interface.
===> ne marche pas avec les caractères type $$$$
echo -n password | sha256sum
You should see the following output:
5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8  -
Next, you will need to edit the server.conf file to begin the graylog configuration.
sudo nano /etc/graylog/server/server.conf
Change the file as shown below:
root_timezone = Pacific/Tahiti
password_secret =
root_password_sha2 = 
root_email = hitjethva@gmail.com
root_timezone = UTC
elasticsearch_discovery_zen_ping_unicast_hosts = 192.168.15.110:9300
is_master = true
elasticsearch_max_docs_per_index = 20000000
elasticsearch_max_number_of_indices = 20
elasticsearch_shards = 1
elasticsearch_replicas = 0
Save and close the file when you are finish.

Installing the Graylog Web Interface

You can configure Graylog web interface by editing server.conf file.
sudo nano /etc/graylog/server/server.conf
Change the following lines:
rest_listen_uri = http://192.168.15.110:12900/
web_listen_uri = http://192.168.15.110:9000/
Once you are done, restart the Graylog service with the following command:
sudo systemctl daemon-reload sudo systemctl restart graylog-server

Accessing the Graylog Web Interface

Once everything is up to date, it's time to access graylog web interface.
Open your favourite web browser and type the URL http://192.168.15.110:9000. Login with username admin and the password you configured at root_password_sha2 on server.conf.
You should see the following pages:

Conclusion

Congratulations! you have successfully installed and configured graylog server on Ubuntu 16.04. You can now easily explore the other functionality that it offers.
Publié par à

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)