How to Install Graylog2 on Ubuntu 12.04 LTS

Written by  Mick Pollard (@aussielunix)
Totally revamped by Ola Ekegren (@olaekegren)

 

Introduction

Graylog2 is made up of a few different FOSS projects along with some homegrown stuff and brings them all together to give you lasers for your viewing pleasure !
You should be able to copypasta the below steps in a few minutes and end up with a working graylog2 0.10.0 (RC3/4) setup.

This is not intended to be used as is for deploying Graylog2 in a production environment but should give you enough help to get up and running quickly for evaluation purposes or a great starting point to your own deployment.

I have made some assumptions below:

  • You are running on Ubuntu 12.04 (Precise Pangolin) amd64
  •  It is a minimal install with only _openssh server_ selected
  • All of these separate components will be installed to a single VM/server
  •  You have super powers (sudo)
  • mongodb authentication is switched off  (This is off by default. You can choose to which way you want to go but for the purpose of evaluation leaving it off is easiest)

 

Packages

Mongodb is installed from the [10Gen repo]
(http://docs.mongodb.org/manual/tutorial/install-mongodb-on-ubuntu/)

The Elasticsearch [DEB]
(http://www.elasticsearch.org/download/2013/01/29/0.20.4.html) is uploaded to aussielunix PPA for convenience.

The Graylog2 packages used in this howto are produced by aussielunix and are signed by hes gpg key [D77A4DCC]
(http://keyserver.ubuntu.com:11371/pks/lookup?search=0xD77A4DCC&op=index).

The packages were built using [fpm]
(https://github.com/jordansissel/fpm/wiki)
and [fpm-cookery]
(https://github.com/bernd/fpm-cookery)
and the package sources are [available]
(https://github.com/bernd/fpm-recipes).

 

These packages contain a couple of very small patches outlined below.

  • graylog2-web/config/mongoid.yml – hard code details for production – without any authentication
  • graylog2-declarative_authorization-0.5.2 – see http://jira.graylog2.org/browse/WEBINTERFACE-169
  • graylog2-server/graylog2.conf – set _mongodb_useauth = false_

 

Making it so

Add the 10gen & aussielunix APT repo and keys to use them.

echo 'deb http://ppa.lunix.com.au/ubuntu/ precise main preview' | sudo tee /etc/apt/sources.list.d/aussielunix.list
echo "deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen" | sudo tee -a /etc/apt/sources.list.d/10gen.list
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv D77A4DCC
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10
sudo apt-get update

 

Check if you have ruby installed

ruby -v

If you have a ruby version lover then 1.9 installed remove it with

sudo apt-get purge ruby1.8

Install ruby1.9.3 and bundler

sudo apt-get install ruby1.9.3
sudo gem install bundler

Then install half of the internet

sudo apt-get install mongodb-10gen elasticsearch graylog2-server graylog2-web

Tune some config files

sudo sed -i -e 's/# cluster.name: elasticsearch/cluster.name: graylog2/' /etc/elasticsearch/elasticsearch.yml

 

 

Review and possibly tune some other config files

edit this with your favorite editor all files are fine by default exept general.yml that you need to change ”external_hostname:”

/usr/share/graylog2-web/config/general.yml
/usr/share/graylog2-web/config/mongoid.yml
/etc/graylog2.conf
/etc/graylog2-elasticsearch.yml
/etc/elasticsearch/elasticsearch.yml
/etc/default/elasticsearch

Start things up in order: elasticsearch, mongodb, graylog2-server

sudo service elasticsearch restart
sudo service mongodb restart
sudo service graylog2-server restart

Configure the local rsyslog server to talk to graylog2.

echo "*.* @localhost" | sudo tee -a /etc/rsyslog.d/30-graylog2.conf
sudo service rsyslog restart

Now you should start up graylog2-web. This is a rails application and can be run under any rack capable web server.
For testing, rails has a built in webserver called webrick, and this is what we will use for now.
I will leave it as an exercise for the reader to research how to run graylog2-web under their favourite webserver.

 

To run graylog2-web using the built in webrick:

sudo -u graylog2-web -i
script/rails server -e production

Browse to `http://hostname:3000` to test it out!

Hen you are done testing and happy how it works, exit with Ctrl-C and type ”exit”  to exit out from the graylog2-web user.

 

Now, lets add it to mod_passenger and apache2

sudo apt-get install apache2 build-essential libcurl4-openssl-dev libssl-dev zlib1g-dev apache2-prefork-dev libapr1-dev libaprutil1-dev
sudo gem install passenger
cd /var/lib/gems/1.9.1/gems/passenger-4.0.10/bin/     (version number can differ)
sudo ./passenger-install-apache2-module

When it’s done it shows something like this:

-------------------------------------------
The Apache 2 module was successfully installed.
Please edit your Apache configuration file, and add these lines:
LoadModule passenger_module /var/lib/gems/1.9.1/gems/passenger-4.0.10/buildout/apache2/mod_passenger.so
 PassengerRoot /var/lib/gems/1.9.1/gems/passenger-4.0.10
 PassengerDefaultRuby /usr/bin/ruby1.9.1
After you restart Apache, you are ready to deploy any number of Ruby on Rails
applications on Apache, without any further Ruby on Rails-specific
configuration!
Press ENTER to continue.

Remember those lines because you going to need it when you creating a config file for apache below.

Create the file /etc/apache2/conf.d/graylog2.conf and add with your favorite editor

LoadModule passenger_module /var/lib/gems/1.9.1/gems/passenger-4.0.10/buildout/apache2/mod_passenger.so
 PassengerRoot /var/lib/gems/1.9.1/gems/passenger-4.0.10
 PassengerDefaultRuby /usr/bin/ruby1.9.1
<VirtualHost *:80>
 ServerName graylog2.yourhost.com
 # !!! Be sure to point DocumentRoot to 'public'!
 DocumentRoot /usr/share/graylog2-web/public
 <Directory /usr/share/graylog2-web/public>
  # This relaxes Apache security settings.
  AllowOverride all
  # MultiViews must be turned off.
  Options -MultiViews
  </Directory>
</VirtualHost>

Restart apache2

sudo service apache2 restart

 

Your all done!

Kommentera