Follow guide here:
http://docs.graylog.org/en/latest/pages/installation/virtual_machine_appliances.html
http://docs.graylog.org/en/1.1/pages/installation/graylog_ctl.html
set ubuntu password:
passwd
Set Static IP:
sudo nano /etc/network/interfaces
auto eth0
iface eth0 inet static
address 192.168.1.200
netmask 255.255.255.0
gateway 192.168.1.1
Update Ubuntu:
sudo aptitude update && sudo aptitude upgrade
sudo graylog-ctl set-email-config [–port= –user= –password=]
sudo graylog-ctl set-admin-password
sudo graylog-ctl set-timezone
sudo graylog-ctl enforce-ssl
example: sudo graylog-ctl set-timezone America/New_York
sudo graylog-ctl reconfigure
login web interface. Add inputs. Point stuff to graylog. Install graylog collector or NX log as needed.
Grow VM disk:
df -h
fdisk -l
pvcreate /dev/sdb
lvdisplay
vgextend graylog-vg /dev/sdb
lvextend -l +100%FREE /dev/graylog-vg/root
resize2fs /dev/graylog-vg/root
df -h
set retention policy
sudo graylog-ctl set-retention –size=1 –indices=100
sudo graylog-ctl reconfigure
100gb of log space now
useful paths:
/opt/graylog/conf/
Since I have only 1 server, I’m configuring it for 1 shard and 0 replicas.
/opt/graylog/conf/graylog.conf
elasticsearch_shards = 1
elasticsearch_replicas = 0
then graylog-ctl restart
To be continued…
troubleshooting:
sudo graylog-ctl tail
watch the messages and look for something wrong
If an index gets corrupted you can manually cycle the deflector.
cron job to email status report from graylog
sudo apt-get install python-pip