We will be installing Graylog2 Web interface on CentOS 6 as Part 4 of our series on Monitoring your systems with logstash and Graylog2. ::Part 1::Part 2::Part 3::
Please Note! This configuration is for the 0.9.5 version of Graylog2 Server and has not been verified to function with the changes implemented in version 0.9.6, although most of the implementation should be similar.
We will be installing a Ruby on Rails web application framework driven by Passenger which runs as an Apache module. This means you’ll obviously need Apache installed as well as the g++ compiler (try “
yum list gcc*” if you’re stuck) and typical development tools.
The installation overview:
- Install required packages
- Download Graylog2 Web Interface
- Create directory and copy files
- Configure Ruby
- Configure Bundler
- Edit “yml” config files
- Install Passenger
- Configure Passenger
- Configure Apache for Passenger
- Restart Apache and check for errors
- Check SELinux Status
- Set SELinux to permissive mode
- Configure database
- Create pid directory
- Test Ruby install with Brick
- Launch Web Interface
So let’s get started!
We’ll need to install some other packages found in the table below.
We’ll next need to download and unpack the Graylog2-web-interface to our home directory.
Next we’ll create a graylog2-web directory and copy the files. As root:
We’ll next configure Ruby, so as root run the commands below:
We next configure bundler
Edit all “*.yml” files in /var/www/graylog2-web/config as appropriate (I needed to remove the comments in general.yml that were after the directives). Make sure your mongoid.yml matches your graylog2.conf and mongoDB settings as below.
Now we will install passenger to connect to apache. As root:
We next will Create and populate /etc/httpd/conf.d/passenger.conf
Our next step is to configure apache so passenger can run. You’ll need to edit your “/etc/httpd/conf/httpd.conf” creating a virtual host “gray.localhost”.
We next restart apache and check for errors.
We likely notice errors that passenger does not start. If your configuration is solid, this is likely caused by SELinux. To see if SELinux is being enforced, as root:
We can temporarily set SELinux to permissive mode. This will log the errors that are generated which will allow us to figure out which modules are being blocked. We can then tighten up the SELinux configuration at a later time. As root, run the following command:
Restart apache again and see if passenger gets loaded this time. If you’re still having problems you will need to check your configuration.
We next create indexes and configure the database to our needs:
We need to create a pid directory beneath the script directory and assign rights to apache
We can now to start Rails “brick” server as root from the application base directory. We do this to test if our rails setup is working correctly as brick gives us some nice status messages. If all seems good you can kill brick via Ctrl-C.
We should then be able to launch the interface via browser using passenger
Hopefully everything is working as we expect and we are presented with the initial Graylog2 interface. Don’t forget that you’ve probably set SELinux to Permissive mode and will need to configure our file security settings to allow our application to run under SELinux.