SlideShare a Scribd company logo

Debian graylog logging server.docx

Download as DOCX, PDF
Ahmed Swarup
Ahmed Swarup

Debian Graylog logging server configuration manual

Software
1 of 8
Debian installation This guide describes the fastest way to install Graylog on Debian Linux 9 (Stretch). All links and packages are present at the time of writing but might need to be updated later on. Warning This setup should not be done on publicly exposed servers. This guide does not cover security settings! Prerequisites If you’re starting from a minimal server setup, you will need to install these additional packages: $ sudo apt update && sudo apt upgrade $ sudo apt install apt-transport-https openjdk-8-jre-headless uuid-runtime pwgen dirmngr MongoDB The official MongoDB repository provides the most up-to-date version and is the recommended way of installing MongoDB: $ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 9DA31620334BD75D9DCB49F368818C72E52529D4 $ echo "deb http://repo.mongodb.org/apt/debian stretch/mongodb-org/4.0 main" | sudo tee /etc/apt/sources.list.d/mongodb-org- 4.0.list $ sudo apt-get update $ sudo apt-get install -y mongodb-org The last step is to enable MongoDB during the operating system’s startup: $ sudo systemctl daemon-reload $ sudo systemctl enable mongod.service $ sudo systemctl restart mongod.service
Elasticsearch Graylog can be used with Elasticsearch 6.x, please follow the installation instructions from the Elasticsearch installation guide: $ wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - $ echo "deb https://artifacts.elastic.co/packages/oss-6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list $ sudo apt update && sudo apt install elasticsearch-oss Make sure to modify the Elasticsearch configuration file ( /etc/elasticsearch/elasticsearch.yml ) and set the cluster name to graylog additionally you need to uncomment (remove the # as first character) the line, and add action.auto_create_index: false to the configuration file: cluster.name: graylog action.auto_create_index: false After you have modified the configuration, you can start Elasticsearch: $ sudo systemctl daemon-reload $ sudo systemctl enable elasticsearch.service $ sudo systemctl restart elasticsearch.service Graylog Now install the Graylog repository configuration and Graylog itself with the following commands: $ wget https://packages.graylog2.org/repo/packages/graylog-3.0-repository_latest.deb $ sudo dpkg -i graylog-3.0-repository_latest.deb $ sudo apt update && sudo apt install graylog-server Follow the instructions in your /etc/graylog/server/server.conf and add password_secret and root_password_sha2 . These settings are mandatory and without them, Graylog will not start! You need to use the following command to create your root_password_sha2 :
echo -n "Enter Password: " && head -1 </dev/stdin | tr -d 'n' | sha256sum | cut -d" " -f1 To be able to connect to Graylog you should set http_bind_address to the public host name or a public IP address of the machine you can connect to. More information about these settings can be found in Configuring the web interface.  Web interface  Edit on GitHub Web interface When your Graylog instance/cluster is up and running, the next thing you usually want to do is check out our web interface, which offers you great capabilities for searching and analyzing your indexed data and configuring your Graylog environment. Per default you can access it using your browser on http://<graylog-server>:9000/ . Overview The Graylog web interface was rewritten in JavaScript for 2.0 to be a client-side single-page browser application. This means its code is running solely in your browser, fetching all data via HTTP(S) from the REST API of your Graylog server.
Note The HTTP address must be accessible by everyone using the web interface. This means that Graylog must listen on a public network interface or be exposed to one using a proxy, NAT or a load balancer! Configuration Options If our default settings do not work for you, there is a number of options in the Graylog server configuration file which you can change to influence its behavior: Setting Default Explanation http_bind_a ddress 127.0.0.1:9000 The network interface used by the Graylog HTTP interface. http_publis h_uri If not set, http://$http_bind_addr ess will be used. The HTTP URI of this Graylog node which is used to communicate with the other Graylog nodes in the cluster and by all clients using the Graylog web interface. http_extern al_uri If not set, $http_publish_uri will be used. The public URI of Graylog which will be used by the Graylog web interface to communicate with the Graylog REST API. Graylog web interface. http_enable _cors true This is necessary for JS-clients accessing the server directly. If disabled, modern browsers will not be able to retrieve resources from the server.
Setting Default Explanation http_enable _gzip true Serve web interface assets using compression to reduce overall roundtrip times. http_max_he ader_size 8192 The maximum size of the HTTP request headers in bytes. http_thread _pool_size 16 The size of the thread pool used exclusively for serving the HTTP interface. http_enable _tls false This secures the communication with the HTTP interface with TLS to prevent request forgery and eavesdropping. http_tls_ce rt_file (no default) The X.509 certificate chain file in PEM format to use for securing the HTTP interface. http_tls_ke y_file (no default) The PKCS#8 private key file in PEM format to use for securing the HTTP interface. http_tls_ke y_password (no default) The password to unlock the private key used for securing the HTTP interface. (only needed if the key is encryped)
How does the web interface connect to the Graylog server? The web interface is fetching all information it is showing from the REST API of the Graylog server. Therefore it needs to connect to it using HTTP(S). There are several ways how you can define which way the web interface connects to the Graylog server. The URI used by the web interface is determined in this exact order:  If the HTTP(S) client going to the web interface port sends a X-Graylog-Server-URL header, which contains a valid URL, then this is overriding everything else.  If http_external_uri is defined in the Graylog configuration file, this is used if the aforementioned header is not set.  If http_publish_uri is defined in the Graylog configuration file, this is used if the aforementioned http_external_uri is not set.  If none of the above are defined, http://$http_bind_address is used. The web interface assets (e.g. the index.html , CSS and JavaScript files) are accessible at the URI root ( / by default) and the REST API endpoints are accessible at the /api path. Example: Setting http_bind_address to 10.0.0.1:9000 configures the Graylog server with the following URLs.  Web interface: http://10.0.0.1:9000/  REST API: http://10.0.0.1:9000/api/
Apache httpd 2.x Proxy web interface and API traffic using HTTP: <VirtualHost *:80> ServerName graylog.example.org ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> <Location /> RequestHeader set X-Graylog-Server-URL "http://graylog.example.org/" ProxyPass http://127.0.0.1:9000/ ProxyPassReverse http://127.0.0.1:9000/ </Location> </VirtualHost> Proxy web interface and API traffic using HTTPS (TLS): <VirtualHost *:443> ServerName graylog.example.org ProxyRequests Off SSLEngine on # <- your SSL Settings here! <Proxy *> Order deny,allow Allow from all </Proxy> <Location /> RequestHeader set X-Graylog-Server-URL "https://graylog.example.org/" ProxyPass http://127.0.0.1:9000/
ProxyPassReverse http://127.0.0.1:9000/ </Location> </VirtualHost>

Recommended

Oracle API Gateway Installation
Oracle API Gateway InstallationOracle API Gateway Installation
Oracle API Gateway InstallationRakesh Gujjarlapudi
 
Development Setup of B-Translator
Development Setup of B-TranslatorDevelopment Setup of B-Translator
Development Setup of B-TranslatorDashamir Hoxha
 
Http
HttpHttp
Httpleminhvuong
 
Apache HTTP Server
Apache HTTP ServerApache HTTP Server
Apache HTTP ServerTan Huynh Cong
 
Stackato Presentation Techzone 2013
Stackato Presentation Techzone 2013Stackato Presentation Techzone 2013
Stackato Presentation Techzone 2013Martin Kenneth Michalsky
 
How To Install GitLab As Your Private GitHub Clone
How To Install GitLab As Your Private GitHub CloneHow To Install GitLab As Your Private GitHub Clone
How To Install GitLab As Your Private GitHub CloneVEXXHOST Private Cloud
 
Ubuntu And Parental Controls
Ubuntu And Parental ControlsUbuntu And Parental Controls
Ubuntu And Parental Controlsjasonholtzapple
 
Config BuildConfig
Config BuildConfigConfig BuildConfig
Config BuildConfigVijay Shukla
 

Recommended

Oracle API Gateway Installation
Oracle API Gateway InstallationOracle API Gateway Installation
Oracle API Gateway InstallationRakesh Gujjarlapudi
 
Development Setup of B-Translator
Development Setup of B-TranslatorDevelopment Setup of B-Translator
Development Setup of B-TranslatorDashamir Hoxha
 
Http
HttpHttp
Httpleminhvuong
 
Apache HTTP Server
Apache HTTP ServerApache HTTP Server
Apache HTTP ServerTan Huynh Cong
 
Stackato Presentation Techzone 2013
Stackato Presentation Techzone 2013Stackato Presentation Techzone 2013
Stackato Presentation Techzone 2013Martin Kenneth Michalsky
 
How To Install GitLab As Your Private GitHub Clone
How To Install GitLab As Your Private GitHub CloneHow To Install GitLab As Your Private GitHub Clone
How To Install GitLab As Your Private GitHub CloneVEXXHOST Private Cloud
 
Ubuntu And Parental Controls
Ubuntu And Parental ControlsUbuntu And Parental Controls
Ubuntu And Parental Controlsjasonholtzapple
 
Config BuildConfig
Config BuildConfigConfig BuildConfig
Config BuildConfigVijay Shukla
 
Xdebug
XdebugXdebug
XdebugBryce Embry
 
Bugzilla Installation Process
Bugzilla Installation ProcessBugzilla Installation Process
Bugzilla Installation ProcessVino Harikrishnan
 
Deploy Rails Application by Capistrano
Deploy Rails Application by CapistranoDeploy Rails Application by Capistrano
Deploy Rails Application by CapistranoTasawr Interactive
 
Config/BuildConfig
Config/BuildConfigConfig/BuildConfig
Config/BuildConfigVijay Shukla
 
Config BuildConfig
Config BuildConfigConfig BuildConfig
Config BuildConfigNexThoughts Technologies
 
Scale Apache with Nginx
Scale Apache with NginxScale Apache with Nginx
Scale Apache with NginxBud Siddhisena
 
Meeting 14. web server ii
Meeting 14. web server iiMeeting 14. web server ii
Meeting 14. web server iiSyaiful Ahdan
 
NLIT 2011: Chef & Capistrano
NLIT 2011: Chef & CapistranoNLIT 2011: Chef & Capistrano
NLIT 2011: Chef & Capistranonickblah
 
Configuration of Apache Web Server On CentOS 8
Configuration of Apache Web Server On CentOS 8Configuration of Apache Web Server On CentOS 8
Configuration of Apache Web Server On CentOS 8Kaan Aslandağ
 
Apache
ApacheApache
ApacheNIRMAL FELIX
 
Hands on Docker - Launch your own LEMP or LAMP stack - SunshinePHP
Hands on Docker - Launch your own LEMP or LAMP stack - SunshinePHPHands on Docker - Launch your own LEMP or LAMP stack - SunshinePHP
Hands on Docker - Launch your own LEMP or LAMP stack - SunshinePHPDana Luther
 
Apache Ppt
Apache PptApache Ppt
Apache PptHema Prasanth
 
ACADGILD:: HADOOP LESSON
ACADGILD:: HADOOP LESSON ACADGILD:: HADOOP LESSON
ACADGILD:: HADOOP LESSON Padma shree. T
 
Improve PostgreSQL replication with Oracle GoldenGate
Improve PostgreSQL replication with Oracle GoldenGateImprove PostgreSQL replication with Oracle GoldenGate
Improve PostgreSQL replication with Oracle GoldenGateBobby Curtis
 
Capistrano
CapistranoCapistrano
CapistranoJason Noble
 
Aegir presentation
Aegir presentationAegir presentation
Aegir presentationMindtrades
 
ESM 6.8 HA OS Upgrade from RHEL 6.5, 6.6, or 6.7 t..
ESM 6.8 HA OS Upgrade from RHEL 6.5, 6.6, or 6.7 t..ESM 6.8 HA OS Upgrade from RHEL 6.5, 6.6, or 6.7 t..
ESM 6.8 HA OS Upgrade from RHEL 6.5, 6.6, or 6.7 t..Protect724tk
 
WordPress + NGINX Best Practices with EasyEngine
WordPress + NGINX Best Practices with EasyEngineWordPress + NGINX Best Practices with EasyEngine
WordPress + NGINX Best Practices with EasyEngineNGINX, Inc.
 
CoreOS, or How I Learned to Stop Worrying and Love Systemd
CoreOS, or How I Learned to Stop Worrying and Love SystemdCoreOS, or How I Learned to Stop Worrying and Love Systemd
CoreOS, or How I Learned to Stop Worrying and Love SystemdRichard Lister
 
Clouldera Implementation Guide for Production Deployments
Clouldera Implementation Guide for Production DeploymentsClouldera Implementation Guide for Production Deployments
Clouldera Implementation Guide for Production DeploymentsAhmed Mekawy
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2
 
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2
 

More Related Content

Similar to Debian graylog logging server.docx

Bugzilla Installation Process
Bugzilla Installation ProcessBugzilla Installation Process
Bugzilla Installation ProcessVino Harikrishnan
 
Deploy Rails Application by Capistrano
Deploy Rails Application by CapistranoDeploy Rails Application by Capistrano
Deploy Rails Application by CapistranoTasawr Interactive
 
Config/BuildConfig
Config/BuildConfigConfig/BuildConfig
Config/BuildConfigVijay Shukla
 
Scale Apache with Nginx
Scale Apache with NginxScale Apache with Nginx
Scale Apache with NginxBud Siddhisena
 
Meeting 14. web server ii
Meeting 14. web server iiMeeting 14. web server ii
Meeting 14. web server iiSyaiful Ahdan
 
NLIT 2011: Chef & Capistrano
NLIT 2011: Chef & CapistranoNLIT 2011: Chef & Capistrano
NLIT 2011: Chef & Capistranonickblah
 
Configuration of Apache Web Server On CentOS 8
Configuration of Apache Web Server On CentOS 8Configuration of Apache Web Server On CentOS 8
Configuration of Apache Web Server On CentOS 8Kaan Aslandağ
 
Hands on Docker - Launch your own LEMP or LAMP stack - SunshinePHP
Hands on Docker - Launch your own LEMP or LAMP stack - SunshinePHPHands on Docker - Launch your own LEMP or LAMP stack - SunshinePHP
Hands on Docker - Launch your own LEMP or LAMP stack - SunshinePHPDana Luther
 
ACADGILD:: HADOOP LESSON
ACADGILD:: HADOOP LESSON ACADGILD:: HADOOP LESSON
ACADGILD:: HADOOP LESSON Padma shree. T
 
Improve PostgreSQL replication with Oracle GoldenGate
Improve PostgreSQL replication with Oracle GoldenGateImprove PostgreSQL replication with Oracle GoldenGate
Improve PostgreSQL replication with Oracle GoldenGateBobby Curtis
 
Aegir presentation
Aegir presentationAegir presentation
Aegir presentationMindtrades
 
ESM 6.8 HA OS Upgrade from RHEL 6.5, 6.6, or 6.7 t..
ESM 6.8 HA OS Upgrade from RHEL 6.5, 6.6, or 6.7 t..ESM 6.8 HA OS Upgrade from RHEL 6.5, 6.6, or 6.7 t..
ESM 6.8 HA OS Upgrade from RHEL 6.5, 6.6, or 6.7 t..Protect724tk
 
WordPress + NGINX Best Practices with EasyEngine
WordPress + NGINX Best Practices with EasyEngineWordPress + NGINX Best Practices with EasyEngine
WordPress + NGINX Best Practices with EasyEngineNGINX, Inc.
 
CoreOS, or How I Learned to Stop Worrying and Love Systemd
CoreOS, or How I Learned to Stop Worrying and Love SystemdCoreOS, or How I Learned to Stop Worrying and Love Systemd
CoreOS, or How I Learned to Stop Worrying and Love SystemdRichard Lister
 
Clouldera Implementation Guide for Production Deployments
Clouldera Implementation Guide for Production DeploymentsClouldera Implementation Guide for Production Deployments
Clouldera Implementation Guide for Production DeploymentsAhmed Mekawy
 

Similar to Debian graylog logging server.docx (20)

Xdebug
XdebugXdebug
Xdebug
 
Bugzilla Installation Process
Bugzilla Installation ProcessBugzilla Installation Process
Bugzilla Installation Process
 
Deploy Rails Application by Capistrano
Deploy Rails Application by CapistranoDeploy Rails Application by Capistrano
Deploy Rails Application by Capistrano
 
Config/BuildConfig
Config/BuildConfigConfig/BuildConfig
Config/BuildConfig
 
Config BuildConfig
Config BuildConfigConfig BuildConfig
Config BuildConfig
 
Scale Apache with Nginx
Scale Apache with NginxScale Apache with Nginx
Scale Apache with Nginx
 
Meeting 14. web server ii
Meeting 14. web server iiMeeting 14. web server ii
Meeting 14. web server ii
 
NLIT 2011: Chef & Capistrano
NLIT 2011: Chef & CapistranoNLIT 2011: Chef & Capistrano
NLIT 2011: Chef & Capistrano
 
Configuration of Apache Web Server On CentOS 8
Configuration of Apache Web Server On CentOS 8Configuration of Apache Web Server On CentOS 8
Configuration of Apache Web Server On CentOS 8
 
Apache
ApacheApache
Apache
 
Hands on Docker - Launch your own LEMP or LAMP stack - SunshinePHP
Hands on Docker - Launch your own LEMP or LAMP stack - SunshinePHPHands on Docker - Launch your own LEMP or LAMP stack - SunshinePHP
Hands on Docker - Launch your own LEMP or LAMP stack - SunshinePHP
 
Apache Ppt
Apache PptApache Ppt
Apache Ppt
 
ACADGILD:: HADOOP LESSON
ACADGILD:: HADOOP LESSON ACADGILD:: HADOOP LESSON
ACADGILD:: HADOOP LESSON
 
Improve PostgreSQL replication with Oracle GoldenGate
Improve PostgreSQL replication with Oracle GoldenGateImprove PostgreSQL replication with Oracle GoldenGate
Improve PostgreSQL replication with Oracle GoldenGate
 
Capistrano
CapistranoCapistrano
Capistrano
 
Aegir presentation
Aegir presentationAegir presentation
Aegir presentation
 
ESM 6.8 HA OS Upgrade from RHEL 6.5, 6.6, or 6.7 t..
ESM 6.8 HA OS Upgrade from RHEL 6.5, 6.6, or 6.7 t..ESM 6.8 HA OS Upgrade from RHEL 6.5, 6.6, or 6.7 t..
ESM 6.8 HA OS Upgrade from RHEL 6.5, 6.6, or 6.7 t..
 
WordPress + NGINX Best Practices with EasyEngine
WordPress + NGINX Best Practices with EasyEngineWordPress + NGINX Best Practices with EasyEngine
WordPress + NGINX Best Practices with EasyEngine
 
CoreOS, or How I Learned to Stop Worrying and Love Systemd
CoreOS, or How I Learned to Stop Worrying and Love SystemdCoreOS, or How I Learned to Stop Worrying and Love Systemd
CoreOS, or How I Learned to Stop Worrying and Love Systemd
 
Clouldera Implementation Guide for Production Deployments
Clouldera Implementation Guide for Production DeploymentsClouldera Implementation Guide for Production Deployments
Clouldera Implementation Guide for Production Deployments
 

Recently uploaded

WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2
 
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2
 
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...Lisi Hocke
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2
 
Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2WSO2
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2
 
Wired_2.0_CREATE YOUR ULTIMATE LEARNING ENVIRONMENT_JCON_16052024
Wired_2.0_CREATE YOUR ULTIMATE LEARNING ENVIRONMENT_JCON_16052024Wired_2.0_CREATE YOUR ULTIMATE LEARNING ENVIRONMENT_JCON_16052024
Wired_2.0_CREATE YOUR ULTIMATE LEARNING ENVIRONMENT_JCON_16052024SimonedeGijt
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024VictoriaMetrics
 
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypseTomasz Kowalczewski
 
WSO2Con2024 - Software Delivery in Hybrid Environments
WSO2Con2024 - Software Delivery in Hybrid EnvironmentsWSO2Con2024 - Software Delivery in Hybrid Environments
WSO2Con2024 - Software Delivery in Hybrid EnvironmentsWSO2
 
WSO2Con2024 - Facilitating Broadband Switching Services for UK Telecoms Provi...
WSO2Con2024 - Facilitating Broadband Switching Services for UK Telecoms Provi...WSO2Con2024 - Facilitating Broadband Switching Services for UK Telecoms Provi...
WSO2Con2024 - Facilitating Broadband Switching Services for UK Telecoms Provi...WSO2
 
From Theory to Practice: Utilizing SpiraPlan's REST API
From Theory to Practice: Utilizing SpiraPlan's REST APIFrom Theory to Practice: Utilizing SpiraPlan's REST API
From Theory to Practice: Utilizing SpiraPlan's REST APIInflectra
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Bert Jan Schrijver
 
WSO2CON 2024 - Building a Digital Government in Uganda
WSO2CON 2024 - Building a Digital Government in UgandaWSO2CON 2024 - Building a Digital Government in Uganda
WSO2CON 2024 - Building a Digital Government in UgandaWSO2
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2
 
WSO2CON2024 - Why Should You Consider Ballerina for Your Next Integration
WSO2CON2024 - Why Should You Consider Ballerina for Your Next IntegrationWSO2CON2024 - Why Should You Consider Ballerina for Your Next Integration
WSO2CON2024 - Why Should You Consider Ballerina for Your Next IntegrationWSO2
 
Evolving Data Governance for the Real-time Streaming and AI Era
Evolving Data Governance for the Real-time Streaming and AI EraEvolving Data Governance for the Real-time Streaming and AI Era
Evolving Data Governance for the Real-time Streaming and AI Eraconfluent
 
AzureNativeQumulo_HPC_Cloud_Native_Benchmarks.pdf
AzureNativeQumulo_HPC_Cloud_Native_Benchmarks.pdfAzureNativeQumulo_HPC_Cloud_Native_Benchmarks.pdf
AzureNativeQumulo_HPC_Cloud_Native_Benchmarks.pdfryanfarris8
 
BusinessGPT - Security and Governance for Generative AI
BusinessGPT - Security and Governance for Generative AIBusinessGPT - Security and Governance for Generative AI
BusinessGPT - Security and Governance for Generative AIAGATSoftware
 

Recently uploaded (20)

WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & InnovationWSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
WSO2CON 2024 - OSU & WSO2: A Decade Journey in Integration & Innovation
 
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...
Team Transformation Tactics for Holistic Testing and Quality (NewCrafts Paris...
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2Driving Innovation: Scania's API Revolution with WSO2
Driving Innovation: Scania's API Revolution with WSO2
 
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
WSO2CON 2024 - IoT Needs CIAM: The Importance of Centralized IAM in a Growing...
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
Wired_2.0_CREATE YOUR ULTIMATE LEARNING ENVIRONMENT_JCON_16052024
Wired_2.0_CREATE YOUR ULTIMATE LEARNING ENVIRONMENT_JCON_16052024Wired_2.0_CREATE YOUR ULTIMATE LEARNING ENVIRONMENT_JCON_16052024
Wired_2.0_CREATE YOUR ULTIMATE LEARNING ENVIRONMENT_JCON_16052024
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
[GeeCON2024] How I learned to stop worrying and love the dark silicon apocalypse
 
WSO2Con2024 - Software Delivery in Hybrid Environments
WSO2Con2024 - Software Delivery in Hybrid EnvironmentsWSO2Con2024 - Software Delivery in Hybrid Environments
WSO2Con2024 - Software Delivery in Hybrid Environments
 
WSO2Con2024 - Facilitating Broadband Switching Services for UK Telecoms Provi...
WSO2Con2024 - Facilitating Broadband Switching Services for UK Telecoms Provi...WSO2Con2024 - Facilitating Broadband Switching Services for UK Telecoms Provi...
WSO2Con2024 - Facilitating Broadband Switching Services for UK Telecoms Provi...
 
From Theory to Practice: Utilizing SpiraPlan's REST API
From Theory to Practice: Utilizing SpiraPlan's REST APIFrom Theory to Practice: Utilizing SpiraPlan's REST API
From Theory to Practice: Utilizing SpiraPlan's REST API
 
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
 
WSO2CON 2024 - Building a Digital Government in Uganda
WSO2CON 2024 - Building a Digital Government in UgandaWSO2CON 2024 - Building a Digital Government in Uganda
WSO2CON 2024 - Building a Digital Government in Uganda
 
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
WSO2CON 2024 - Unlocking the Identity: Embracing CIAM 2.0 for a Competitive A...
 
WSO2CON2024 - Why Should You Consider Ballerina for Your Next Integration
WSO2CON2024 - Why Should You Consider Ballerina for Your Next IntegrationWSO2CON2024 - Why Should You Consider Ballerina for Your Next Integration
WSO2CON2024 - Why Should You Consider Ballerina for Your Next Integration
 
Evolving Data Governance for the Real-time Streaming and AI Era
Evolving Data Governance for the Real-time Streaming and AI EraEvolving Data Governance for the Real-time Streaming and AI Era
Evolving Data Governance for the Real-time Streaming and AI Era
 
AzureNativeQumulo_HPC_Cloud_Native_Benchmarks.pdf
AzureNativeQumulo_HPC_Cloud_Native_Benchmarks.pdfAzureNativeQumulo_HPC_Cloud_Native_Benchmarks.pdf
AzureNativeQumulo_HPC_Cloud_Native_Benchmarks.pdf
 
BusinessGPT - Security and Governance for Generative AI
BusinessGPT - Security and Governance for Generative AIBusinessGPT - Security and Governance for Generative AI
BusinessGPT - Security and Governance for Generative AI
 

Debian graylog logging server.docx

  • 1. Debian installation This guide describes the fastest way to install Graylog on Debian Linux 9 (Stretch). All links and packages are present at the time of writing but might need to be updated later on. Warning This setup should not be done on publicly exposed servers. This guide does not cover security settings! Prerequisites If you’re starting from a minimal server setup, you will need to install these additional packages: $ sudo apt update && sudo apt upgrade $ sudo apt install apt-transport-https openjdk-8-jre-headless uuid-runtime pwgen dirmngr MongoDB The official MongoDB repository provides the most up-to-date version and is the recommended way of installing MongoDB: $ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 9DA31620334BD75D9DCB49F368818C72E52529D4 $ echo "deb http://repo.mongodb.org/apt/debian stretch/mongodb-org/4.0 main" | sudo tee /etc/apt/sources.list.d/mongodb-org- 4.0.list $ sudo apt-get update $ sudo apt-get install -y mongodb-org The last step is to enable MongoDB during the operating system’s startup: $ sudo systemctl daemon-reload $ sudo systemctl enable mongod.service $ sudo systemctl restart mongod.service
  • 2. Elasticsearch Graylog can be used with Elasticsearch 6.x, please follow the installation instructions from the Elasticsearch installation guide: $ wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - $ echo "deb https://artifacts.elastic.co/packages/oss-6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list $ sudo apt update && sudo apt install elasticsearch-oss Make sure to modify the Elasticsearch configuration file ( /etc/elasticsearch/elasticsearch.yml ) and set the cluster name to graylog additionally you need to uncomment (remove the # as first character) the line, and add action.auto_create_index: false to the configuration file: cluster.name: graylog action.auto_create_index: false After you have modified the configuration, you can start Elasticsearch: $ sudo systemctl daemon-reload $ sudo systemctl enable elasticsearch.service $ sudo systemctl restart elasticsearch.service Graylog Now install the Graylog repository configuration and Graylog itself with the following commands: $ wget https://packages.graylog2.org/repo/packages/graylog-3.0-repository_latest.deb $ sudo dpkg -i graylog-3.0-repository_latest.deb $ sudo apt update && sudo apt install graylog-server Follow the instructions in your /etc/graylog/server/server.conf and add password_secret and root_password_sha2 . These settings are mandatory and without them, Graylog will not start! You need to use the following command to create your root_password_sha2 :
  • 3. echo -n "Enter Password: " && head -1 </dev/stdin | tr -d 'n' | sha256sum | cut -d" " -f1 To be able to connect to Graylog you should set http_bind_address to the public host name or a public IP address of the machine you can connect to. More information about these settings can be found in Configuring the web interface.  Web interface  Edit on GitHub Web interface When your Graylog instance/cluster is up and running, the next thing you usually want to do is check out our web interface, which offers you great capabilities for searching and analyzing your indexed data and configuring your Graylog environment. Per default you can access it using your browser on http://<graylog-server>:9000/ . Overview The Graylog web interface was rewritten in JavaScript for 2.0 to be a client-side single-page browser application. This means its code is running solely in your browser, fetching all data via HTTP(S) from the REST API of your Graylog server.
  • 4. Note The HTTP address must be accessible by everyone using the web interface. This means that Graylog must listen on a public network interface or be exposed to one using a proxy, NAT or a load balancer! Configuration Options If our default settings do not work for you, there is a number of options in the Graylog server configuration file which you can change to influence its behavior: Setting Default Explanation http_bind_a ddress 127.0.0.1:9000 The network interface used by the Graylog HTTP interface. http_publis h_uri If not set, http://$http_bind_addr ess will be used. The HTTP URI of this Graylog node which is used to communicate with the other Graylog nodes in the cluster and by all clients using the Graylog web interface. http_extern al_uri If not set, $http_publish_uri will be used. The public URI of Graylog which will be used by the Graylog web interface to communicate with the Graylog REST API. Graylog web interface. http_enable _cors true This is necessary for JS-clients accessing the server directly. If disabled, modern browsers will not be able to retrieve resources from the server.
  • 5. Setting Default Explanation http_enable _gzip true Serve web interface assets using compression to reduce overall roundtrip times. http_max_he ader_size 8192 The maximum size of the HTTP request headers in bytes. http_thread _pool_size 16 The size of the thread pool used exclusively for serving the HTTP interface. http_enable _tls false This secures the communication with the HTTP interface with TLS to prevent request forgery and eavesdropping. http_tls_ce rt_file (no default) The X.509 certificate chain file in PEM format to use for securing the HTTP interface. http_tls_ke y_file (no default) The PKCS#8 private key file in PEM format to use for securing the HTTP interface. http_tls_ke y_password (no default) The password to unlock the private key used for securing the HTTP interface. (only needed if the key is encryped)
  • 6. How does the web interface connect to the Graylog server? The web interface is fetching all information it is showing from the REST API of the Graylog server. Therefore it needs to connect to it using HTTP(S). There are several ways how you can define which way the web interface connects to the Graylog server. The URI used by the web interface is determined in this exact order:  If the HTTP(S) client going to the web interface port sends a X-Graylog-Server-URL header, which contains a valid URL, then this is overriding everything else.  If http_external_uri is defined in the Graylog configuration file, this is used if the aforementioned header is not set.  If http_publish_uri is defined in the Graylog configuration file, this is used if the aforementioned http_external_uri is not set.  If none of the above are defined, http://$http_bind_address is used. The web interface assets (e.g. the index.html , CSS and JavaScript files) are accessible at the URI root ( / by default) and the REST API endpoints are accessible at the /api path. Example: Setting http_bind_address to 10.0.0.1:9000 configures the Graylog server with the following URLs.  Web interface: http://10.0.0.1:9000/  REST API: http://10.0.0.1:9000/api/
  • 7. Apache httpd 2.x Proxy web interface and API traffic using HTTP: <VirtualHost *:80> ServerName graylog.example.org ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> <Location /> RequestHeader set X-Graylog-Server-URL "http://graylog.example.org/" ProxyPass http://127.0.0.1:9000/ ProxyPassReverse http://127.0.0.1:9000/ </Location> </VirtualHost> Proxy web interface and API traffic using HTTPS (TLS): <VirtualHost *:443> ServerName graylog.example.org ProxyRequests Off SSLEngine on # <- your SSL Settings here! <Proxy *> Order deny,allow Allow from all </Proxy> <Location /> RequestHeader set X-Graylog-Server-URL "https://graylog.example.org/" ProxyPass http://127.0.0.1:9000/