====== Install Graylog ======


  - [[linux:install:java|Install OpenJDK JRE]]
  - [[linux:install:mongodb|]]
  - [[linux:elk:elasticsearch]] version 6.x giving the cluster name of graylog<code bash>
VERSION=6
CLUSTERNAME=graylog
</code>
  - Install Graylog:<code bash>
wget https://packages.graylog2.org/repo/packages/graylog-3.2-repository_latest.deb
sudo dpkg -i graylog-3.2-repository_latest.deb

sudo apt update

sudo apt install -y pwgen authbind graylog-server graylog-integrations-plugins

sudo systemctl daemon-reload
sudo systemctl enable graylog-server

#################################
echo -n "Enter Password: "
PASS=$(head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1)

sudo sed -i "s/password_secret =/password_secret = $(pwgen -N 1 -s 96)/g" /etc/graylog/server/server.conf
sudo sed -i "s/root_password_sha2 =/root_password_sha2 = $PASS/g" /etc/graylog/server/server.conf

sudo sed -i "s/#elasticsearch_max_time_per_index = 1d/elasticsearch_max_time_per_index = 1w/g" /etc/graylog/server/server.conf
sudo sed -i "s/elasticsearch_max_number_of_indices = 20/elasticsearch_max_number_of_indices = 8/g" /etc/graylog/server/server.conf

sudo systemctl start graylog-server
</code>
  - [[linux:nginx:start|Install NGINX webserver]]
  - Lastly, configure NGINX to be a reverse proxy for Graylog:<code bash>
cat >> /tmp/graylog << EOF
server
{
  listen      80 default_server;
  listen      [::]:80 default_server ipv6only=on;
  server_name $(hostname -f);

  location /
  {
        proxy_set_header    Host \$http_host;
        proxy_set_header    X-Forwarded-Host \$host;
        proxy_set_header    X-Forwarded-Server \$host;
        proxy_set_header    X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header    X-Graylog-Server-URL http://$(hostname -f);
        proxy_pass          http://127.0.0.1:9000;
  }
}
EOF

sudo service nginx stop

sudo mv /tmp/graylog /etc/nginx/sites-available/
sudo rm /etc/nginx/sites-enabled/default
sudo ln -s /etc/nginx/sites-available/graylog /etc/nginx/sites-enabled/graylog

sudo service nginx start
</code>

====== ======


----

\\ 
Last Updated: April 28, 2020