AlmaLinux 9

How to Install Graylog: The Ultimate Guide for AlmaLinux 9

HomeAlmaLinux 9How to Install Graylog: The Ultimate Guide for AlmaLinux 9

Welcome to the ultimate guide on how to install Graylog, the powerful centralized log management system, on your AlmaLinux 9 server. In this step-by-step tutorial, we will walk you through the installation process, from setting up repositories to configuring firewalld and SELinux. By the end of this guide, you will have a fully functional Graylog server ready to capture, store, and analyze your logs efficiently.

Prerequisites

Before we begin, let’s make sure you have everything you need to successfully install Graylog on your AlmaLinux 9 server:

  • An AlmaLinux 9 server with at least 4 GB of memory (We recommend using Shape.host’s Cloud VPS service for optimal performance).
  • A non-root user with administrator privileges.

Setting Up Repositories

To start the installation process, we will first add the necessary repositories to your AlmaLinux 9 machine. These repositories include MongoDB 6.x, Opensearch 2.x, and the Graylog 5.x repository.

  1. Install the curl package by running the following command:
sudo dnf install curl -y
  1. Add the MongoDB repository by executing the following command:
cat <<EOF | sudo tee /etc/yum.repos.d/mongodb-org-6.repo
[mongodb-org-6.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/9/mongodb-org/6.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-6.0.asc
EOF
  1. Add the Opensearch repository by running the following command:
sudo curl -SL https://artifacts.opensearch.org/releases/bundle/opensearch/2.x/opensearch-2.x.repo -o /etc/yum.repos.d/opensearch-2.x.repo
  1. Add the Graylog repository to your system with the command:
sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-5.1-repository_latest.rpm
  1. Verify the available repositories by executing the following command:
sudo dnf repolist

You should see the repositories for MongoDB 6.x, Opensearch 2.x, and Graylog 5.x listed.

Installing Dependencies

After adding the repositories, it’s time to install the necessary dependencies for Graylog, including MongoDB and Opensearch.

  1. Install MongoDB and Opensearch by running the following command:
sudo dnf install mongodb-org opensearch -y
  1. Reload the systemd manager with the command:
sudo systemctl daemon-reload
  1. Start and enable the MongoDB service by executing:
sudo systemctl start mongod
sudo systemctl enable mongod
  1. Start and enable the Opensearch service with the following commands:
sudo systemctl start opensearch
sudo systemctl enable opensearch
  1. Verify the status of both MongoDB and Opensearch services by running:
sudo systemctl status mongod
sudo systemctl status opensearch

Ensure that both services are active (running).

Configuring Opensearch

Now that MongoDB and Opensearch are installed, let’s configure Opensearch as the default search engine for Graylog.

  1. Open the Opensearch configuration file /etc/opensearch/opensearch.yml using your preferred text editor:
sudo nano /etc/opensearch/opensearch.yml
  1. Uncomment the cluster.name parameter and set it to a name for your Opensearch cluster. For example:
cluster.name: graylog
  1. Uncomment the node.name parameter and set it to the hostname of your system:
node.name: graylog-alma
  1. Uncomment the network.host parameter and set it to your internal IP address:
network.host: 192.168.10.20
  1. Add the following lines to the configuration file to set up Opensearch as a single node/server and disable auto index creation and the security plugin:
discovery.type: single-node
action.auto_create_index: false
plugins.security.disabled: true
  1. Save the file and exit the text editor.
  2. Open the JVM options file /etc/opensearch/jvm.options:
sudo nano /etc/opensearch/jvm.options
  1. Set the maximum memory allocation for Opensearch by changing the -Xms and -Xmx parameters. For example:
-Xms2g
-Xmx2g
  1. Save the file and exit the text editor.
  2. Update the path for Opensearch in the file /usr/lib/tmpfiles.d/opensearch.conf: 
    sudo nano /usr/lib/tmpfiles.d/opensearch.conf
  3. Change the default path /var/run/opensearch to /run/opensearch: 
    /run/opensearch
  4. Save the file and exit the text editor.
  5. Increase the vm.max_map_count to the required value by running: 
    sudo sysctl -w vm.max_map_count=262144
sudo echo 'vm.max_map_count=262144'>> /etc/sysctl.conf
  6. Restart the Opensearch service to apply the changes: 
    sudo systemctl restart opensearch
  7. Verify that Opensearch is running by accessing it through the web browser: 
    curl 192.168.10.20:9200

    You should see detailed information about your Opensearch installation.Note: Replace 192.168.10.20 with your internal IP address.

With Opensearch successfully configured, let’s move on to installing and configuring the Graylog server.

Installing and Configuring Graylog Server

In this section, we will install Graylog server v5.x and configure it as a centralized log management system on your AlmaLinux 9 machine.

  1. Install the Graylog server package using the following command:
sudo dnf install graylog-server -y
  1. Import the GPG key of the Graylog repository by running:
sudo rpm --import https://packages.graylog2.org/repo/packages/graylog-5.1-repository_latest.rpm
  1. Generate a password_secret for the Graylog server by executing the following command:
echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1

Copy the generated password_secret as you will need it later.

  1. Generate  a root_password_sha2 for your Graylog server by running:
echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1

Enter a password and copy the generated root_password_sha2.

  1. Open the Graylog configuration file /etc/graylog/server/server.conf:
sudo nano /etc/graylog/server/server.conf
  1. Set the password_secret parameter to the generated password_secret:
password_secret = YOUR_GENERATED_PASSWORD_SECRET

Replace YOUR_GENERATED_PASSWORD_SECRET with the actual password_secret.

  1. Replace the root_password_sha2 with the generated root_password_sha2:
root_password_sha2 = YOUR_GENERATED_ROOT_PASSWORD_SHA2

Replace YOUR_GENERATED_ROOT_PASSWORD_SHA2 with the actual rootpasswordsha2.

  1. Uncomment the http_bind_address parameter and set it to your internal IP address followed by the Graylog server port (default is 9000):
http_bind_address = 192.168.10.20:9000

Replace 192.168.10.20 with your internal IP address.

  1. Save the file and exit the text editor.
  2. Reload the systemd manager: 
    sudo systemctl daemon-reload
  3. Start and enable the Graylog server: 
    sudo systemctl start graylog-server
sudo systemctl enable graylog-server
  4. Verify the status of the Graylog server: 
    sudo systemctl status graylog-server

    Ensure that the Graylog server is active (running).

  5. Check the list of open ports on your system to verify that port 9000 is available: 
    sudo ss -tulpn | grep 9000

With the Graylog server installed and configured, let’s move on to configuring firewalld and SELinux.

Configuring Firewalld and SELinux

To ensure proper security and access to the Graylog server, we need to configure firewalld and SELinux.

  1. Install SELinux management tools by running:
sudo dnf install policycoreutils policycoreutils-python-utils -y
  1. Add SELinux policies and allow ports for Graylog, MongoDB, and Opensearch:
sudo setsebool -P httpd_can_network_connect1
sudo semanage port -a -t http_port_t -p tcp 9000
sudo semanage port -a -t http_port_t -p tcp 9200
sudo semanage port -a- t mongod_port_t -p tcp 27017
  1. Add Graylog server port 9000 to firewalld and reload it:
sudo firewall-cmd --add-port=9000/tcp --permanent
sudo firewall-cmd --reload
  1. Verify the list of firewalld rules to ensure that port 9000 is available:
sudo firewall-cmd --list-all

With firewalld and SELinux configured, you are now ready to access your Graylog server.

Accessing Graylog Server

After all the configurations, you can finally access your Graylog server and start utilizing its powerful log management capabilities.

  1. Launch your preferred web browser and enter the following URL, replacing 192.168.10.20 with your internal IP address:
http://192.168.10.20:9000/
  1. You should now see the Graylog login page. Log in with the default username admin and the password you generated earlier.
  2. Upon successful login, you will be directed to the Graylog administration dashboard, where you can start exploring and analyzing your logs.

Congratulations! You have successfully installed and configured Graylog on your AlmaLinux 9 server. You can now leverage its powerful log management capabilities to gain insights and monitor your infrastructure effectively.

If you require further assistance or want to explore more advanced features, consider reaching out to Shape.host’s support team, experts in cloud VPS hosting, and log management solutions.

Shape.host is a leading provider of Cloud VPS services, offering high-performance and reliable hosting solutions tailored to your needs. Visit Shape.host to learn more about their services.

Tags:
Christian Wells

Older Post

Optimize Remote Access: Install VNC Server on AlmaLinux 9

Next Post

Enhance Your Healthcare System: Install OpenEMR on Ubuntu 22.04

Related Product

How to Install Plane.so on AlmaLinux 9 with Docker Compose

How to Install Focalboard on AlmaLinux 9