Graylog2 Centos 5 installation
In order to have a complete and functional Graylog2 log management solution we have to install three main components, MongoDB, graylog2-server and graylog2-web-interface.MongoDB database installation
MongoDB propose to Centos and Fedora users yum-installable RPM packages for x86 and x86_64 platforms. “mongo-10gen” (mongodb client) and “mongo-10gen-server” (mongodb server) are available through the 10gen MongoDB repository. Just follow the “Centos and Fedora Packages” documentation to allow you server to install these packages. Then simply execute the following command to install MongoDB server and client.$ sudo yum install mongo-10gen-serverMongoDB configuration file is located in “/etc/mongod.conf” and the associated sysconfig file is in “/etc/sysconfig/mongod“. When started MongoDB will run under mongod user and group.
First edit the MongoDB configuration file and change “nohttpinterface = false” to “nohttpinterface = false“. Then start MongoDB server with the following command.
$ sudo /etc/init.d/mongod start
Now we will create a user and password to allow Graylog2 to connect to MongoDB server. The database will directly be created during the user creation, and the database will be stored in “/var/lib/mongo“. To connect you to MongoDB server you have only to run the “mongo” client.
$ sudo mongoWe have now a user (login) created, with his associated password, for database graylog2. If we wish to perform further operations we need to execute the following command.
> use graylog2
> db.addUser(“login”, “password”)
> db.auth(“login”, “password”)We can view existing users for the database with the following command.
> db.system.users.find()For further security and authentication configurations please follow the MongoDB documentation.
We need now to configure the MongoDB server default listener port (27017/TCP). Just uncomment “port = 27017” line in the MongoDB configuration file. MongoDB will listen on the loopback (127.0.0.1). Also we need to turn on security for authentication by uncommenting the “auth = true” line.
Now restart MongoDB with the following command.
$ sudo /etc/init.d/mongod restart
Graylog2 server installation
Graylog2 server require to install openjdk.
$ sudo yum install openjdkDownload Graylog2 server from Github and adapt the following commands to your need.
$ sudo cp graylog2-server-0.9.5p1.tar.gz /opt/We need to have the graylog2 server configuration file in “/etc/” folder.
$ sudo cd /opt$ sudo tar -zxvf graylog2-server-0.9.5p1.tar.gz
$ sudo ln -s graylog2-server-0.9.5p1 graylog2
$ sudo cd graylog2
$ sudo cp graylog2.conf.example /etc/graylog2.confIn “/etc/graylog2.conf” configuration file change all “mongodb*” settings with your MongoDB configuration. For example :
# MongoDB ConfigurationAlso configure, in the same configuration file, the Syslog server listener port and protocol. By default the Syslog server is listening on 514/UDP.
mongodb_useauth = true
mongodb_user = login
mongodb_password = password
mongodb_host = localhost
#mongodb_replica_set = localhost:27017,localhost:27018,localhost:27019
mongodb_database = graylog2
mongodb_port = 27017
Now start Graylog2 server with the following command.
$ sudo cd /opt/graylog2/bin/To stop graylog2 server execute the following command.
$ sudo ./graylog2ctl start
$ sudo ./graylog2ctl stop
Graylog2 Web interface installation
Graylog2 Web interface is running under Ruby, so we first need to install the latest version of Ruby. Please remove all your previous Ruby installation cause Centos 5 only support an old release of Ruby how is not compatible with Graylog2 and other dependencies.$ sudo yum erase ruby ruby-libs ruby-mode ruby-rdoc ruby-irb ruby-ri ruby-docsMake sure you have all the required development tools :
$ sudo yum install openssl-devel zlib-devel gcc gcc-c++ make autoconf readline-devel curl-devel expat-devel gettext-develDownload the latest Ruby sources and proceed with installing :
$ ./configure –enable-shared –enable-pthread –prefix=/usrRuby 1.9.2 and above now includes RubyGems so there’s no need to install it separately.
$ make
$ sudo make install
Test that everything installed successfully :
Update all the gems, install git and rake
$ sudo gem update && gem install git rakeNow download Graylog2 Web interface from Github and adapt to your needs the following commands.
$ sudo cp graylog2-web-interface-0.9.5p2.tar.gz /opt/We have also to install bundler with the following commands.
$ sudo cd /opt
$ sudo tar -zxvf graylog2-web-interface-0.9.5p2.tar.gz
$ sudo ln -s graylog2-web-interface-0.9.5p2 graylog2-web-interface
$ sudo cd graylog2-web-interface
$ sudo gem install bundlerEdit all “*.yml” configuration files in “/opt/graylog2-web-interface/config/” folder.
$ sudo bundle install
“email.yml” configuration file will contain all required email configurations for alarms.
“general.yml” configuration file will contain all Graylog2 server general configurations such as hostname, automatic Graylog2 version check, etc.
“mongoid.yml” configuration file will contain all MongoDB configurations. For example :
production:We will server Graylog2 Web interface through Apache and Passenger.
host: localhost
port: 27017
username: login
password: password
database: graylog2
To install Passanger just run the following command :
$ sudo gem install passengerCreate a “passenger.conf” file in “/etc/httpd/conf.d/” directory and add the following entries :
$ sudo passenger-install-apache2-module
$ sudo chown -R apache:apache /opt/graylog2-web-interface-0.9.5p2
$ sudo chown -R apache:apache /opt/graylog2-web-interface
LoadModule passenger_module /usr/lib/ruby/gems/1.9.1/gems/passenger-3.0.7/ext/apache2/mod_passenger.soThe in your “httpd.conf” file include the “passenger.conf” file.
PassengerRoot /usr/lib/ruby/gems/1.9.1/gems/passenger-3.0.7
PassengerRuby /usr/bin/ruby
Add a Virtual Host in your “httpd.conf“, for example :
ServerName xxx.xxxx.comAlso include the “passenger.conf” in the “httpd.conf” file and restart apache :
DocumentRoot /opt/graylog2-web-interface/public
Allow from all
Options -MultiViews
ErrorLog /var/log/httpd/xxx.xxx.com_error.log
LogLevel warn
CustomLog /var/log/httpd/xxx.xxx.com_access.log combined
“Include conf.d/passenger.conf”Now you will be able to connect you on your vhost, configure the Graylog2 first user and connect into the Web interface.
I would like to thank the original author
