Skip to main content

Graylog Environment Project 2015

Here are some of the links I used to get Graylog on Centos 7 working.  On my current project I have to downgrade to Centos 6.6 due to some older HP hardware.

The architecture I want to build out for the current engagement is the following:



https://www.graylog.org

MongoDB is very important for this:


http://docs.mongodb.org/manual/tutorial/install-mongodb-on-red-hat/

Here is the first steps:

vi /etc/yum.repos.d/mongodb-org-3.0.repo

[mongodb-org-3.0]
name=MongoDB Repository
baseurl=http://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.0/x86_64/
gpgcheck=0
enabled=1


Install the MongoDB packages and associated tools.

When you install the packages, you choose whether to install the current release or a previous one. This step provides the commands for both.

To install the latest stable version of MongoDB, issue the following command:
sudo yum install -y mongodb-org

Start MongoDB.

You can start the mongod process by issuing the following command:\
sudo service mongod start

Verify that MongoDB has started successfully

You can verify that the mongod process has started successfully by checking the contents of the log file at /var/log/mongodb/mongod.log for a line reading

[initandlisten] waiting for connections on port <port>
where <port> is the port configured in /etc/mongod.conf27017 by default.
You can optionally ensure that MongoDB will start following a system reboot by issuing the following command:
sudo chkconfig mongod on

Stop MongoDB.

As needed, you can stop the mongod process by issuing the following command:
sudo service mongod stop

Restart MongoDB.


You can restart the mongod process by issuing the following command:
sudo service mongod restart 
You can follow the state of the process for errors or important messages by watching the output in the /var/log/mongodb/mongod.log file.

Referenced from:  http://docs.mongodb.org/manual/tutorial/install-mongodb-on-red-hat/

Elastic Search Installation

Centos Installation and ConfigurationReferenced from the following location:

vi /etc/yum.repos.d/elasticsearch.repo

Insert the following:

[elasticsearch-1.5]
name=Elasticsearch repository for 1.5.x packages baseurlbaseurl=http://packages.elasticsearch.org/elasticsearch/1.5/centos gpgcheck
gpgcheck=1
gpgkey=http://packages.elasticsearch.org/GPG-KEY-elasticsearch enabled
enabled=1

yum install elastic search
chkconfig --add elastic search


EPEL Repository Confiiguration and Installation:


http://www.tecmint.com/how-to-enable-epel-repository-for-rhel-centos-6-5/

## RHEL/CentOS 6 64-Bit ##
# wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# rpm -ivh epel-release-6-8.noarch.rpm
yum repolist
http://wiki.xenproject.org/wiki/Xen_Project_Beginners_Guide

Download and install the public signing key:
Add the following in your /etc/yum.repos.d/ directory in a file with a .repo suffix, for example elasticsearch.repo
And your repository is ready for use. You can install it with:
Configure Elasticsearch to automatically start during bootup. If your distribution is using SysV init, then you will need to run:


EPEL Repository I think is needed. In this Blog I will review the configuration steps to verify the result of a clean build.



Centos Graylog Repository Installation:

$ sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-1.0-repository-el6_latest.rpm2.$ yum install graylog-server graylog-web

 This has become much easier than previous iterations of installations and builds on Centos 7 the process is very manual including creating the init.d scripts for it.

At some point I will post them in this blog. For review or in case I might need them later.

Link: Graylog Early Version 3.2 Previous


 Also syslog forwarding to graylog the bread and butter of it all.

http://docs.graylog.org/en/1.0/pages/sending_data.html#syslog

Here is the syslog forwarder for this.
 Additional Notes:

I know un-related probably just I reminder for myself.

 Here is the Vagrant website. I plan using this later.

https://www.vagrantup.com

Comments

Post a Comment

Popular posts from this blog

Qradar Scripts and Results Part 1. Disk Space and Qradar Persistent Queue

______________________________________________________________________________________________________ Script examples written by Travis Hutchings thutch901@gmail.com 865.405.8830 _______________________________________________________ Disk Space and Alerting Results specific to Qradar servers and environments. General Linux script concepts can also be applied to system administration concepts. This disk space script utilizes a few Qradar support functions. 1. Disk Space Alerting and results in /store volume List disk space for all Qradar servers: df- h /opt/qradar/support/all_servers.sh -a '15%' 'df -h /store' >> $listFile List the top of the directory to see file dates and times to determine if Persistent Queue is processing: /opt/qradar/support/all_servers.sh -a '15%' 'ls -l /store/persistent_queue/ecs-ec-ingress.ecs-ec-ingress | head -6' >> $listFile Bottom of the Persistent Queue and seeing if results are processing: /opt/qradar/suppor...
Post a Comment
Read more

Qradar- PSQL Report Development for EPS by log source result

EPS by logsource with QRADAR PSQL query tests and research By Travis Hutchings thutch901@gmail.com 971.226.6732  psql -A -F"," -U qradar -c "select sensordevice.id, sensordevice.hostname, sensordevice.devicename, sensordevicetype.devicetypename, to_timestamp(sensordevice.timestamp_last_seen/1000) from sensordevice, sensordevicetype where sensordevice.devicetypeid = sensordevicetype.id and sensordevice.deviceenabled = 't' and sensordevice.devicename not ilike '%wincollect%' and to_timestamp(sensordevice.timestamp_last_seen/1000) > now() - interval '30 days' order by to_timestamp(timestamp_last_seen/1000) desc" psql -A -F"," -U qradar -c "select sensordevice.id, sensordevice.hostname, sensordevice.devicename, sensordevicetype.devicetypename, to_timestamp(sensordevice.timestamp_last_seen/1000), to_timestamp(round(sensordevice.creationdate/1000) from sensordevice, sensordevicetype where sensordevice.devicetypeid = sensordevicety...
Post a Comment
Read more

Technology Resource Implementation and Resource Links:

 Travis Hutchings Technology Resource Implementation and Resource Links Monitoring Scripts and Resources Linux Projects and Scripts      - GrayLog Server process flow and installation notes:                                 GrayLog Server process flow and installation notes      - Qradar Scripts and Articles:                  Qradar Disk Space Alert and Persistent Queue                  Qradar EPS by Log Source Script                 Postgres Research for EPS report by logsource Syslog-NG Resources and Links Syslog-ng. conf manipulation and changes     -Linux Scripts Windows Projects and Scripts Seterus Active Directory Project proposal Active Directory Migrations Microsoft Azure Resources and Links: Azure KQL Resources and Commands Arti...
Post a Comment
Read more