There is a point to this story, but it has temporarily escaped my mind...
Contact Me MyFaceBook MyLinkedIn MyGitHub MyTwitter

Install Graylog

  1. Install Elastic Search giving the cluster name of graylog
  2. Install Graylog:
    cat > /tmp/graylog.list << EOF
    deb https://packages.graylog2.org/repo/debian/ stable 2.3
    EOF
     
    sudo mv /tmp/graylog.list /etc/apt/sources.list.d/
     
    wget -q -O - https://packages.graylog2.org/repo/debian/keyring.gpg | sudo apt-key add -
     
    sudo apt-get update
     
    sudo apt-get install -y pwgen authbind graylog-server
     
    sudo systemctl daemon-reload
    sudo systemctl enable graylog-server.service
     
    sudo sed -i "s/password_secret =/password_secret = $(pwgen -N 1 -s 96)/g" /etc/graylog/server/server.conf
    sudo sed -i "s/root_password_sha2 =/root_password_sha2 = $(echo -n password | shasum -a 256 | awk '{ print $1 }')/g" /etc/graylog/server/server.conf
     
    sudo sed -i "s/#elasticsearch_max_time_per_index = 1d/elasticsearch_max_time_per_index = 1w/g" /etc/graylog/server/server.conf
    sudo sed -i "s/elasticsearch_max_number_of_indices = 20/elasticsearch_max_number_of_indices = 8/g" /etc/graylog/server/server.conf
     
    sudo swapoff -a
     
    sudo systemctl start graylog-server.service
  3. Lastly, configure NGINX to be a reverse proxy for Graylog:
    cat >> /tmp/graylog << EOF
    server
    {
      listen      80 default_server;
      listen      [::]:80 default_server ipv6only=on;
      server_name $(hostname -f);
     
      location /
      {
            proxy_set_header    Host \$http_host;
            proxy_set_header    X-Forwarded-Host \$host;
            proxy_set_header    X-Forwarded-Server \$host;
            proxy_set_header    X-Forwarded-For \$proxy_add_x_forwarded_for;
            proxy_set_header    X-Graylog-Server-URL http://$(hostname -f)/api;
            proxy_pass          http://127.0.0.1:9000;
      }
    }
    EOF
     
    sudo mv /tmp/graylog /etc/nginx/sites-available/
    sudo rm /etc/nginx/sites-enabled/default
    sudo ln -s /etc/nginx/sites-available/graylog /etc/nginx/sites-enabled/graylog
     
    sudo service nginx reload
Copyright © 2019 by Julian Easterling. SOME RIGHTS RESERVED.
Privacy Policy              Terms of Use             


Creative Commons License
Except where otherwise noted, content on this site is
licensed under a Creative Common Attribution-Share Alike 4.0 International License.


All of the opinions expressed on this website are those of Julian Easterling and
do not represent the views of any of my current and previous clients or employers in any way.

If you notice an error on the site or content that has not been properly attributed, bring
it to my attention using the contact page and I will endeavor to fix it as soon as I can.

I accept no responsibility or liability for any damages incurred by following any of
my advice or by using any of the information on my site or of those sites that I link to.