Jeff Moe
c9e8c4cf55
|
6 years ago | |
|---|---|---|
| .. | ||
| README.md | 6 years ago | |
README.md
Clone Debian Stretch template, set up IPs, hostname, ssh keys
apt update apt -y dist-upgrade
Install graylog
Install deps
apt -y install apt-transport-https openjdk-8-jre-headless uuid-runtime pwgen
Set up repo:
wget -q -O - https://packages.graylog2.org/repo/debian/keyring.gpg | apt-key add echo "deb https://packages.graylog2.org/repo/debian/ stable 2.4" > /etc/apt/sources.list.d/graylog.list
Disable apt cache, comment out proxy in /etc/apt/apt.conf
apt update apt install graylog-server
Set a password:
echo -n password | sha256sum
Set that to in /etc/graylog/server/server.conf:
password_secret =
Set also:
root_password_sha2 =
Set these:
rest_listen_uri = http://10.22.22.109:9000/api/ web_listen_uri = http://10.22.22.109:9000/ elasticsearch_hosts = http://10.22.22.118:9200 mongodb_uri = mongodb://10.22.22.119:27017/graylog
Open up firewall on server:
-A INPUT -p tcp --dport 9000 -j ACCEPT
Syslog UDP
-A INPUT -p udp --dport 514 -j ACCEPT
Syslog UDP alt port
-A INPUT -p udp --dport 5144 -j ACCEPT
Syslog TCP
-A INPUT -p tcp --dport 514 -j ACCEPT
Syslog TCP alt port
-A INPUT -p tcp --dport 5144 -j ACCEPT
Start service:
systemctl daemon-reload systemctl start graylog-server.service
Start on boot:
systemctl enable graylog-server.service
XXX Backups
XXX Prometheus :)
Add clients
Add to /etc/rsyslog.d:
UDP (use this):
echo ". @10.22.22.109:5144;RSYSLOG_SyslogProtocol23Format" > /etc/rsyslog.d/graylog.conf
TCP:
#echo ". @@10.22.22.109:5144;RSYSLOG_SyslogProtocol23Format" > /etc/rsyslog.d/graylog.conf
Maybe?
#echo 'action(type="omfwd" target="10.22.22.109" port="5144" template="RSYSLOG_SyslogProtocol23Format")' > /etc/rsyslog.d/graylog.conf
systemctl restart rsyslog