![]() Make Graylog publicly accessible (if you wish) Iptables -t nat -A PREROUTING -p udp -dport 514 -j REDIRECT -to 1514Ĭheck if your /etc/les contains both lines for redirect 514 -> 1514 with nano /etc/lesĬreate a file that is executed after every restart to setup the rules again and change its permissions to "executable" nano /etc/network/if-pre-up.d/iptablesĬhmod +x /etc/network/if-pre-up.d/iptables ![]() Iptables -t nat -A PREROUTING -p tcp -dport 514 -j REDIRECT -to 1514 Code is run under su to be able to save les sudo su. Not sure why this needs to be done, for some security reason, graylong has no access to 514(?), 514 is redirected to 1514. Restart RSyslog sudo systemctl restart rsyslog Open nfig sudo nano /etc/rsyslog.etcĪnd add at the bottom this line *.* PUBLIC(?) IP ADDRESS]:1514 RSYSLOG_SyslogProtocol23Format _ AT THIS POINT EVERYTHING SHOULD BE UP AND RUNNING _ Configure Graylog to receive syslogs from the server (not necessary but it is a part of the video) Get current IP address ifconfigĬonfigure RSyslog to send logs to Graylog To check if Graylog is running tail -f /var/log/graylog-server/server.log Start Graylog service sudo systemctl daemon-reload Generate password_secret with pwgen -N 1 -s 96Ĭreate an admin password with echo -n | shasum -a 256Īdd these configuration values to Graylog nf nano /etc/graylog/server/nf To check if Elasticsearch is running ps aux | grep elasticsearch add as a last line to_create_index: false.Open elasticsearch.yml and update following configuration options sudo nano /etc/elasticsearch/elasticsearch.yml This step is apparently not really needed but belong behind previous line: | sudo tee -a /etc/apt//elastic-6.x.list Sudo add-apt-repository "deb stable main" To check that MongoDB is running ps aux | grep mongoĪt the moment Graylog supports only Elasticsearch version 6. (not yet completed, ended at Graylog running but not configured) JAVA + other prerequisities sudo apt-get update & sudo apt-get -y install zsh - SO YOU DON'T WANT TO DRIVE YOURSELF CRAZY WITH PLAIN CONSOLEĬhsh -s /bin/zsh - to set Zsh as a default console Based on this video and guidelines for Java, MongoDB, Elasticsearch and so on
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |