Graylog

Graylog

Graylog 5

Install

RHEL 7.x/8.x (and Compatible)

sudo yum list graylog-server --showduplicates

sudo yum install graylog-server-5.1.0

RHEL 9.x (and Compatible), Fedora, CentOS Stream

sudo dnf list graylog-server --showduplicates

sudo dnf install graylog-server-5.1.0 

systemctl start graylog-server  

### mongodb

vim /etc/yum.repos.d/mongodb-org.repo  

[mongodb-org-6.0] 

name=MongoDB Repository 

baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/6.0/x86_64/ 

gpgcheck=1 

enabled=1 

gpgkey=https://www.mongodb.org/static/pgp/server-6.0.asc 

yum install mongodb-org 

### Opensearch

sudo curl -SL https://artifacts.opensearch.org/releases/bundle/opensearch/2.x/opensearch-2.x.repo -o /etc/yum.repos.d/opensearch-2.x.repo 

yum install opensearch

Edit /etc/opensearch/jvm.options both Xms and Xmx to half system memory.

sudo sysctl -w vm.max_map_count=262144

sudo echo 'vm.max_map_count=262144' >> /etc/sysctl.conf

sudo systemctl daemon-reload 

sudo systemctl enable opensearch 

sudo systemctl start opensearch 

sudo systemctl status opensearch 

### Graylog server

generate pw

echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1 

edit /etc/graylog/server/server.conf ,

paste pw > root_password_sha2 field

### set timzeone

graylog-server> timedatectl set-timezone Etc/UTC 

### send data to Server

create new Index "syslog"

on server, System > Input > new UDP Syslog Input (runs on port 1514)

create new Stream, pin it to Sylog Input ID

send syslog via rsyslog

on client node add to

/etc/rsyslog.d/60-graylog.conf

knows Graylog server as 192.168.56.10

*.*@192.168.56.10:1514;RSYSLOG_SyslogProtocol23Format 

save + restart create new Stream "syslog"