Installing a frest copy of Graylog


(Gregory West) #1

When I tried the manual install I get no where. So I decided to try the scriprts out. Here is what I got following the instruction to the point where I entered:
puppet modules install graylog/graylog
Error: Could not install module ‘graylog-graylog’ (???)
No version of ‘graylog-graylog’ can satisfy all dependencies
Use puppet module install --ignore-dependencies to install only this module

I failed at getting the chef-server installed so no results there.

I installed with ansible-galaxy install Graylog2.graylog-ansible-role, looks like it ran OK, but left at the cli prompt with no instructions as to what to do next.

I bring this up, because I have been working with computers for over 40 years now, and this is by far the most problematic setup I have ever come across. Even installing the OVA file on my VMWare server did not help.

From what I have seen Graylog is a great tool, but if I can not even get it running, it is all for not. If the graylog people would like some assistance in testing out the install procedures and scripts I would be more than happy. I have tested these things many many times in the past, and am converse in not applying ‘non-stated’ instructions. ie, doing something you know needs to be done, but is not stated in the instructions as a step, or configuration.

Gregory A. West


(Jochen) #2

According to Graylog wont start after new installation, you’ve had a working setup of Graylog. What happened?


(Gregory West) #3

It was working. I need to be able to do a clean install at a clients site, so I am writing the instructions on how to do a clean install. When I have the instruction, I have to clean the server and start from scratch to do an install. I followed my instructions, and the second install wont work. Obviously something wrong in my instructions.

I am more than happy to upload the final instruction when they are complete to the forum for other to follow after me. But in the mean time, still working on this.


(Gregory West) #4

I found some instruction on Digital Ocean’s site. Followed them and was able to get a copy of GrayLog working on Ubuntu 16.04. My notes are as follows, again, suggest people look at Digital Ocean’s site I am including my notes just in case of a URL break.


Graylog install in ubuntu 16.04

Logged in as user for graylog (in my case graylog)

The following instruction come from the great people at digitalOcean and only quoted here incase the link breaks

Check out the Digital Ocean instructions at:

https://www.digitalocean.com/community/tutorials/how-to-manage-logs-with-graylog-2-on-ubuntu-16-04

My instructions assume one graylog server, a clean unbuntu server with no packages loaded on it.

Setup Ubuntu with manual package selection, and select the following packages:

nano editor
sudo apt-get install nano
apt-transport-https
sudo apt-get install apt-transport-https
pwgen password generator
sudo apt-get install pwgen

Oracle Java 8
sudo apt-get update
sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update
sudo apt-get install oracle-java8-installer

ElasticSearch
sudo apt-get update
wget https://download.elastic.co/elasticsearch/release/org/elasticsearch/distribution/deb/elasticsearch/2.3.1/elasticsearch-2.3.1.deb
sudo dpkg -i elasticsearch-2.3.1.deb
sudo systemctl enable elasticsearch.service
sudo nano /etc/elasticsearch/elasticsearch.yml
Find cluster.name: and set it to what you want your cluster called
cluster.name: graylog-search
Find name.name and set it to something like "graylog.node1"
node.name: graylog-node1
Save the file (CTRL-x / Y)
sudo systemctl start elasticsearch
sudo systemctl enable elasticsearch

Verify its working:
curl -X GET 'http://localhost:9200'

MongoDB
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927
echo “deb http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.2 multiverse” | sudo tee /etc/apt/sources.list.d/mongodb-org-3.2.list
sudo apt-get update
sudo apt-get install -y mongodb-org
sudo nano /etc/systemd/system/mongodb.service
Add the following to your mongo service file:
[Unit]
Description=High-performance, schema-free document-oriented database
After=network.target

		[Service]
		User=mongodb
		ExecStart=/usr/bin/mongod --quiet --config /etc/mongod.conf

		[Install]
		WantedBy=multi-user.target
	Save the file out.
sudo systemctl start mongodb
sudo systemctl status mongodb
sudo systemctl enable mongodb

Now we install Graylog

You can browse to: https://packages.graylog2.org/debian/dists/stable to check what the latest package is.
Replace 2.3 with the current version

wget https://packages.graylog2.org/repo/packages/graylog-2.3-repository_latest.deb
sudo dpkg -i graylog-2.3-repository_latest.deb
sudo apt-get update
sudo apt-get install graylog-server
sudo systemctl enable graylog-server.service
sudo -E sed -i -e "s/password_secret =.*/password_secret = $(pwgen -s 128 1)/" /etc/graylog/server/server.conf
sudo sed -i -e "s/root_password_sha2 =.*/root_password_sha2 = $(echo -n 'password' | shasum -a 256 | cut -d' ' -f1)/" /etc/graylog/server/server.conf
sudo nano /etc/graylog/server/server.conf
	Find and change the following lines, 
	uncommenting them and replacing graylog_public_ip with the public IP of your server. 
	This can be an IP address or a fully-qualified domain name.
		rest_listen_uri = http://your_server_ip_or_domain:9000/api/
		web_listen_uri = http://your_server_ip_or_domain:9000/
	Save your changes
sudo systemctl restart graylog-server
sudo systemctl status graylog-server

Hope this helps anyone who had as frustrating time as I had.

Greg


(system) #5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.