How to install graylog2


AllCloud Blog:
Cloud Insights and Innovation

Tested On

OS: CentOS 6.3 x86_64
Graylog2-Server Version: 0.11.0
Graylog2-web-interface: 0.11.0
Hardware: Virtual Box 4.2.10

About

Graylog2 is an open source software to manage your logs and get the most out of them.

In this guide I will show how to install graylog2 server with elasticsearch and mongodb on the same server.

Prerequisite

  • Install depndencies packages
yum install make wget java-1.7.0-openjdk openssl-devel libyaml-devel httpd git ImageMagick ImageMagick-devel libxml2-devel libxslt-devel gcc-c++ curl-devel httpd-devel apr-devel apr-util-devel -y
  • Download and install Ruby
mkdir /usr/local/src/graylog2
cd /usr/local/src/graylog2
wget https://ftp.ruby-lang.org/pub/ruby/1.9/ruby-1.9.2-p320.tar.gz
tar xzf ruby-1*
cd ruby-1*
./configure && make && make install
cd ext/openssl/
ruby extconf.rb
make && make install
  • Install required gems
gem install passenger bundler --no-rdoc --no-ri
  • Download and extract ElasticSearch
cd /usr/local/src/graylog2
wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-0.20.4.tar.gz -O elasticsearch.tar.gz
tar zxf elasticsearch.tar.gz 
rm -f elasticsearch.tar.gz
mv elasticsearch-* /opt/elasticsearch
wget https://github.com/elasticsearch/elasticsearch-servicewrapper/tarball/master -O elasticsearch-servicewrapper.tar.gz
tar zxf  elasticsearch-servicewrapper.tar.gz
rm -f  elasticsearch-servicewrapper.tar.gz
mv *servicewrapper*/service /opt/elasticsearch/bin/
/opt/elasticsearch/bin/service/elasticsearch install
  • Configure ElasticSearch
vi /opt/elasticsearch/config/elasticsearch.yml
cluster.name: graylog2
  • Start ElasticSearch
service elasticsearch start
  • Install MongoDB, configure it to start at boot and start MongoDB
rpm -ihv https://www.mirrorservice.org/sites/dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
yum install mongodb mongodb-server -y
chkconfig mongod on
service mongod start
  • Configure MongoDB (change user and password to your own requirements)
mongo
use admin
db.addUser('admin', 'humus234')
db.auth('admin', 'humus234')
use graylog2
db.addUser('graylog', 'graylog')
db.auth('graylog', 'graylog')
exit

Install Graylog2

  • Download and extract graylog2-server
cd /usr/local/src/graylog2
wget https://download.graylog2.org/graylog2-server/graylog2-server-0.11.0.tar.gz -O graylog2-server.tar.gz
tar zxf graylog2-server.tar.gz
rm -f graylog2-server.tar.gz
mv graylog2-server-* /opt/graylog2-server
cd /opt/graylog2-server
  • Configure Graylog2  and start Graylog2 Server
cp elasticsearch.yml.example /etc/graylog2-elasticsearch.yml
cp graylog2.conf.example /etc/graylog2.conf
vi  /etc/graylog2.conf (change user and password to your own requirements)
...
mongodb_user = graylog
mongodb_password = graylog
...
  • Create Graylog2 Server start script
vi /etc/init.d/graylog2-server
#!/bin/bash
#
# graylog2-server:   graylog2 message collector
#
# chkconfig: - 98 02
# description:  This daemon start graylog2-server
#

# Source function library.
. /etc/rc.d/init.d/functions

CMD=$1
NOHUP=`which nohup`

STOP_TIMEOUT=30
BINARY=java
PROG=graylog2-server

HOME_DIR=/opt/graylog2-server
LOG_FILE=${HOME_DIR}/log/${PROG}.log
JAR_FILE=graylog2-server.jar
GRAYLOG2_CONFIG_SH=${GRAYLOG2CTL_DIR}/bin/graylog2_config.sh
CONF_FILE=/etc/graylog2.conf
PID_FILE=/var/run/graylog2.pid

[ -f $GRAYLOG2_CONFIG_SH ] && . $GRAYLOG2_CONFIG_SH

start() {
        graylog2_status > /dev/null 2>&1
        if [ ${RETVAL} -eq 3 ]
        then
                echo "Starting ${PROG} ..."
                cd ${HOME_DIR}
                $NOHUP > /dev/null 2>&1 ${BINARY} -jar ${JAR_FILE} -f ${CONF_FILE} -p ${PID_FILE} >> ${LOG_FILE} &
                RETVAL=0
        else
                echo "${PROG} is already running"
        fi
}

stop() {
        echo -n $"Stopping $PROG: "
        killproc -p ${PID_FILE} -d ${STOP_TIMEOUT} ${PROG}
        RETVAL=$?
        echo
        [ $RETVAL = 0 ] && rm -f ${PID_FILE}
}

graylog2_status() {
        status -p ${PID_FILE} ${PROG}
        RETVAL=$?
}

restart() {
    echo "Restarting ${PROG} ..."
    stop
    start
}

case "$CMD" in
    start)
        start
        ;;
    stop)
        stop
        ;;
    restart)
        restart
        ;;
    status)
        graylog2_status
        ;;
    *)
        echo "Usage $0 {start|stop|restart|status}"
        RETVAL=1
esac

exit ${RETVAL}
  • Configure Graylog2 Server to start at boot and start it
chmod +x /etc/init.d/graylog2-server
chkconfig --add graylog2-server 
chkconfig graylog2-server on 
service graylog2-server start
  • Download and extract Graylog2-Web-Interface
cd /usr/local/src/graylog2
wget https://download.graylog2.org/graylog2-web-interface/graylog2-web-interface-0.11.0.tar.gz -O graylog2-web-interface.tar.gz
tar zxf graylog2-web-interface.tar.gz
rm -f graylog2-web-interface.tar.gz
mv graylog2-web-interface-* /var/www/graylog2-web-interface
chown -R apache:apache /var/www/graylog2-web-interface
  • Install graylog2-webinterface dependencies
cd /var/www/graylog2-web-interface
bundle install --without=development
  • Install Passenger module for apache
cd /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.19/bin
./passenger-install-apache2-module
  • Configure and restart apache
vi /etc/httpd/conf/httpd.conf
...
#<VirtualHost *:80>
#    ServerAdmin webmaster@dummy-host.example.com
#    DocumentRoot /www/docs/dummy-host.example.com
#    ServerName dummy-host.example.com
#    ErrorLog logs/dummy-host.example.com-error_log
#    CustomLog logs/dummy-host.example.com-access_log common
#</VirtualHost>

LoadModule passenger_module /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.19/ext/apache2/mod_passenger.so
PassengerRoot /usr/local/lib/ruby/gems/1.9.1/gems/passenger-3.0.19
PassengerRuby /usr/local/bin/ruby

<VirtualHost *:80>
        ServerAdmin admin@humus234.local
        ServerName graylog2.local
        DocumentRoot /var/www/graylog2-web-interface/public

        <Directory "/var/www/graylog2-web-interface/public">
                AllowOverride all
                Order deny,allow
                Allow from all
                Options -MultiViews
        </Directory>
</VirtualHost>
  • Configure apache to run at boot ant start it
chkconfig httpd on
service httpd start
  • Configure DNS name graylog2.humus234.local to resolve the IP address of the graylog2 server (DNS or hosts file)
  • Browse to https://graylog2.humus234.local and create first user

That’s all. Now you need to configure your servers to send logs to graylog2 server and you can work with your new Graylog2 system to analyze logs data.
Here is a couple of guides to send logs to graylog2:

If you want to build graylog2 server that will handle high traffic you can use graylog2-radio with RabbitMQ. You can start with the following guide: Graylog2-Radio Installation

More guides in Graylog2 Category.

Please visit https://www.graylog2.org for more information about Graylog2 configuration and usage.

Lahav Savir

Founder and CTO, Cloud Platforms

Read more posts by Lahav Savir