Manage Logs with Graylog server on Ubuntu 18.04
source link: https://computingforgeeks.com/manage-logs-with-graylog-server-on-ubuntu-18-04/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
This is a complete guide on How to Install and Configure Graylog 3 Server on Ubuntu 18.04 for Centralized Log management. Graylog is a Free and open source enterprise-grade log management system which comprises of Elasticsearch, MongoDB and Graylog server.
For CentOS 7 server, we have how to Install Graylog 3 with Elasticsearch 6.x on CentOS 7.
Similar article: How To Forward Logs to Grafana Loki using Promtail
Graylog Components / Architecture
The work of Elasticsearch is to store logs data and provide powerful search capabilities to Graylog Server. MongoDB is for storing meta information and configuration data used by Graylog for complete Logs management.
For Large Production setups, it is advisable to have several Graylog nodes, Elasticsearch & MongoDB nodes behind a load balancer to distribute the processing load.
Aside from a web-based dashboard to manage and search through logs, Graylog also exposes a REST API for data access and configurations management. Below is a basic architectural overview of Graylog architecture.
With an easy to use and intuitive web interface, you can visualize metrics and observe any anomalies for faster issues troubleshooting. In this guide, you’ll learn how to install and configure Graylog 3 on Ubuntu 18.04 Server.
Step 1: Update system
It is a rule of thumb to update your system before installing any packages. This is recommended to avoid any dependency issues:
sudo apt update
sudo apt -y upgrade
sudo reboot
Step 2: Install Java / OpenJDK 8
One main component/dependency of Graylog is Elasticsearch. Elasticsearch requires Java 8 installed for it to run. You can install Oracle Java or its open source alternative – OpenJDK. Here we will install OpenJDK.
sudo apt -y install vim bash-completion apt-transport-https uuid-runtime pwgen openjdk-8-jre-headless
Once installed, proceed to step 3.
Step 3: Install ElasticSearch 6.x
As of this writing, the latest release of Graylog 3 requires Elasticsearch 6.x to work. Install ElasticSearch with the commands below.
Add ElasticSearch repository:
sudo apt update
sudo apt -y install apt-transport-https
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/oss-6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list
Install ElasticSearch 6.x on Ubuntu 18.04:
sudo apt update
sudo apt -y install elasticsearch-oss
Once the installation of Elasticsearch 6.x is complete, set cluster name for Graylog.
sudo vim /etc/elasticsearch/elasticsearch.yml
Set on line 17
cluster.name: graylog action.auto_create_index: false
Restart the elasticsearch service:
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service
Step 4: Install MongoDB
Use below guide to Install MongoDB on Ubuntu:
How To Install MongoDB 4 on Ubuntu
Step 5: Install Graylog on Ubuntu 18.04
Now that we have installed MongoDB and Elasticsearch, the last piece is the installation of Graylog server. Add Graylog repository and install graylog-server
package using apt.
wget https://packages.graylog2.org/repo/packages/graylog-3.1-repository_latest.deb
sudo dpkg -i graylog-3.1-repository_latest.deb
sudo apt update
sudo apt -y install graylog-server
Step 6: Configure Graylog 3 on Ubuntu 18.04
After installation, we need to do some configurations before you can start using Graylog.
Generate root password:
You need to generate a 256-bit hash for the for admin user password:
$ echo -n MyStrongPassword | sha256sum 7a96004f5149811c069f40146b08cf45f45087d4530d35f7d4d88d058db9612d -
Add the given password to root_password_sha2=
line under /etc/graylog/server/server.conf
file.
$ sudo vim /etc/graylog/server/server.conf root_password_sha2 = 7a96004f5149811c069f40146b08cf45f45087d4530d35f7d4d88d058db9612d
Next is to generate and set password secret for securing stored user passwords.
$ sudo apt-get install pwgen $ pwgen -N 1 -s 96 5JdTcmGgqBUNw2oip7YZEqbZxc4UV5X8461xukUHdq9PjBYiSu1wxSeiRCk0z73tVZc9FGluZ2k0c9YXdxg5Z0buzNx58tmY $ sudo vim /etc/graylog/server/server.conf password_secret = 5JdTcmGgqBUNw2oip7YZEqbZxc4UV5X8461xukUHdq9PjBYiSu1wxSeiRCk0z73tVZc9FGluZ2k0c9YXdxg5Z0buzNx58tmY
Please run the following commands if you want to start Graylog automatically on system boot:
sudo systemctl enable graylog-server.service sudo systemctl start graylog-server.service
By default, REST API will listen on:
rest_listen_uri = http://127.0.0.1:9000/api/
and Web interface URI will be on
web_listen_uri = http://127.0.0.1:9000/
You can change it to server’s IP Address if you want to access from a network device.
Step 7: Access Graylog 3 Web Interface on Ubuntu 18.04
Access Graylog web interface using its IP Address and port 9000 – http://serverip_or_hostname:9000
Login with username admin and password set on step 6.
Step 8: Configure Nginx Proxy for Graylog
If you would like to access it using a domain, check the guide below to configure Nginx as a Graylog reverse proxy.
Configure Graylog Nginx reverse proxy with Letsencrypt SSL
A simple nginx configuration without https section is given below
$ cat /etc/nginx/conf.d/graylog.conf
server
{
server_name graylog.computingforgeeks.com;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL http://$server_name/api;
proxy_pass http://127.0.0.1:9000;
}
}
Start nginx after making the change
sudo systemctl restart nginx
Access web UI on http://domain.com
Login with username admin and password set on step 6.
The next step is to ingest messages into your Graylog and extract the messages with extractors or use the Pipelines to work with the messages.
More guides on Graylog to follow.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK