The following description is for CentOS 5.5 and currently tle latest version of Graylog2 centralized logging platform. We will use tarball packages so that the setup wont require a priviledged user.
Here are the dependencies with the exact versions tested to be working.
- MongoDB version 2.6.1
- ElasticSearch version 0.90.13 There is a more fresh version now, though according to Graylog2 installation documentation ElasticSearch version 0.90.10 should be used to avoid compatibility issues
- Graylog2 version 0.20.2
- Graylog2 Web Interface version 0.20.2
Let's download and unpack the MongoDB package. We will use the 64 bit version for our CentOS 5.5.
$ wget http://fastdl.mongodb.org/linux/mongodb-linux-x86_64-2.6.1.tgz $ tar -xzf mongodb-linux-x86_64-2.6.1.tgz $ mv mongodb-linux-x86_64-2.6.1 mongodb
I have renamed the directory to
mongodb to make the paths simpler. The next step is to create a configuration file for MongoDB. As it does not come with an example config you can grab a great template from here.
$ cd mongodb && mkdir conf && cd conf $ wget https://raw.githubusercontent.com/andrewgross/mongo.conf/master/mongodb.conf
Make the following changes in the configurations for basic setup.
# Set the path to your data directory. # The default one wont be available if you # are not a priveledged user. dbpath = /path/to/data/directory # Comment out the replication config. # replSet = replica # Set the server as a master. master = true # Set the path to log files. logpath = /path/to/log/directory/rs.log
These are all preparations for database setup, you may go ahead and start the server now.
$ ./bin/mongod -f conf/mongodb.conf &
Create a database for Graylog2.
$ ./bin/mongo > use graylog2
Note that we have not setup authentication, as this assumes a local development server and not considers any security.
Download and extract the package in the same directory as you did. This is just for convenience, so you can choose your own directory scheme.
$ wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-0.90.13.tar.gz $ tar -xzf elasticsearch-0.90.13.tar.gz $ mv elasticsearch-0.90.13 elasticsearch $ cd elasticsearch
Let's set the elasticsearch configurations for Graylog2. The file is in the conf directory
# Change the cluster name to have the same as in the # Graylog2 configurations, which is done a bit # later in the post. cluster.name: graylog2 # Lock the memory to disable swapping. bootstrap.mlockall: true # Disable multicast discovery discovery.zen.ping.multicast.enabled: false # Set the list of hosts to look for unicast discovery discovery.zen.ping.unicast.hosts: ["localhost"]
Start the server by simply running the script in
We have finally got to step where the actual logging server to be install. Download the archive from the mentioned URL and extract in the desired directory.
I did the same with the naming of the directory as above: renamed to a shorter name.
$ wget https://github.com/Graylog2/graylog2-server/releases/download/0.20.2/graylog2-server-0.20.2.tgz $ tar -xzf graylog2-server-0.20.2.tgz $ mv graylog2-server-0.20.2 graylog2
Create a seaparate directory for the configuration file.
$ cd graylog2 && mkdir conf && cd conf
As we consider that the user you use for the installation has no priviledged access, the directories in the configuration should be chosen correspondingly with write access.
Copy the example log file into
conf/ directory and rename to
$ mv ../graylog2.conf.example ./graylog2.conf
The configurations will be as follows.
# Set the path to the auto generated node ID node_id_file = /path/to/my/node/id/graylog2-server-node-id # Generate a secret using `pwgen -s 96` command # as described in the example log file. password_secret = MyLongSecretHash # Create a root password for the server. # You can do it by running the command # suggested by example config file # echo -n yourpassword | shasum -a 256 root_password_sha2 = mypasswordhashhere # Change the number of elasticsearch shards to one elasticsearch_shards = 1 # Uncomment the cluster name. Note that it should be the # same as on the ElasticSearch configuration elasticsearch_cluster_name = graylog2 # Same with node name elasticsearch_node_name = graylog2-server # Uncomment the transport tcp port elasticsearch_transport_tcp_port = 9350 # Disable multicast search and add unicast hosts # for ElasticSearch. elasticsearch_discovery_zen_ping_multicast_enabled = false elasticsearch_discovery_zen_ping_unicast_hosts = localhost:9300 # Uncomment the MongoDB host configuration. # No authentication will be needed, because of # our MondoDB setup. mongodb_host = localhost
Best approach is to run the server in debug mode and see if there are connection or other issues.
$ java -jar graylog2-server.jar -f conf/graylog2.conf -d
Finally, if everything is fine, change the log file path in the
and start the service by the following command:
$ ./bin/graylog2ctl start
Graylog2 Web Interface
Final step to get everything up and running is to setup the web interface for the Graylog. This will allow to see all kind off statistics on the logs.
Let's download and extract the archive.
$ wget https://github.com/Graylog2/graylog2-web-interface/releases/download/0.20.2/graylog2-web-interface-0.20.2.tgz $ tar -xzf graylog2-web-interface-0.20.2.tgz $ mv graylog2-web-interface-0.20.2 graylog2-web-interface
This one comes with a config files that need only the Graylog2 server URIs and application secret
# Graylog2 server graylog2-server.uris="http://localhost:12900/ # Secret application.secret="mysecrethash"
Run the server on your desired port by the following command:
$ ./bin/graylog2-web-interface -Dhttp.port=8000 -Dhttp.address=0.0.0.0
According the command above the server should start running on port 8000 and listen to all the requests from the network.
When accessing the web interface (
http://myhost:8000) it will require the password you set in the Graylog configurations for the
root account. The user to login from admin interface is