There is a point to this story, but it has temporarily escaped my mind...
Contact Me MyFaceBook MyLinkedIn MyGitHub MyTwitter

Install Graylog

  1. Install Elastic Search version 6.x giving the cluster name of graylog
    VERSION=6
    CLUSTERNAME=graylog
  2. Install Graylog:
    wget https://packages.graylog2.org/repo/packages/graylog-3.2-repository_latest.deb
    sudo dpkg -i graylog-3.2-repository_latest.deb
     
    sudo apt update
     
    sudo apt install -y pwgen authbind graylog-server graylog-integrations-plugins
     
    sudo systemctl daemon-reload
    sudo systemctl enable graylog-server
     
    #################################
    echo -n "Enter Password: "
    PASS=$(head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1)
     
    sudo sed -i "s/password_secret =/password_secret = $(pwgen -N 1 -s 96)/g" /etc/graylog/server/server.conf
    sudo sed -i "s/root_password_sha2 =/root_password_sha2 = $PASS/g" /etc/graylog/server/server.conf
     
    sudo sed -i "s/#elasticsearch_max_time_per_index = 1d/elasticsearch_max_time_per_index = 1w/g" /etc/graylog/server/server.conf
    sudo sed -i "s/elasticsearch_max_number_of_indices = 20/elasticsearch_max_number_of_indices = 8/g" /etc/graylog/server/server.conf
     
    sudo systemctl start graylog-server
  3. Lastly, configure NGINX to be a reverse proxy for Graylog:
    cat >> /tmp/graylog << EOF
    server
    {
      listen      80 default_server;
      listen      [::]:80 default_server ipv6only=on;
      server_name $(hostname -f);
     
      location /
      {
            proxy_set_header    Host \$http_host;
            proxy_set_header    X-Forwarded-Host \$host;
            proxy_set_header    X-Forwarded-Server \$host;
            proxy_set_header    X-Forwarded-For \$proxy_add_x_forwarded_for;
            proxy_set_header    X-Graylog-Server-URL http://$(hostname -f);
            proxy_pass          http://127.0.0.1:9000;
      }
    }
    EOF
     
    sudo service nginx stop
     
    sudo mv /tmp/graylog /etc/nginx/sites-available/
    sudo rm /etc/nginx/sites-enabled/default
    sudo ln -s /etc/nginx/sites-available/graylog /etc/nginx/sites-enabled/graylog
     
    sudo service nginx start


Last Updated: April 28, 2020

Copyright © 2022 by Julian Easterling. SOME RIGHTS RESERVED.
Privacy Policy              Terms of Use             


Creative Commons License
Except where otherwise noted, content on this site is
licensed under a Creative Common Attribution-Share Alike 4.0 International License.


All of the opinions expressed on this website are those of Julian Easterling and
do not represent the views of any of my current and previous clients or employers in any way.

If you notice an error on the site or content that has not been properly attributed, bring
it to my attention using the contact page and I will endeavor to fix it as soon as I can.

I accept no responsibility or liability for any damages incurred by following any of
my advice or by using any of the information on my site or of those sites that I link to.