Installing Graylog on Fedora CoreOS

Graylog is an open-source log management and analysis tool that can be used to collect, index, and analyze log data from different sources. In this tutorial, we will show you how to install Graylog on Fedora CoreOS.

Prerequisites

A running instance of Fedora CoreOS.
Root access to the server.

Step 1: Install Docker

Graylog can be installed using Docker. Therefore, the first step is to install Docker on the server. It can be done by running the following command:

sudo dnf install docker

After Docker has been installed, start the Docker service and enable it to start at boot time:

sudo systemctl start docker
sudo systemctl enable docker

Step 2: Install Docker Compose

Docker Compose is a tool used to define and run multi-container Docker applications. We will need to install it to run Graylog.

Run the following command to install Docker Compose:

sudo dnf install -y python3-pip libffi-devel openssl-devel gcc redhat-rpm-config
sudo pip3 install docker-compose

Step 3: Install Graylog

To install Graylog, you will need to create a Docker Compose file called docker-compose.yml. You can do this by running the following command:

sudo nano docker-compose.yml

Paste the following code into the docker-compose.yml file:

version: '3'

networks:
  graylog:

services:
  mongodb:
    image: mongo:4.2
    networks:
      - graylog
    volumes:
      - mongo_data:/data/db
    restart: always

  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.10.2
    networks:
      - graylog
    environment:
      - http.host=0.0.0.0
      - transport.host=localhost
      - network.host=0.0.0.0
      - "ES_JAVA_OPTS=-Xmx512m -Xms512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - es_data:/usr/share/elasticsearch/data
      - ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
    restart: always

  graylog:
    image: graylog/graylog:4.0
    networks:
      - graylog
    environment:
      - GRAYLOG_HTTP_EXTERNAL_URI=http://127.0.0.1:9000/
      - GRAYLOG_HTTP_BIND_ADDRESS=0.0.0.0:9000
      - GRAYLOG_HTTP_PUBLISH_URI=http://YOUR_PUBLIC_IP:9000/
      - GRAYLOG_ROOT_TIMEZONE=UTC
      - GRAYLOG_PASSWORD_SECRET=somepasswordpepper
      - GRAYLOG_ROOT_PASSWORD_SHA2=yourpasswordhash
      - GRAYLOG_ELASTICSEARCH_HOSTS=http://elasticsearch:9200
      - GRAYLOG_MONGODB_URI=mongodb://mongodb:27017/graylog
    ports:
      - 9000:9000
      - 1514:1514
      - 1514:1514/udp
    restart: always

volumes:
  mongo_data:
    driver: local
  es_data:
    driver: local

Note: Make sure to replace YOUR_PUBLIC_IP with your server's public IP.

Save and close the file when you are done.

Finally, start the Graylog services using the following command:

sudo docker-compose up -d

Step 4: Access Graylog Web Interface

Open your web browser and enter the following URL to access the Graylog web interface:

http://YOUR_PUBLIC_IP:9000

Note: Replace YOUR_PUBLIC_IP with your server's public IP.

You should now see the Graylog login screen. Use the credentials you provided in the docker-compose.yml file to log in.

Conclusion

Now you know how to install Graylog on a Fedora CoreOS server using Docker Compose. You can use Graylog to manage and analyze log data in your infrastructure.