Reading Time: 1 minute, 29 secs

Graylog2 CentOS Installation

I recently required a syslog server that was easy to use with a web interface to monitor some customers firewalls. I had been looking at Splunk but due to the price of this product it was not a viable option for what I required.

After a little searching I came across Graylog2 which is an open source alternative to Splunk and is totally free! You only need to pay if you would like support from them.

So here is how I setup the server and got it working on my CentOS Server.

Install & Configure Elastic Search

Download and install the Public Signing Key:

Create the following file /etc/yum.repos.d/elasticsearch.repo

And your repository is ready for use. You can install it with :

Configure Elasticsearch to automatically start during boot:

To configure ElasticSearch for use with Graylog2 edit /etc/elasticsearch/elasticsearch.yml

Start the ElasticSearch service:

Install & Graylog2 Server and Web Client

Get the latest RPM for Graylog2 here and run changing to the correct url:

Install Graylo2-Server and Graylog2-Web:

Edit the file /etc/graylog2.conf and change only the below:

Edit the file /etc/graylog2/web/graylog2-web-interface.conf and change only the below:

Set Services to start at boot:

Start the services:

Troubleshooting

Logs are stored in the following locations:
/var/log/elasticsearch/*.log
/var/log/graylog2-server/*.log
/var/log/graylog2-web/*.log

any errors in here should be quite easy to resolve. if you have any issues please let me know and I will assist where possible.

0 Likes

Leave a Comment.