Project Graylog

In this project I am going to install and configure system monitoring software Graylog using salt.
Beginning the project by setting up master-slave architecture and testing states first with different guest slave.
When testing the states, master is guest os ubuntu and slave is guest os ubuntu.

First state is for mongodb.

State for mongodb.
Apparently had wrong syntax on init.sls. Fixed by adding “name:” in front of functions.

Then I got error saying that signatures couldn’t be verified even though I had the key on init.sls. The problem seemed to be that importing the key was slower than installing a package, so I had to make two separate cmd.runs, and then it worked.

After mongodb I started installing elasticsearch which was a tricky one. When I tried to edit the conf file of elasticsearch, it kept displaying an error that said file not found. I spent a lot of time trying to debug the problem, but I couldn’t find solution so I moved to install graylog instead.

State for elasticsearch.
I checked thousands of times that elasticsearch.yml file was on place. I even deleted it and added it again.
After I was able to succesfully install graylog, I compared the rights of elasticsearchs and graylogs conf files. Apparently elasticsearch created a group which I wasn’t part of, so I had to edit the rights so I could read it. I enabled reading right for others.
Then it finally worked.
Conf file for elastic search. I added the very first line and one line at top of the file: graylog
State for graylog.
Graylog demanded generating hashed passwords on its configuration file, otherwise it wouldn’t start.
http_bind_address pointing to slaves IP. I assume this part could be done somehow using grains.items?
Adding the last line in order to send logs to graylog.

After all above steps were done, it was time to test if the graylog was functioning. I navigated to webbrowser typed in the slaves ip address and port 9000 which is used by graylog: 192:168.1.33:9000

It works! The default user name was admin, and password was set up when editing the configuration file.
This is the graylog interface. No logs is showing because there isn’t any inputs yet. Let’s create one.
Creating syslog udp input.
After creating the input, I generated some log files, and now they are appearing on graylog.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s