Elasticsearch

Installation du JRE d’OpenJDK :

apt-get install openjdk-6-jre-headless

Installation d’Elasticsearch :

wget https://github.com/downloads/elasticsearch/elasticsearch/elasticsearch-0.19.8.tar.gz
tar xzf elasticsearch-0.19.8.tar.gz
mv elasticsearch-0.19.8 /opt/elasticsearch
sed -i 's/# cluster\.name\: elasticsearch/cluster\.name\: LogCenter/g' /opt/elasticsearch/config/elasticsearch.yml
mkdir /etc/elasticsearch
cp /opt/elasticsearch/config/elasticsearch.yml /etc/elasticsearch/elasticsearch.yml

Création du script LSB de démarrage :

vi /etc/init.d/elasticsearch

#! /bin/sh
### BEGIN INIT INFO
# Provides:          elasticsearch
# Required-Start:    $all
# Required-Stop:     $all
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Starts elasticsearch
# Description:       Starts elasticsearch using start-stop-daemon
### END INIT INFO

ES_HOME=/opt/elasticsearch
ES_MIN_MEM=256m
ES_MAX_MEM=2g
DAEMON=$ES_HOME/bin/elasticsearch
NAME=elasticsearch
DESC=elasticsearch
PID_FILE=/var/run/$NAME.pid
LOG_DIR=/var/log/$NAME
DATA_DIR=/var/lib/$NAME
WORK_DIR=/tmp/$NAME
CONFIG_FILE=/etc/$NAME/elasticsearch.yml
DAEMON_OPTS="-p $PID_FILE -Des.config=$CONFIG_FILE -Des.path.home=$ES_HOME -Des.path.logs=$LOG_DIR -Des.path.data=$DATA_DIR -Des.path.work=$WORK_DIR"

test -x $DAEMON || exit 0

set -e

case "$1" in
  start)
    echo -n "Starting $DESC: "
    mkdir -p $LOG_DIR $DATA_DIR $WORK_DIR
    if start-stop-daemon --start --pidfile $PID_FILE --startas $DAEMON -- $DAEMON_OPTS
    then
        echo "started."
    else
        echo "failed."
    fi
    ;;
  stop)
    echo -n "Stopping $DESC: "
    if start-stop-daemon --stop --pidfile $PID_FILE
    then
        echo "stopped."
    else
        echo "failed."
    fi
    ;;
  restart|force-reload)
    ${0} stop
    sleep 0.5
    ${0} start
    ;;
  *)
    N=/etc/init.d/$NAME
    echo "Usage: $N {start|stop|restart|force-reload}" >&2
    exit 1
    ;;
esac

exit 0

Mise en place des droits et du démarrage automatique puis lancement :

chmod +x /etc/init.d/elasticsearch
update-rc.d elasticsearch defaults
/etc/init.d/elasticsearch start

MongoDB

Installation de MongoDB via les paquets :

apt-get install mongodb mongodb-server

Création de l’utilisateur graylog2:

mongo
MongoDB shell version: 1.4.4
url: test
connecting to: test
type "help" for help
> use graylog2
switched to db graylog2
> db.addUser('graylog', 'MonPassword')
{
"user" : "graylog",
"readOnly" : false,
"pwd" : "3a645a39bef99c8bba9c805e06536240"
}
> db.auth('graylog', 'Monpassword')
1
> exit

Mise en commentaire de la bind ip puis lancement :

sed -i 's/bind\_ip \= 127\.0\.0\.1/\#bind\_ip \= 127\.0\.0\.1/g' /etc/mongodb.conf
/etc/init.d/mongodb restart

Graylog2

Installation de Graylog2 :

wget https://github.com/downloads/Graylog2/graylog2-server/graylog2-server-0.9.6.tar.gz
tar xvf graylog2-server-0.9.6.tar.gz
mv graylog2-server-0.9.6 /opt/graylog2
cp /opt/graylog2/graylog2.conf.example /etc/graylog2.conf

Configuration des paramètres d’authentification :

sed -i 's/grayloguser/graylog/g' /etc/graylog2.conf
sed -i 's/123/MonPassword/g' /etc/graylog2.conf

Test de lancement de graylog :

java -jar /opt/graylog2/graylog2-server.jar --debug

Si tout est OK, arrêt via CTRL+C puis création du script LSB de démarrage :

vi /etc/init.d/graylog2

#!/bin/bash
### BEGIN INIT INFO
# Provides:          graylog2
# Required-Start:    $all
# Required-Stop:    $all
# Default-Start:    2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Starts graylog2
# Description:      Starts graylog2 using start-stop-daemon
### END INIT INFO

NAME=graylog2
GL_HOME=/opt/graylog2
GL_PID=/tmp
CMD=$1

start() {
        echo "Starting $NAME ..."
        java -jar $GL_HOME/graylog2-server.jar &
}

stop() {
        PID=`cat $GL_PID/$NAME.pid`
        echo "Stopping $NAME ($PID) ..."
        kill $PID
}

restart() {
        echo "Restarting graylog2-server ..."
        stop
        start
}

case "$CMD" in
        start)
                start
                ;;
        stop)
                stop
                ;;
        restart)
                restart
                ;;
        *)
                echo "Usage $0 {start|stop|restart}"
esac

Mise en place des droits et du démarrage automatique puis lancement :

chmod +x /etc/init.d/graylog2
update-rc.d graylog2 defaults
/etc/init.d/graylog2 start

Interface web

Installation des prérequis (ruby, passenger…) :

apt-get install ruby1.8 rubygems rake make libopenssl-ruby ruby-dev build-essential git-core libapache2-mod-passenger

Préparation  :

wget https://github.com/downloads/Graylog2/graylog2-web-interface/graylog2-web-interface-0.9.6.tar.gz
tar xzf graylog2-web-interface-0.9.6.tar.gz
mv graylog2-web-interface-0.9.6 /opt/graylog2/web

Installation du gestionnaire de dépendance bundler puis de l’interface web :

cd /opt/graylog2/web
gem install bundler
/var/lib/gems/1.8/bin/bundle install

Configuration de l’accès à la base :

echo "" > config/mongoid.yml && vi config/mongoid.yml

 production:
   host: localhost
   port: 27017
   username: graylog
   password: Monpassword
   database: graylog2

Configuration d’apache :

echo "" > /etc/apache2/sites-available/default && vi /etc/apache2/sites-available/default

<VirtualHost *:80>
         ServerName graylog.em-corporation.fr
         ServerAlias *.graylog.em-corporation.fr
         ServerAdmin johan@em-corporation.fr
         DocumentRoot /opt/graylog2/web/public

         <Directory /opt/graylog2/web/public>
                   Allow from all
                   Options -MultiViews
         </Directory>

         ErrorLog /var/log/apache2/error.log
         LogLevel warn
         CustomLog /var/log/apache2/access.log combined
</VirtualHost>

/etc/init.d/apache2 restart

L’interface web est maintenant accessible et il ne reste plus qu’a créer le premier utilisateur.