GRAYLOG - Install Script On Ubuntu 24.4: Difference between revisions

From IT-Arts.net
← Older edit
No edit summary
m Text replacement - "Category:Wiki" to "Category:Wiki '''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]''''' "
 
Line 1: Line 1:
[[Category:Wiki]]
[[Category:Wiki]]
'''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]'''''


== install_graylog.sh ==
== install_graylog.sh ==

Latest revision as of 07:12, 17 January 2026


Return to Wiki Index


install_graylog.sh

#!/bin/bash

# Exit on errors
set -e

# Script Variables
GRAYLOG_VERSION="4.5.0"
MONGO_VERSION="4.2"
ES_VERSION="7.x"

# Function to install dependencies
install_dependencies() {
    echo "Installing required dependencies..."
    sudo apt update && sudo apt upgrade -y
    sudo apt install -y openjdk-11-jre-headless wget curl apt-transport-https gnupg2 lsb-release
}

# Function to install and configure MongoDB
install_mongo() {
    echo "Installing MongoDB..."
    
    # Import MongoDB public key and set up the MongoDB repository
    wget -qO - https://www.mongodb.org/static/pgp/server-${MONGO_VERSION}.asc | sudo apt-key add -
    echo "deb http://repo.mongodb.org/apt/ubuntu $(lsb_release -sc)/mongodb-org/${MONGO_VERSION} multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-${MONGO_VERSION}.list
    
    # Install MongoDB
    sudo apt update
    sudo apt install -y mongodb-org

    # Enable and start MongoDB service
    sudo systemctl enable mongod
    sudo systemctl start mongod

    # Ensure MongoDB is running
    sudo systemctl status mongod
}

# Function to install and configure Elasticsearch
install_elasticsearch() {
    echo "Installing Elasticsearch..."
    
    # Install and import the public signing key for Elasticsearch
    wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
    echo "deb https://artifacts.elastic.co/packages/${ES_VERSION}/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-${ES_VERSION}.list
    
    # Install Elasticsearch
    sudo apt update
    sudo apt install -y elasticsearch
    
    # Configure Elasticsearch to bind to localhost only (for security)
    sudo sed -i 's/#network.host: 192.168.0.1/network.host: localhost/' /etc/elasticsearch/elasticsearch.yml

    # Enable and start Elasticsearch service
    sudo systemctl enable elasticsearch
    sudo systemctl start elasticsearch

    # Ensure Elasticsearch is running
    sudo systemctl status elasticsearch
}

# Function to install Graylog
install_graylog() {
    echo "Installing Graylog..."
    
    # Add Graylog repository and install public key
    wget -qO - https://packages.graylog2.org/repo/packages/graylog-4.x/apt/doc/graylog.asc | sudo apt-key add -
    echo "deb https://packages.graylog2.org/repo/debian/ stable 4.x" | sudo tee /etc/apt/sources.list.d/graylog.list
    
    # Install Graylog
    sudo apt update
    sudo apt install -y graylog-server
    
    # Enable Graylog service
    sudo systemctl enable graylog-server
}

# Function to configure Graylog
configure_graylog() {
    echo "Configuring Graylog..."
    
    # Set a secret key for Graylog (you can replace this with a custom string)
    SECRET_KEY=$(openssl rand -base64 64)
    sudo sed -i "s/^#root_password_sha2.*$/root_password_sha2 = $(echo -n 'admin' | sha256sum | cut -d ' ' -f 1)/" /etc/graylog/server/server.conf
    sudo sed -i "s/^#password_secret = .*/password_secret = $SECRET_KEY/" /etc/graylog/server/server.conf

    # Set MongoDB URI (adjust if necessary)
    sudo sed -i 's/^#mongodb_uri = mongodb:\/\/127.0.0.1:27017\/graylog/.mongodb_uri = mongodb:\/\/127.0.0.1:27017\/graylog/' /etc/graylog/server/server.conf

    # Set Elasticsearch connection
    sudo sed -i 's/^#elasticsearch_hosts = .*/elasticsearch_hosts = http:\/\/127.0.0.1:9200/' /etc/graylog/server/server.conf

    # Set the Graylog web interface URL (adjust if necessary)
    sudo sed -i 's/^#web_interface_address = .*/web_interface_address = 0.0.0.0/' /etc/graylog/server/server.conf
    sudo sed -i 's/^#http_bind_address = .*/http_bind_address = 0.0.0.0:9000/' /etc/graylog/server/server.conf
}

# Function to start Graylog service
start_graylog() {
    echo "Starting Graylog..."
    sudo systemctl start graylog-server

    # Check if Graylog is running
    sudo systemctl status graylog-server
}

# Function to configure firewall (optional, adjust as needed)
configure_firewall() {
    echo "Configuring firewall..."
    
    # Allow Graylog and Elasticsearch ports through firewall
    sudo ufw allow 9000/tcp  # Graylog Web Interface
    sudo ufw allow 9200/tcp  # Elasticsearch
    sudo ufw enable
    sudo ufw status
}

# Function to display the web interface URL
display_access_info() {
    echo "Graylog installation complete!"
    echo "Access Graylog Web Interface at: http://<your-server-ip>:9000"
    echo "Default username: admin"
    echo "Default password: admin"
}

# Main execution
install_dependencies
install_mongo
install_elasticsearch
install_graylog
configure_graylog
start_graylog
configure_firewall
display_access_info



exit 0
Retrieved from "https://it-arts.net/index.php?title=GRAYLOG_-_Install_Script_On_Ubuntu_24.4&oldid=949"