HomeAbout MeContact

Graylog Open on AWS with Ubuntu

By Greg Goodwin
Published in Logging
June 21, 2022
1 min read
Graylog Open on AWS with Ubuntu

Graylog Open 4.2 on AWS with Ubuntu

All for around $30 a month.

Part 1: AWS Setup

  • Go to Amazon AWS > EC2 and create a new instance
  • Name your instanceNameIt
  • Choose Ubuntu AMIUbuntu Selection
  • Choose Instance Type t3a.mediumInstanceType
  • Create new key pairKeyPair
  • Edit Network SettingsNetworkSettings
  • Allow ports 22 only to your IP, 80, 514, 1514 to the worldenter image description here
  • Set 30GB Spaceenter image description here
  • Launch Instanceenter image description here

Part 2: Install Greylog

  • SSH Into Instance Here you will need to use the Secret Key you setup during your instance creation. If your on Windows, make sure it resides somewhere in the Users/{YourUserName} directories, otherwise you will be continually told you have an unprotected key. enter image description here
  • Get Your SSH Connection Stringenter image description here
  • Connect using your SSH client of choice, I use Powershell on Windows
  • Update Ubuntu
    • sudo apt-get update
    • sudo apt-get upgrade
  • Install OpenJDK
    • sudo apt-get update && sudo apt-get upgrade
    • sudo apt-get install apt-transport-https openjdk-8-jre-headless uuid-runtime pwgen
  • Install MongoDB
    • sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 9DA31620334BD75D9DCB49F368818C72E52529D4
    • echo "deb [ arch=amd64 ] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.0.list
    • sudo apt-get update
    • sudo apt-get install -y mongodb-org
  • Setup MongoDB to Autorun
    • sudo systemctl daemon-reload
    • sudo systemctl enable mongod.service
    • sudo systemctl restart mongod.service
    • sudo systemctl --type=service --state=active | grep mongod
    • sudo systemctl status mongod
  • Install Elasticsearch
    • wget -q https://artifacts.elastic.co/GPG-KEY-elasticsearch -O myKey
    • sudo apt-key add myKey
    • echo "deb https://artifacts.elastic.co/packages/oss-6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list
    • sudo apt-get update && sudo apt-get install elasticsearch-oss
  • Modify Elasticsearch Config
    • sudo tee -a /etc/elasticsearch/elasticsearch.yml > /dev/null <<EOT
    • cluster.name: graylog
    • action.auto_create_index: false
    • EOT
  • Start Elasticsearch and Autorun
    • sudo systemctl daemon-reload
    • sudo systemctl enable elasticsearch.service
    • sudo systemctl restart elasticsearch.service
    • sudo systemctl --type=service --state=active | grep elasticsearch
    • sudo systemctl status elasticsearch.service
  • Install Graylog
    • sudo apt-get install apt-transport-https
    • wget https://packages.graylog2.org/repo/packages/graylog-4.2-repository_latest.deb
    • sudo dpkg -i graylog-4.2-repository_latest.deb
    • sudo apt-get update
    • sudo apt-get update && sudo apt-get install graylog-server graylog-integrations-plugins
  • Configure Graylog
    • pwgen -N 1 -s 96
  • Copy Password This Generates
    • Replace secrey_key with that password you just copied
    • echo -n secret_key | sha256sum
  • Copy the sha256sum this prints
  • Open the Graylog Config
    • sudo nano /etc/graylog/server/server.conf
    • Copy the first password you generated in the password_secret section
    • Copy the sha256sum you generated into the root_password_sha section
    • Uncomment http_bind_address and set it to 127.0.0.1:80
    • Ctrl+Xthen Y then Enter to save our changes.
  • Set Graylog to Autorun
    • sudo systemctl daemon-reload
    • sudo systemctl enable graylog-server.service
    • sudo systemctl start graylog-server.service
    • sudo systemctl --type=service --state=active | grep graylog
    • sudo systemctl status graylog-server
  • Allow out 80 Port in Ubuntu
    • sudo ufw allow 80
  • Reboot for good measure
    • sudo reboot
    • sudo apt update
    • sudo apt upgrade

Tags

#logging#graylog#aws#ubuntu
Previous Article
Go Serverless with Blazor and Azure Functions

Greg Goodwin

Web Developer

Topics

Blazor
Logging
React

Quick Links

HomeAbout MeContact Me

Social Media