Log management using graylog2 0.12.0 on CentOS RHEL

Overview

Graylog has released the latest version of graylog server and web interface version 0.12.0. This post will help you install both of these along with the prerequisites elasticsearch which is used to store logs as indices.

Log management using graylog2 0.12.0 on CentOS RHEL

Install some prerequisites

Download and install elasticsearch

The new version of graylog web interface require ruby version >= 1.9

Verify the version

ruby -v
ruby 1.9.3p0 (2011-10-30 revision 33570) [x86_64-linux]
gem --version
1.8.11

Add 10gen Repository for mongodb

Append the following to it
For x86_64 bit CentOS/RHEL

For i386 32 bit CentOS/RHEL

Install mongodb and other dependencies

Open the mongod.conf file in an editor of choice

Enable authentication by uncommenting the line

Start mongodb

Login to mongo db and add user and database for graylog2

Download the latest version of graylog2-server and untar it

Copy the conf files

Open the graylog2.conf file in an editor of choice

Set syslog_enable_tcp = true line 12 and set mongodb username and password line 87.

Create the initialization script

Append the following to it

Add it to chkconfig and start the service

Once you start graylog server, it will start listening on port 514, make sure that no other service is using port 514 on the machine, you would like to stop rsyslog if its running and using port 514. Also make sure you have configured rsyslog clients to send logs to this centralized server. To know more about centralized logging using rsyslog click here.

Download and install graylog2 web interface

Update the mongoid,yml file

Add the username and password

Create the indexes

Install apache passenger module

passenger01 300x176 Log management using graylog2 0.12.0 on CentOS RHEL

Create a new conf file to load passenger module

Append the following to the file as instructed by your apache passenger module installer(Refer the screenshot above)

Create virtual hosts

Append the following code to the file

Restart apache

Point your browser to

http://ipaddress-or-domainname

graylog02 300x176 Log management using graylog2 0.12.0 on CentOS RHEL

graylog011 300x176 Log management using graylog2 0.12.0 on CentOS RHEL