Graylog
Graylog
Graylog 5
Install
RHEL 7.x/8.x (and Compatible)
sudo yum list graylog-server --showduplicates
sudo yum install graylog-server-5.1.0
RHEL 9.x (and Compatible), Fedora, CentOS Stream
sudo dnf list graylog-server --showduplicates
sudo dnf install graylog-server-5.1.0
systemctl start graylog-server
### mongodb
vim /etc/yum.repos.d/mongodb-org.repo
[mongodb-org-6.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/6.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-6.0.asc
yum install mongodb-org
### Opensearch
sudo curl -SL https://artifacts.opensearch.org/releases/bundle/opensearch/2.x/opensearch-2.x.repo -o /etc/yum.repos.d/opensearch-2.x.repo
yum install opensearch
Edit /etc/opensearch/jvm.options both Xms and Xmx to half system memory.
sudo sysctl -w vm.max_map_count=262144
sudo echo 'vm.max_map_count=262144' >> /etc/sysctl.conf
sudo systemctl daemon-reload
sudo systemctl enable opensearch
sudo systemctl start opensearch
sudo systemctl status opensearch
### Graylog server
generate pw
echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
edit /etc/graylog/server/server.conf ,
paste pw > root_password_sha2 field
### set timzeone
graylog-server> timedatectl set-timezone Etc/UTC
### send data to Server
create new Index "syslog"
on server, System > Input > new UDP Syslog Input (runs on port 1514)
create new Stream, pin it to Sylog Input ID
send syslog via rsyslog
on client node add to
/etc/rsyslog.d/60-graylog.conf
knows Graylog server as 192.168.56.10
*.*@192.168.56.10:1514;RSYSLOG_SyslogProtocol23Format
save + restart create new Stream "syslog"