Install Graylog2 web interface on CentOS 6

We will be installing Graylog2 Web interface on CentOS 6 as Part 4 of our series on Monitoring your systems with logstash and Graylog2. ::Part 1::Part 2::Part 3::

Please Note! This configuration is for the 0.9.5 version of Graylog2 Server and has not been verified to function with the changes implemented in version 0.9.6, although most of the implementation should be similar.

We will be installing a Ruby on Rails web application framework driven by Passenger which runs as an Apache module. This means you’ll obviously need Apache installed as well as the g++ compiler (try “yum list gcc*” if you’re stuck) and typical development tools.

The installation overview:

  1. Install required packages
  2. Download Graylog2 Web Interface
  3. Create directory and copy files
  4. Configure Ruby
  5. Configure Bundler
  6. Edit “yml” config files
  7. Install Passenger
  8. Configure Passenger
  9. Configure Apache for Passenger
  10. Restart Apache and check for errors
  11. Check SELinux Status
  12. Set SELinux to permissive mode
  13. Configure database
  14. Create pid directory
  15. Test Ruby install with Brick
  16. Launch Web Interface

So let’s get started!

 
 

We’ll need to install some other packages found in the table below.

ruby-static - Static libraries for Ruby Devel
ruby-libs - Libraries Necessary to run Ruby
ruby-gems - Ruby Standard for packaging libraries
rubygem-rake - Ruby based make like utility
rubygem-hoe - rake/rubygems helper for Rakefiles
rubygem-gem_plugin - Plugin System based on Rubygems
ruby-docs Manuals and FAQS
ruby-devel - Ruby development environment
ruby - Interpreter
ruby-irb - Interactive Ruby
compat-readlines - Library for editing typed command lines
ruby-rdoc - tool to generate docs from Ruby source
g++ - GNU C++ compiler
libcurl-devel - Curl development headers with SSL support
openssl-devel - OpenSSL development headers
zlib-static - Zlib development headers
httpd-devel - Apache 2 development headers
apr-devel - Apache Portable Runtime (APR) development headers
apr-util-devel - Apache Portable Runtime Utility (APU) development headers

We’ll next need to download and unpack the Graylog2-web-interface to our home directory.

Next we’ll create a graylog2-web directory and copy the files. As root:

mkdir /var/www/graylog2-web
cd ~/graylog2-web-interface-X.X.X && cp -R ./* /var/www/graylog2-web/
chown -R apache.apache /var/www/graylog2-web/*

We’ll next configure Ruby, so as root run the commands below:

cd /var/www/graylog2-web && gem update
gem install git rake bundler

We next configure bundler

cd /var/www/graylog2-web && bundle install

Edit all “*.yml” files in /var/www/graylog2-web/config as appropriate (I needed to remove the comments in general.yml that were after the directives). Make sure your mongoid.yml matches your graylog2.conf and mongoDB settings as below.

production:
  host: 127.0.0.1
  port: 27017
  username: gluser
  password: grayloguser-password
  database: graylog2

Now we will install passenger to connect to apache. As root:

cd /var/www/graylog2 && gem install passenger

We next will Create and populate /etc/httpd/conf.d/passenger.conf

echo "LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-3.0.11/ext/apache2/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.11
PassengerRuby /usr/bin/ruby" > /etc/httpd/conf.d/passenger.conf

Our next step is to configure apache so passenger can run. You’ll need to edit your “/etc/httpd/conf/httpd.conf” creating a virtual host “gray.localhost”.

ServerName 127.0.0.1:80
#
DocumentRoot "/var/www/html"
#
<Directory "/var/www/html">
#
NameVirtualHost *:80
#
<VirtualHost *:80>
  ServerName gray.localhost
  DocumentRoot /var/www/graylog2-web/public
  RailsEnv production
  ServerAlias gray.localhost.localdomain
  ErrorLog logs/graylog2-error_log
  CustomLog logs/graylog2-access_log common
   <Directory /var/www/graylog2-web/public>
    Allow from all
    Options -MultiViews
   </Directory>
</VirtualHost>

We next restart apache and check for errors.

/etc/init.d/httpd/restart
tail --lines=20 /var/log/httpd/error_log

We likely notice errors that passenger does not start. If your configuration is solid, this is likely caused by SELinux. To see if SELinux is being enforced, as root:

getenforce

We can temporarily set SELinux to permissive mode. This will log the errors that are generated which will allow us to figure out which modules are being blocked. We can then tighten up the SELinux configuration at a later time. As root, run the following command:

echo 0 > /selinux/enforce

Restart apache again and see if passenger gets loaded this time. If you’re still having problems you will need to check your configuration.

We next create indexes and configure the database to our needs:

cd /var/www/graylog2-web
bundle exec rake db:mongoid:create_indexes RAILS_ENV=production --trace

We need to create a pid directory beneath the script directory and assign rights to apache

mkdir -p /var/www/graylog2-web/script/tmp/pids
chown -R apache.apache /var/www/graylog2-web/*

We can now to start Rails “brick” server as root from the application base directory. We do this to test if our rails setup is working correctly as brick gives us some nice status messages. If all seems good you can kill brick via Ctrl-C.

cd /var/www/graylog2-web
./script/rails server -e production

We should then be able to launch the interface via browser using passenger

http://gray.localhost

Hopefully everything is working as we expect and we are presented with the initial Graylog2 interface. Don’t forget that you’ve probably set SELinux to Permissive mode and will need to configure our file security settings to allow our application to run under SELinux.