Graylog&Nagios

From ICO wiki
Revision as of 20:19, 4 January 2017 by Mhass (talk | contribs) (Created page with "Logging and Monitoring - Graylog and Nagios installation. Group : Cyber Security Engineering (C21). Page created by Meelis Hass. = Introduction = In this page, I will show...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Logging and Monitoring - Graylog and Nagios installation.

Group : Cyber Security Engineering (C21).

Page created by Meelis Hass.

Introduction

In this page, I will show how a person can easily install and configure Graylog and Nagios in a timely fashion.


Graylog

//rohkem juttu

Prerequisites

Now before we begin installing Graylog, we should check what version the machine is actully running.

lsb_release -a

This is because this guide is intended for 16.04 version of Ubuntu, If you do already have it, skip to actual installation. People who need to upgrade just continue with the following commands.

Next lets upgrade our machine.

  • Start off by updating your package list

sudo apt-get update

  • Next lets upgrade everything

sudo apt-get upgrade

  • Then fix the dependencies with this

sudo apt-get dist-upgrade

  • And finish off by finishing the upgrade

sudo do-release-upgrade


Graylog Installation


Now to the actual meat of the guide, installing graylog. But we cant just jump into installing Graylog itself, because it needs a few services and a setup base to run it, like Elasticsearch and MongoDB.


Starting off with the setup base.

sudo apt-get install apt-transport-https openjdk-8-jre-headless uuid-runtime pwgen


Now lets install MongoDB.

sudo apt-get install mongodb-server


Installing Elasticsearch takes a few more commands.

wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

echo "deb https://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch-2.x.list

sudo apt-get update && sudo apt-get install elasticsearch


We still need to configure Elasticsearch a bit.

nano /etc/elasticsearch/elasticsearch.yml


And uncomment and change this line.

cluster.name: graylog


After that, just start the service

sudo systemctl daemon-reload

sudo systemctl enable elasticsearch.service

sudo systemctl restart elasticsearch.service


Now we actully start installing Graylog itself! Start off by getting the required packages and then installing them.

wget https://packages.graylog2.org/repo/packages/graylog-2.1-repository_latest.deb

sudo dpkg -i graylog-2.1-repository_latest.deb

sudo apt-get update && sudo apt-get install graylog-server


After installing Graylog, we need to add a few extra parts into the configuration file, mainly passwords.

This will generate a password and a sha256sum for it. Do note that the password is required and MUST be 16 characters or longer, otherwise Graylog refuses to function.

echo -n yourpassword | sha256sum

The password must be put into /etc/graylog/server/server.conf file.

While in the configuration file, also add your public ip with correct ports into rest_listen_uri and web_listen_uri .


Final steps to enable Graylog.

sudo systemctl daemon-reload

sudo systemctl enable graylog-server.service

sudo systemctl start graylog-server.service


And there you have it, one fully installed Graylog, ready for all your logging needs!.

After this, you can explore the web interface at the public ip address you set before and start logging whatever you want.