Graylog VM Setup – Start to Finish

Follow guide here:

set ubuntu password:

Set Static IP:
sudo nano /etc/network/interfaces

auto eth0
iface eth0 inet static

Update Ubuntu:
sudo aptitude update && sudo aptitude upgrade

sudo graylog-ctl set-email-config [–port= –user= –password=]
sudo graylog-ctl set-admin-password
sudo graylog-ctl set-timezone
sudo graylog-ctl enforce-ssl
example: sudo graylog-ctl set-timezone America/New_York

sudo graylog-ctl reconfigure

login web interface. Add inputs. Point stuff to graylog. Install graylog collector or NX log as needed.

Grow VM disk:
df -h
fdisk -l
pvcreate /dev/sdb
vgextend graylog-vg /dev/sdb
lvextend -l +100%FREE /dev/graylog-vg/root
resize2fs /dev/graylog-vg/root
df -h

set retention policy
sudo graylog-ctl set-retention –size=1 –indices=100
sudo graylog-ctl reconfigure

100gb of log space now

useful paths:

Since I have only 1 server, I’m configuring it for 1 shard and 0 replicas.
elasticsearch_shards = 1
elasticsearch_replicas = 0
then graylog-ctl restart

To be continued…

sudo graylog-ctl tail
watch the messages and look for something wrong

If an index gets corrupted you can manually cycle the deflector.
cron job to email status report from graylog
sudo apt-get install python-pip

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s