Written by Mick Pollard (@aussielunix)
Totally revamped by Ola Ekegren (@olaekegren)
Introduction
Graylog2 is made up of a few different FOSS projects along with some homegrown stuff and brings them all together to give you lasers for your viewing pleasure !
You should be able to copypasta the below steps in a few minutes and end up with a working graylog2 0.10.0 (RC3/4) setup.
This is not intended to be used as is for deploying Graylog2 in a production environment but should give you enough help to get up and running quickly for evaluation purposes or a great starting point to your own deployment.
I have made some assumptions below:
- You are running on Ubuntu 12.04 (Precise Pangolin) amd64
- It is a minimal install with only _openssh server_ selected
- All of these separate components will be installed to a single VM/server
- You have super powers (sudo)
- mongodb authentication is switched off (This is off by default. You can choose to which way you want to go but for the purpose of evaluation leaving it off is easiest)
Packages
Mongodb is installed from the [10Gen repo]
(http://docs.mongodb.org/manual/tutorial/install-mongodb-on-ubuntu/)
The Elasticsearch [DEB]
(http://www.elasticsearch.org/download/2013/01/29/0.20.4.html) is uploaded to aussielunix PPA for convenience.
The Graylog2 packages used in this howto are produced by aussielunix and are signed by hes gpg key [D77A4DCC]
(http://keyserver.ubuntu.com:11371/pks/lookup?search=0xD77A4DCC&op=index).
The packages were built using [fpm]
(https://github.com/jordansissel/fpm/wiki)
and [fpm-cookery]
(https://github.com/bernd/fpm-cookery)
and the package sources are [available]
(https://github.com/bernd/fpm-recipes).
These packages contain a couple of very small patches outlined below.
- graylog2-web/config/mongoid.yml – hard code details for production – without any authentication
- graylog2-declarative_authorization-0.5.2 – see http://jira.graylog2.org/browse/WEBINTERFACE-169
- graylog2-server/graylog2.conf – set _mongodb_useauth = false_
Making it so
Add the 10gen & aussielunix APT repo and keys to use them.
echo 'deb http://ppa.lunix.com.au/ubuntu/ precise main preview' | sudo tee /etc/apt/sources.list.d/aussielunix.list echo "deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen" | sudo tee -a /etc/apt/sources.list.d/10gen.list sudo apt-key adv --keyserver keyserver.ubuntu.com --recv D77A4DCC sudo apt-key adv --keyserver keyserver.ubuntu.com --recv 7F0CEB10
sudo apt-get update
Check if you have ruby installed
ruby -v
If you have a ruby version lover then 1.9 installed remove it with
sudo apt-get purge ruby1.8
Install ruby1.9.3 and bundler
sudo apt-get install ruby1.9.3
sudo gem install bundler
Then install half of the internet
sudo apt-get install mongodb-10gen elasticsearch graylog2-server graylog2-web
Tune some config files
sudo sed -i -e 's/# cluster.name: elasticsearch/cluster.name: graylog2/' /etc/elasticsearch/elasticsearch.yml
Review and possibly tune some other config files
edit this with your favorite editor all files are fine by default exept general.yml that you need to change ”external_hostname:”
/usr/share/graylog2-web/config/general.yml /usr/share/graylog2-web/config/mongoid.yml /etc/graylog2.conf /etc/graylog2-elasticsearch.yml /etc/elasticsearch/elasticsearch.yml /etc/default/elasticsearch
Start things up in order: elasticsearch, mongodb, graylog2-server
sudo service elasticsearch restart sudo service mongodb restart sudo service graylog2-server restart
Configure the local rsyslog server to talk to graylog2.
echo "*.* @localhost" | sudo tee -a /etc/rsyslog.d/30-graylog2.conf sudo service rsyslog restart
Now you should start up graylog2-web. This is a rails application and can be run under any rack capable web server.
For testing, rails has a built in webserver called webrick, and this is what we will use for now.
I will leave it as an exercise for the reader to research how to run graylog2-web under their favourite webserver.
To run graylog2-web using the built in webrick:
sudo -u graylog2-web -i script/rails server -e production
Browse to `http://hostname:3000` to test it out!
Hen you are done testing and happy how it works, exit with Ctrl-C and type ”exit” to exit out from the graylog2-web user.
Now, lets add it to mod_passenger and apache2
sudo apt-get install apache2 build-essential libcurl4-openssl-dev libssl-dev zlib1g-dev apache2-prefork-dev libapr1-dev libaprutil1-dev sudo gem install passenger cd /var/lib/gems/1.9.1/gems/passenger-4.0.10/bin/ (version number can differ) sudo ./passenger-install-apache2-module
When it’s done it shows something like this:
------------------------------------------- The Apache 2 module was successfully installed.
Please edit your Apache configuration file, and add these lines:
LoadModule passenger_module /var/lib/gems/1.9.1/gems/passenger-4.0.10/buildout/apache2/mod_passenger.so PassengerRoot /var/lib/gems/1.9.1/gems/passenger-4.0.10 PassengerDefaultRuby /usr/bin/ruby1.9.1
After you restart Apache, you are ready to deploy any number of Ruby on Rails applications on Apache, without any further Ruby on Rails-specific configuration!
Press ENTER to continue.
Remember those lines because you going to need it when you creating a config file for apache below.
Create the file /etc/apache2/conf.d/graylog2.conf and add with your favorite editor
LoadModule passenger_module /var/lib/gems/1.9.1/gems/passenger-4.0.10/buildout/apache2/mod_passenger.so PassengerRoot /var/lib/gems/1.9.1/gems/passenger-4.0.10 PassengerDefaultRuby /usr/bin/ruby1.9.1
<VirtualHost *:80> ServerName graylog2.yourhost.com # !!! Be sure to point DocumentRoot to 'public'! DocumentRoot /usr/share/graylog2-web/public <Directory /usr/share/graylog2-web/public> # This relaxes Apache security settings. AllowOverride all # MultiViews must be turned off. Options -MultiViews </Directory> </VirtualHost>
Restart apache2
sudo service apache2 restart