Atlantic.Net Blog

Install Graylog Monitoring Server on CentOS 8

Hitesh Jethva
by Atlantic.Net (273 posts) under VPS Hosting
0 Comments

Graylog is a powerful platform for simplified log management of structured or unstructured data. Additionally, it is useful for debugging applications.

Graylog is broadly based upon Scala, MongoDB, and Elasticsearch. It has a main server to receive data from the clients that may be installed over different servers. Similarly, Graylog features a web interface for the visualization of data. It facilitates work over the logs that the main server aggregates.

Graylog is primarily used as a stash for logs for any web application in use. Alternately, Graylog is also effective when working with raw strings, such as Syslog.

In this tutorial, we will show you how to install the Graylog Monitoring server on CentOS 8.

Prerequisites

  • A fresh CentOS 8 VPS on the Atlantic.Net Cloud Platform
  • A root password configured on your server

Step 1 – Create an Atlantic.Net Cloud Server

First, log in to your Atlantic.Net Cloud Server. Create a new server, choosing CentOS 8 as the operating system with at least 6 GB RAM. Connect to your Cloud Server via SSH and log in using the credentials highlighted at the top of the page.

Once you are logged in to your CentOS 8 server, run the following command to update your base system with the latest available packages.

dnf update -y

Step 2 – Install Required Dependencies

Before starting, you will need to install Java and other required dependencies on your server.

First, install the EPEL repository with the following command:

dnf install epel-release -y

Next, install the Java using the following command:

dnf install -y java-1.8.0-openjdk-headless -y

Once Java is installed, you can verify it with the following command:

java -version

You should get the following output:

openjdk version "1.8.0_265"
OpenJDK Runtime Environment (build 1.8.0_265-b01)
OpenJDK 64-Bit Server VM (build 25.265-b01, mixed mode)

Next, install other required packages with the following command:

dnf install wget pwgen perl-Digest-SHA -y

Step 3 – Install Elasticsearch

Graylog uses Elasticsearch to store log messages and its search function. By default, the latest version of Elasticsearch is not available in the CentOS 8 default repository, so you will need to add the Elasticsearch repo to your system.

First, import the GPG key with the following command:

rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

Next, create Elasticsearch repo with the following command:

nano /etc/yum.repos.d/elasticsearch.repo

Add the following lines:

[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/oss-6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

Save and close the file then install the Elasticsearch with the following command:

dnf install elasticsearch-oss -y

Once the Elasticsearch is installed, edit the Elasticsearch main configuration file:

nano /etc/elasticsearch/elasticsearch.yml

Define your cluster name and add another line as shown below:

cluster.name: my-graylog
action.auto_create_index: false

Save the file, then reload the systemd daemon and enable Elasticsearch to start at system reboot with the following command:

systemctl daemon-reload
systemctl enable elasticsearch

Next, restart the Elasticsearch service with the following command:

systemctl restart elasticsearch

You can now check the Elasticsearch response using the following command:

curl -X GET http://localhost:9200

If everything is correct, you should get the following output:

{
"name" : "7FL0524",
"cluster_name" : "my-graylog",
"cluster_uuid" : "C4OvK0Y_TjCiVzBiHbz0pA",
"version" : {
"number" : "6.8.12",
"build_flavor" : "oss",
"build_type" : "rpm",
"build_hash" : "7a15d2a",
"build_date" : "2020-08-12T07:27:20.804867Z",
"build_snapshot" : false,
"lucene_version" : "7.7.3",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}

Step 4 – Install MongoDB Server

Graylog uses MongoDB to store configurations and meta information. By default, MongoDB is not available in the CentOS 8 standard repository, so you will need to create a repository for MongoDB.

You can create it with the following command:

nano /etc/yum.repos.d/mongodb-org-4.0.repo

Add the following lines:

[mongodb-org-4]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.2.asc

Save and close the file, then update the repository with the following command:

dnf update -y

Next, install the MongoDB server with the following command:

dnf install mongodb-org -y

Once MongoDB is installed, start the MongoDB service and enable it to start at system reboot:

systemctl start mongod
systemctl enable mongod

Step 5 – Install and Configure Graylog Server

By default, the Graylog server package is not available in the CentOS 8 standard repository, so you will need to create a repo for Graylog.

You can install the Graylog repo using the following command:

dnf install https://packages.graylog2.org/repo/packages/graylog-3.2-repository_latest.rpm -y

Once the repository is created, you can install the Graylog server with the following command:

dnf install graylog-server -y

After installing Graylog server, you will need to generate a secret key for Graylog. You can generate it with the following command:

pwgen -N 1 -s 96

Output:

un5R8H7vmoq1japNYvHD2pEkawKyBzZpWeFsfVEk4Ustl5sWPtcdMbgTV18mHyqBnBK0sk83fcEmceTtyNzxntWqWhNPYe9N

You will also need to generate a secure password for Graylog. You can generate it with the following command:

echo -n your-password | shasum -a 256

You should get the following output:

616384da8ed2fb86db3462ec827bc433256324e323a2438f48ae32930e707065 -

Note: You can use this password “your-password” to log in to the Graylog web interface.

Next, edit the Graylog main configuration file and define your secret key, password, and other settings:

nano /etc/graylog/server/server.conf

Change the following lines:

password_secret = un5R8H7vmoq1japNYvHD2pEkawKyBzZpWeFsfVEk4Ustl5sWPtcdMbgTV18mHyqBnBK0sk83
fcEmceTtyNzxntWqWhNPYe9N
root_username = admin
root_password_sha2 = 616384da8ed2fb86db3462ec827bc433256324e323a2438f48ae32930e707065
root_timezone = UTC
http_bind_address = your-server-ip:9000

Save and close the file, then reload the systemd daemon with the following command:

systemctl daemon-reload

Next, start the Graylog service and enable it to start at system reboot with the following command:

systemctl start graylog-server
systemctl enable graylog-server

You can check the Graylog server log to verify whether the Graylog server is started or not:

tail -f /var/log/graylog-server/server.log

If the Graylog server is started successfully, you should get the following output:

2020-10-02T11:46:15.649-04:00 INFO [InputSetupService] Triggering launching persisted inputs, 
node transitioned from Uninitialized [LB:DEAD] to Running [LB:ALIVE]
2020-10-02T11:46:15.654-04:00 INFO [ServerBootstrap] Graylog server up and running.

At this point, the Graylog server is started and listening on port 9000.

Step 6 – Access Graylog Interface

Now, you can access the Graylog web interface using the URL http://your-server-ip:9000. You should see the Graylog login page:

Provide your admin username and password and click on the Signin button. You should see the Graylog dashboard on the following page:

Conclusion

Congratulations! You have successfully installed and configured the Graylog server on CentOS 8. You can now configure your Graylog server to receive Rsyslog logs from external servers. For more information, you can visit the Graylog documentation. Get started with Graylog today on VPS Hosting from Atlantic.Net.

Get A Free To Use Cloud VPS

Free Tier Includes:
G3.2GB Cloud VPS Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year


Looking for a Hosting Solution?

We Provide Cloud, Dedicated, & Colocation.

  • Seven Global Data Center Locations.
  • Flexible Private, Public, & Hybrid Hosting.
  • 24x7x365 Security, Support, & Monitoring.
Contact Us Now! Med Tech Award FTC
SOC Audit HIPAA Audit HITECH Audit

Recent Posts

Major SMS Company Hacked
How to Install WordPress with SlickStack on Ubuntu 20.04
Top 10 Linux Distributions
How To Create a New User and Grant Permissions in MySQL8 on CentOS8
Top 10 Remote Management Tools

Get started with 12 months of free cloud VPS hosting

Free Tier includes:
G3.2GB Cloud VPS Server Free to Use for One Year
50 GB of Block Storage Free to Use for One Year
50 GB of Snapshots Free to Use for One Year


New York, NY

100 Delawanna Ave, Suite 1

Clifton, NJ 07014

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

Ashburn, VA

1807 Michael Faraday Ct,

Reston, VA 20190

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4

Canada

London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom

Resources