Welcome to the ultimate guide on how to install Graylog, the powerful centralized log management system, on your AlmaLinux 9 server. In this step-by-step tutorial, we will walk you through the installation process, from setting up repositories to configuring firewalld and SELinux. By the end of this guide, you will have a fully functional Graylog server ready to capture, store, and analyze your logs efficiently.
Prerequisites
Before we begin, let’s make sure you have everything you need to successfully install Graylog on your AlmaLinux 9 server:
- An AlmaLinux 9 server with at least 4 GB of memory (We recommend using Shape.host’s Cloud VPS service for optimal performance).
- A non-root user with administrator privileges.
Setting Up Repositories
To start the installation process, we will first add the necessary repositories to your AlmaLinux 9 machine. These repositories include MongoDB 6.x, Opensearch 2.x, and the Graylog 5.x repository.
- Install the
curl
package by running the following command:
sudo dnf install curl -y
- Add the MongoDB repository by executing the following command:
cat <<EOF | sudo tee /etc/yum.repos.d/mongodb-org-6.repo [mongodb-org-6.0] name=MongoDB Repository baseurl=https://repo.mongodb.org/yum/redhat/9/mongodb-org/6.0/x86_64/ gpgcheck=1 enabled=1 gpgkey=https://www.mongodb.org/static/pgp/server-6.0.asc EOF
- Add the Opensearch repository by running the following command:
sudo curl -SL https://artifacts.opensearch.org/releases/bundle/opensearch/2.x/opensearch-2.x.repo -o /etc/yum.repos.d/opensearch-2.x.repo
- Add the Graylog repository to your system with the command:
sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-5.1-repository_latest.rpm
- Verify the available repositories by executing the following command:
sudo dnf repolist
You should see the repositories for MongoDB 6.x, Opensearch 2.x, and Graylog 5.x listed.
Installing Dependencies
After adding the repositories, it’s time to install the necessary dependencies for Graylog, including MongoDB and Opensearch.
- Install MongoDB and Opensearch by running the following command:
sudo dnf install mongodb-org opensearch -y
- Reload the systemd manager with the command:
sudo systemctl daemon-reload
- Start and enable the MongoDB service by executing:
sudo systemctl start mongod sudo systemctl enable mongod
- Start and enable the Opensearch service with the following commands:
sudo systemctl start opensearch sudo systemctl enable opensearch
- Verify the status of both MongoDB and Opensearch services by running:
sudo systemctl status mongod sudo systemctl status opensearch
Ensure that both services are active (running).
Configuring Opensearch
Now that MongoDB and Opensearch are installed, let’s configure Opensearch as the default search engine for Graylog.
- Open the Opensearch configuration file
/etc/opensearch/opensearch.yml
using your preferred text editor:
sudo nano /etc/opensearch/opensearch.yml
- Uncomment the
cluster.name
parameter and set it to a name for your Opensearch cluster. For example:
cluster.name: graylog
- Uncomment the
node.name
parameter and set it to the hostname of your system:
node.name: graylog-alma
- Uncomment the
network.host
parameter and set it to your internal IP address:
network.host: 192.168.10.20
- Add the following lines to the configuration file to set up Opensearch as a single node/server and disable auto index creation and the security plugin:
discovery.type: single-node action.auto_create_index: false plugins.security.disabled: true
- Save the file and exit the text editor.
- Open the JVM options file
/etc/opensearch/jvm.options
:
sudo nano /etc/opensearch/jvm.options
- Set the maximum memory allocation for Opensearch by changing the
-Xms
and-Xmx
parameters. For example:
-Xms2g -Xmx2g
- Save the file and exit the text editor.
- Update the path for Opensearch in the file
/usr/lib/tmpfiles.d/opensearch.conf
:sudo nano /usr/lib/tmpfiles.d/opensearch.conf
- Change the default path
/var/run/opensearch
to/run/opensearch
:/run/opensearch
- Save the file and exit the text editor.
- Increase the
vm.max_map_count
to the required value by running:sudo sysctl -w vm.max_map_count=262144 sudo echo 'vm.max_map_count=262144'>> /etc/sysctl.conf
- Restart the Opensearch service to apply the changes:
sudo systemctl restart opensearch
- Verify that Opensearch is running by accessing it through the web browser:
curl 192.168.10.20:9200
You should see detailed information about your Opensearch installation.Note: Replace
192.168.10.20
with your internal IP address.
With Opensearch successfully configured, let’s move on to installing and configuring the Graylog server.
Installing and Configuring Graylog Server
In this section, we will install Graylog server v5.x and configure it as a centralized log management system on your AlmaLinux 9 machine.
- Install the Graylog server package using the following command:
sudo dnf install graylog-server -y
- Import the GPG key of the Graylog repository by running:
sudo rpm --import https://packages.graylog2.org/repo/packages/graylog-5.1-repository_latest.rpm
- Generate a
password_secret
for the Graylog server by executing the following command:
echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
Copy the generated password_secret as you will need it later.
- Generate a
root_password_sha2
for your Graylog server by running:
echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
Enter a password and copy the generated root_password_sha2
.
- Open the Graylog configuration file
/etc/graylog/server/server.conf
:
sudo nano /etc/graylog/server/server.conf
- Set the
password_secret
parameter to the generated password_secret:
password_secret = YOUR_GENERATED_PASSWORD_SECRET
Replace YOUR_GENERATED_PASSWORD_SECRET
with the actual password_secret.
- Replace the
root_password_sha2
with the generatedroot_password_sha2
:
root_password_sha2 = YOUR_GENERATED_ROOT_PASSWORD_SHA2
Replace YOUR_GENERATED_ROOT_PASSWORD_SHA2
with the actual rootpasswordsha2.
- Uncomment the
http_bind_address
parameter and set it to your internal IP address followed by the Graylog server port (default is 9000):
http_bind_address = 192.168.10.20:9000
Replace 192.168.10.20
with your internal IP address.
- Save the file and exit the text editor.
- Reload the systemd manager:
sudo systemctl daemon-reload
- Start and enable the Graylog server:
sudo systemctl start graylog-server sudo systemctl enable graylog-server
- Verify the status of the Graylog server:
sudo systemctl status graylog-server
Ensure that the Graylog server is active (running).
- Check the list of open ports on your system to verify that port 9000 is available:
sudo ss -tulpn | grep 9000
With the Graylog server installed and configured, let’s move on to configuring firewalld and SELinux.
Configuring Firewalld and SELinux
To ensure proper security and access to the Graylog server, we need to configure firewalld and SELinux.
- Install SELinux management tools by running:
sudo dnf install policycoreutils policycoreutils-python-utils -y
- Add SELinux policies and allow ports for Graylog, MongoDB, and Opensearch:
sudo setsebool -P httpd_can_network_connect1 sudo semanage port -a -t http_port_t -p tcp 9000 sudo semanage port -a -t http_port_t -p tcp 9200 sudo semanage port -a- t mongod_port_t -p tcp 27017
- Add Graylog server port 9000 to firewalld and reload it:
sudo firewall-cmd --add-port=9000/tcp --permanent sudo firewall-cmd --reload
- Verify the list of firewalld rules to ensure that port 9000 is available:
sudo firewall-cmd --list-all
With firewalld and SELinux configured, you are now ready to access your Graylog server.
Accessing Graylog Server
After all the configurations, you can finally access your Graylog server and start utilizing its powerful log management capabilities.
- Launch your preferred web browser and enter the following URL, replacing
192.168.10.20
with your internal IP address:
http://192.168.10.20:9000/
- You should now see the Graylog login page. Log in with the default username
admin
and the password you generated earlier. - Upon successful login, you will be directed to the Graylog administration dashboard, where you can start exploring and analyzing your logs.
Congratulations! You have successfully installed and configured Graylog on your AlmaLinux 9 server. You can now leverage its powerful log management capabilities to gain insights and monitor your infrastructure effectively.
If you require further assistance or want to explore more advanced features, consider reaching out to Shape.host’s support team, experts in cloud VPS hosting, and log management solutions.
Shape.host is a leading provider of Cloud VPS services, offering high-performance and reliable hosting solutions tailored to your needs. Visit Shape.host to learn more about their services.