CentOS7にGraylogのインストール

Java

# sudo yum install java-1.8.0-openjdk-headless.x86_64

MongoDB

MongoDBリポジトリ登録

/etc/yum.repos.d/mongodb-org-3.4.repo

# sudo vi /etc/yum.repos.d/mongodb-org-3.4.repo
[mongodb-org-4.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc

MongoDBインストール

# sudo yum install mongodb-org

mongodbの自動起動設定と起動

# sudo systemctl daemon-reload
# sudo systemctl enable mongod.service
# sudo systemctl start mongod.service
# sudo systemctl --type=service --state=active | grep mongod
mongod.service                     loaded active running MongoDB Database Serve

Elasticsearch

Elastic GPGキーをインポート

sudo rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch

/etc/yum.repos.d/elasticsearch.repo

# vi /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-6.x]
name=Elasticsearch repository for 6.x packages
baseurl=https://artifacts.elastic.co/packages/oss-6.x/yum
gpgcheck=1
gpgkey=https://artifacts.elastic.co/GPG-KEY-elasticsearch
enabled=1
autorefresh=1
type=rpm-md

[root@localhost yum.repos.d]# sudo yum install elasticsearch-oss

以下の項目を修正

/etc/elasticsearch/elasticsearch.yml

# sudo vi /etc/elasticsearch/elasticsearch.yml
cluster.name: graylog

action.auto_create_index: false

Graylog 3.2

# sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-3.2-repository_latest.rpm

graylog設定
/etc/graylog/server/server.confに下記のようにあるのでpwgenのインストール

# You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters.
# Generate one by using for example: pwgen -N 1 -s 96

# sudo yum install epel-release
# sudo yum install pwgen

password_secretとroot_password_sha2の生成

# sudo pwgen -N 1 -s 96
[password_secret]
# echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
Enter Password:[設定するパスワード]

設定ファイルの編集

/etc/graylog/server/server.conf

# password_secret
# You MUST set a secret to secure/pepper the stored user passwords here. Use at least 64 characters.
# Generate one by using for example: pwgen -N 1 -s 96
password_secret = [password_secret]

# root_password_sha2
# You MUST specify a hash password for the root user (which you only need to initially set up the
# system and in case you lose connectivity to your authentication backend)
# This password cannot be changed using the API or via the web interface. If you need to change it,
# modify it in this file.
# Create one by using for example: echo -n yourpassword | shasum -a 256
# and put the resulting hash value into the following line
root_password_sha2 =[root_password_sha2]

#root_timezone
72 # The time zone setting of the root user. See http://www.joda.org/joda-time/timezones.html for a list of valid time zones.
73  Default is UTC
74 root_timezone = Asia/Tokyo 
http_bind_address 
#### HTTP bind address
#
# The network interface used by the Graylog HTTP interface.
#
# This network interface must be accessible by all Graylog nodes in the cluster and by all clients
# using the Graylog web interface.
#
# If the port is omitted, Graylog will use port 9000 by default.
#
# Default: 127.0.0.1:9000
http_bind_address = IPアドレス:ポート

firewalldの設定（デフォルトport:9000）

# sudo firewall-cmd --permanent --zone=public --add-port=9000/tcp
success
# sudo firewall-cmd --reload
success

graylogの自動起動設定と起動

# sudo systemctl daemon-reload
# sudo systemctl enable graylog-server.service
Created symlink from /etc/systemd/system/multi-user.target.wants/graylog-server.service to /usr/lib/systemd/system/graylog-server.service.
# sudo systemctl start graylog-server.service
# sudo systemctl --type=service --state=active | grep graylog
graylog-server.service             loaded active running Graylog server