Advertisements

Where in I install graylog2 as a linux newb

Or just watch the video 🙂 https://everythingshouldbevirtual.com/ubuntu-graylog2-auto-install-script-video

First download Ubuntu

http://releases.ubuntu.com/13.04/

Use the 64-bit PC (AMD64) server install image I’m installing inside vmware so I choose Ubuntu 64bit as the vm type. The AMD64 might throw you off, it just means 64bit.

Mount and boot the .iso. Install using defaults. Done.

Next, try to get vmware tools installed.

I followed these instructions -> from here http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1022525

And it looks like they actually worked!

—-

Ubuntu Server with only a command line interface

  1. Go to Virtual Machine > Install VMware Tools (or VM > Install VMware Tools).Note: If you are running the light version of Fusion, or a version of Workstation without VMware Tools, or VMware Player, you are prompted to download the Tools before they can be installed. Click Download Now to begin the download.
  2. In the Ubuntu guest, run these commands:
    1. Create a directory to mount the CD-ROM by running the command:sudo mkdir /mnt/cdromWhen prompted for a password, enter your Ubuntu admin user password.Note: For security reasons, the typed password is not displayed. You do not need to enter your password again for the next five minutes.
    2. Mount the CD-ROM by running the command:sudo mount /dev/cdrom /mnt/cdrom or sudo mount /dev/sr0 /mnt/cdrom
    3. The file name of the VMware Tools bundle varies depending on your version of the VMware product. Run this command to find the exact name:ls /mnt/cdrom
    4. Extract the contents of the VMware Tools bundle by running the command:tar xzvf /mnt/cdrom/VMwareTools-x.x.x-xxxx.tar.gz -C /tmp/Notex.x.x-xxxx is the version discovered in the previous step.
    5. Change directories into the VMware Tools distribution by running the command:cd /tmp/vmware-tools-distrib/
    6. Install VMware Tools by running the command:sudo ./vmware-install.pl -dNote: The -d switch assumes that you want to accept the defaults. If you do not use -d, press Return to accept each default or supply your own answers.
  3. Run this command to reboot the virtual machine after the installation completes:sudo reboot

Assign a static ip using instructions here ->https://help.ubuntu.com/10.04/serverguide/network-configuration.html

Static IP Address Assignment

To configure your system to use a static IP address assignment, add the static method to the inet address family statement for the appropriate interface in the file /etc/network/interfaces. The example below assumes you are configuring your first Ethernet interface identified as eth0. Change the addressnetmask, and gateway values to meet the requirements of your network.

auto eth0
iface eth0 inet static
address 10.0.0.100
netmask 255.255.255.0
gateway 10.0.0.1

By adding an interface configuration as shown above, you can manually enable the interface through the ifup command.

sudo ifup eth0

--- OK now to install. taken from here -> http://everythingshouldbevirtual.com/ubuntu-12-04-graylog2-installation

The salient point of the install is

Installation steps
------------------
sudo apt-get -y install git
cd ~
git clone https://github.com/mrlesmithjr/graylog2/
chmod +x ./graylog2/install_graylog2_20_ubuntu.sh

Now enter the following to start running the script.
cd ~
sudo ./graylog2/install_graylog2_20_ubuntu.sh
---
That will take a while, I don't know how long since I went home and it was done when I got back.

--tada it worked

---now setup the redirect Rsyslog is listening on UDP/514 and forwarding to Graylog2 which is listening on UDP/10514

Open your browser of choice and connect to http://ip.or.nameofgraylog2server:9000

Login with username admin and password is password123

16-14-48

Click on system

16-06-32

Click on nodes

16-06-45

Select action and then manage inputs

16-06-57

Select Syslog UDP from dropdown

16-07-16

Give it a name of syslog redirect and port 10514 and then click launch and close. (Rsyslog is listening on UDP/514 and forwarding to Graylog2 which is listening on UDP/10514)

16-07-52

You should now see your new input created and accepting traffic.

16-08-34

--- Ok, now to get our ESX traffic in. Taken from -> https://everythingshouldbevirtual.com/collecting-vsphere-syslog-data-with-graylog2

Now assuming that you have Graylog2 up and running let’s configure our ESXi hosts to send their syslogs to our new Graylog2 server.

Open your vSphere Client and select your host from vCenter or connect directly to your host. Select configuration and then advanced settings under the software section. Scroll down and expand Syslog and select global. Now underSyslog.global.loghost fill in udp://ipaddressofgraylog2:514 then click ok.

11-59-45

 

Now you have to allow syslog data to be sent from your host. In order to do this you must configure the firewall on the host to allow this. So on the configuration page select security profile under the Software section. Scroll down to syslog and enable the checkbox and click ok.

13-16-34

Once that is done you should start to see syslog data showing up in Graylog2. The only other thing you might want to do is make sure that each of your hosts are showing up as unique hosts within Graylog2. Other than that you are good to go. You can also configure other devices in your environment to send their syslog data back to your Graylog2 server.

OK, now I see stuff flowing in but I need to make some sort of dashboard! I'll figure that out next!

					
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: