Install Graylog on Rocky Linux 8 [Step-by-Step]


Rocky Linux

Install Graylog on Rocky Linux 8

Welcome to this guide where we shall be discussing how to set up Graylog server on Rocky Linux 8. Graylog is an open-source project for a solution that can be used for centralized log analysis. With Graylog, we can easily gather logs to one place, analyze them using Elasticsearch and visualize them on the Graylog dashboard.

For system administrators, logs are one of the quickest ways to pinpoint a root cause of a system failure or to forecast one. It is however a tedious task to manually gather logs and analyze them. This is where Graylog comes in.

 

Graylog comprises four open-source components. These are:

  1. Elasticsearch - This is the engine that indexes and analyses the logs.
  2. MongoDB - This is a NoSQL database that is used to store the analyzed data and cluster configs.
  3. Java - This is the runtime environment for Elasticsearch and Graylog.
  4. Graylog server - The application that is used for visualization of the analyzed data.

You can also use Nginx as a reverse proxy to the Graylog server. This is if you have a fully qualified domain name, FQDN, and would like to secure your connections using SSL.

Follow the steps below to set up your Graylog server on Rocky Linux 8.

 

Prerequisites

Before we can proceed with the installation and configuration, we first need to make sure that our system passes the below minimum requirements.

  • 4 GB RAM
  • 2 CPUs
  • 50 GB / disk
  • Port 9000 allowed through the firewall

 

Step 1 - Install OpenJDK on Rocky Linux 8

We need to install Java Runtime Environment on Rocky Linux 8 to enable us to run Elasticsearch and Graylog.

Get OpenJDK-11 from Rocky Linux's base repositories:

$ sudo dnf install java-11-openjdk-devel
....
Installing weak dependencies:
 abattis-cantarell-fonts                      noarch                    0.0.25-6.el8                                           appstream                    154 k
 dconf                                        x86_64                    0.28.0-4.el8                                           appstream                    107 k
 gtk3                                         x86_64                    3.22.30-6.el8                                          appstream                    4.5 M
Enabling module streams:
 javapackages-runtime                                                   201801

Transaction Summary
====================================================================================================
Install  72 Packages

Total download size: 70 M
Installed size: 251 M
Is this ok [y/N]: y

Verify that Java has been installed on your Rocky Linux 8 instance:

$ java -version
openjdk version "11.0.12" 2021-07-20 LTS
OpenJDK Runtime Environment 18.9 (build 11.0.12+7-LTS)
OpenJDK 64-Bit Server VM 18.9 (build 11.0.12+7-LTS, mixed mode, sharing)

 

Step 2 - Install Elasticsearch 7.x

The next step is to install Elasticsearch version 7.x on Rocky Linux 8. Before we can do that, we need to add the Elasticsearch 7.x repo to our system. Run the command below to achieve that:

cat <<EOF | sudo tee /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-7.x]
name=Elasticsearch repository for 7.x packages
baseurl=https://artifacts.elastic.co/packages/7.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md
EOF

After setting up the repo, we will then import the GPG key for the same:

rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

We can now install Elasticsearch 7.x as shown below:

[root@rocky ~]# sudo dnf install -y elasticsearch
Elasticsearch repository for 7.x packages                                2.5 MB/s |  29 MB     00:11    
Last metadata expiration check: 0:00:17 ago on Sat 28 Aug 2021 03:07:09 AM EDT.
Dependencies resolved.
=================================================================
 Package                   Architecture       Version                Repository                     Size
=================================================================
Installing:
 elasticsearch             x86_64             7.14.0-1               elasticsearch-7.x             328 M

Transaction Summary
=================================================================
Install  1 Package

Total download size: 328 M
Installed size: 537 M

After a successful installation, you may want to verify the version of Elasticsearch installed to your system:

[root@rocky ~]# rpm -qi elasticsearch

Sample Output:
Install Graylog on Rocky Linux 8 [Step-by-Step]

 

Step 3 - Configure Elasticsearch on Rocky Linux 8

We need to change a few variables on our Elasticsearch configuration files to suit the Graylog application.

Change the cluster name of Elasticsearch to graylog.

$ sudo vim /etc/elasticsearch/elasticsearch.yml
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: graylog
#

You can also modify the Java memory options by editing the file /etc/elasticsearch/jvm.options

-Xms1g
-Xmx1g

The above lines show that the maximum JVM memory requirement has been set to 1GB. You can set a higher or lower capacity, depending on your system's capabilities.

Finally, start and enable Elasticsearch.

sudo systemctl daemon-reload
sudo systemctl enable --now elasticsearch.service

You can send an HTTP GET request to verify that Elasticsearch is ready to receive requests:

[root@rocky ~]# curl http://127.0.0.1:9200 

Sample Output:
Install Graylog on Rocky Linux 8 [Step-by-Step]

 

Step 4 - Install MongoDB 4 Server on Rocky Linux 8

Install MongoDB 4 on your Rocky Linux instance. Add the MongoDB repo first:

cat <<EOF | sudo tee /etc/yum.repos.d/mongodb-org-4.repo
[mongodb-org-4]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.4.asc
EOF

Then finally install MongoDB 4

[root@rocky ~]# sudo dnf install -y mongodb-org
MongoDB Repository                                                        17 kB/s |  28 kB     00:01    
Dependencies resolved.
=========================================================================================================
 Package                            Arch     Version                               Repository       Size
=========================================================================================================
Installing:
 mongodb-org                        x86_64   4.4.8-1.el8                           mongodb-org-4    11 k
Installing dependencies:
 cyrus-sasl                         x86_64   2.1.27-5.el8                          baseos           95 k
 cyrus-sasl-gssapi                  x86_64   2.1.27-5.el8                          baseos           49 k
 cyrus-sasl-plain                   x86_64   2.1.27-5.el8                          baseos           46 k
 mongodb-database-tools             x86_64   100.5.0-1                             mongodb-org-4    47 M
 mongodb-org-database-tools-extra   x86_64   4.4.8-1.el8                           mongodb-org-4    23 k
 mongodb-org-mongos                 x86_64   4.4.8-1.el8                           mongodb-org-4    17 M
 mongodb-org-server                 x86_64   4.4.8-1.el8                           mongodb-org-4    22 M
 mongodb-org-shell                  x86_64   4.4.8-1.el8                           mongodb-org-4    14 M
 mongodb-org-tools                  x86_64   4.4.8-1.el8                           mongodb-org-4    11 k
 python3-pip                        noarch   9.0.3-19.el8.rocky                    appstream        19 k
 python3-setuptools                 noarch   39.2.0-6.el8                          baseos          162 k
 python36                           x86_64   3.6.8-2.module+el8.4.0+597+ddf0ddea   appstream        18 k
Enabling module streams:
 python36                                    3.6                                                        

Transaction Summary
=========================================================================================================
Install  13 Packages

Total download size: 100 M

 

Start MongoDB service and enable it to run on reboot

sudo systemctl enable --now mongod

Verify that MongoDB service has started:

[root@rocky ~]# systemctl status mongod
● mongod.service - MongoDB Database Server
   Loaded: loaded (/usr/lib/systemd/system/mongod.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2021-08-28 03:17:17 EDT; 27s ago
     Docs: https://docs.mongodb.org/manual
  Process: 3650 ExecStart=/usr/bin/mongod $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 3647 ExecStartPre=/usr/bin/chmod 0755 /var/run/mongodb (code=exited, status=0/SUCCESS)
  Process: 3646 ExecStartPre=/usr/bin/chown mongod:mongod /var/run/mongodb (code=exited, status=0/SUCCESS)
  Process: 3644 ExecStartPre=/usr/bin/mkdir -p /var/run/mongodb (code=exited, status=0/SUCCESS)
 Main PID: 3652 (mongod)
   Memory: 125.7M
   CGroup: /system.slice/mongod.service
           └─3652 /usr/bin/mongod -f /etc/mongod.conf

Aug 28 03:17:16 rocky systemd[1]: Starting MongoDB Database Server...
Aug 28 03:17:16 rocky mongod[3650]: about to fork child process, waiting until server is ready for connections.
Aug 28 03:17:16 rocky mongod[3650]: forked process: 3652
Aug 28 03:17:17 rocky mongod[3650]: child process started successfully, parent exiting
Aug 28 03:17:17 rocky systemd[1]: Started MongoDB Database Server

 

Step 5. Install Graylog Server on Rocky Linux 8

After installing the other dependencies, we need to install Graylog server.

We need to download and install Graylog repo as follows:​

# rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-4.1-repository_latest.rpm

Sample output:

Install Graylog on Rocky Linux 8 [Step-by-Step]

Now install Graylog server on Rocky Linux 8:

[root@rocky ~]# dnf install -y graylog-server
graylog                                                                  2.2 kB/s | 7.6 kB     00:03    
Dependencies resolved.
=========================================================================================================
 Package                       Architecture          Version                Repository              Size
=========================================================================================================
Installing:
 graylog-server                noarch                4.1.3-1                graylog                188 M

Transaction Summary
=========================================================================================================
Install  1 Package

Total download size: 188 M
Installed size: 188 M

Verify that the installation was successful by checking the RPM files installed

# rpm -qi graylog-server

Sample Output:
Install Graylog on Rocky Linux 8 [Step-by-Step]

 

Step 6 - Configure Graylog Server

The next step is to configure the credentials for Graylog server admin login. We are required to configure a password_secret and a root_password_sha2.

Install pwgen utility to assist you to generate a random password of 96 characters.

sudo dnf install -y epel-release
sudo dnf install -y pwgen

Generate a random password of 96 characters:

sudo pwgen -N 1 -s 96

You should get an output similar to:

root@rocky:~# pwgen -N 1 -s 96
x7WrtpHwuGFR1awjy3amUhStUmH9BeqybchdYd3lJHR2ZxpMNvuydpCussgzimBOT6p7HRhkA3QPFZcbsGaLpt4BPsnwdk3n

Copy the generated password to a text editor. This password will be used in the next few steps.

Next, create a sha2 password encryption for a password that you will use to login to the Graylog instance:

$ echo -n Str0ngP@ssw0rd | sha256sum

You should get an output such as the one below:

$ echo -n Str0ngP@ssw0rd | sha256sum
a5bd1f14adcda15f127a87b8ebc5a705232ec2c9f83d6447b5f958f7d4580a56  -​

Copy the 96-character password and the sha2 password then paste them in the file /etc/graylog/server/server.conf for the entries of password_secret and root_password_sha2 respectively.

$ sudo vi /etc/graylog/server/server.conf
....
password_secret= x7WrtpHwuGFR1awjy3amUhStUmH9BeqybchdYd3lJHR2ZxpMNvuydpCussgzimBOT6p7HRhkA3QPFZcbsGaLpt4BPsnwdk3n
root_password_sha2 = a5bd1f14adcda15f127a87b8ebc5a705232ec2c9f83d6447b5f958f7d4580a56
....

Sample Output:

Install Graylog on Rocky Linux 8 [Step-by-Step]

 

Configure Graylog to ping the port on the IP of the server, or you can use 0.0.0.0 for Graylog to use any IP.

$ sudo vi /etc/graylog/server/server.conf

# If the port is omitted, Graylog will use port 9000 by default.
#
# Default: 127.0.0.1:9000
http_bind_address = 0.0.0.0:9000

Start and enable Graylog service:

systemctl daemon-reload
systemctl start graylog-server
systemctl enable graylog-server

Verify that Graylog service is up and running:

[root@rocky ~]# systemctl status graylog-server
● graylog-server.service - Graylog server
   Loaded: loaded (/usr/lib/systemd/system/graylog-server.service; disabled; vendor preset: disabled)
   Active: active (running) since Sat 2021-08-28 03:25:26 EDT; 1min 14s ago
     Docs: http://docs.graylog.org/
 Main PID: 3972 (graylog-server)
    Tasks: 110 (limit: 11388)
   Memory: 801.1M
   CGroup: /system.slice/graylog-server.service
           ├─3972 /bin/sh /usr/share/graylog-server/bin/graylog-server
           └─4009 /usr/bin/java -Xms1g -Xmx1g -XX:NewRatio=1 -server -XX:+ResizeTLAB -XX:-OmitStackTraceInFastThrow

 

Step 7 - Configure Firewall

We need to configure the firewall to allow traffic through port 9000 for Graylog server.

firewall-cmd --zone=public --add-port=9000/tcp --permanent
firewall-cmd --reload

 

Step 8 - Access Graylog server Web interface

We are now ready to access Graylog server through the web interface. Navigate to http://<Graylog-server-IP>:9000

You should land to a login page. The credentials for the Graylog server will be:

username: admin
password: The plain password you set at the root_password_sha2

Sample Output:

Install Graylog on Rocky Linux 8 [Step-by-Step]

 

You can now proceed to creating your dashboards and visualizing your logs.

Install Graylog on Rocky Linux 8 [Step-by-Step]

 

Conclusion

The steps above have summarized how to set up Graylog server on Rocky Linux. As we have seen, the steps are straight forward easy to follow. Please feel free to reach out in case you encounter any challenge setting this up.

 

Deepak Prasad

Deepak Prasad

He is the founder of GoLinuxCloud and brings over a decade of expertise in Linux, Python, Go, Laravel, DevOps, Kubernetes, Git, Shell scripting, OpenShift, AWS, Networking, and Security. With extensive experience, he excels in various domains, from development to DevOps, Networking, and Security, ensuring robust and efficient solutions for diverse projects. You can connect with him on his LinkedIn profile.

Can't find what you're searching for? Let us assist you.

Enter your query below, and we'll provide instant results tailored to your needs.

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can send mail to admin@golinuxcloud.com

Thank You for your support!!

Leave a Comment