├── .github
    └── stale.yml
├── LICENSE
├── Old_Scripts
    ├── install_graylog2_centos.sh
    ├── install_graylog2_debian.sh
    ├── install_graylog2_preview_ubuntu.sh
    ├── install_graylog2_ubuntu.sh
    └── new_install_graylog2_ubuntu.sh
├── README.md
├── Uninstall_Scripts
    ├── uninstall_graylog2_preview_ubuntu.sh
    └── uninstall_graylog2_v0.12.0_ubuntu.sh
├── Upgrade_Scripts
    ├── Graylog2_Appliance_Upgrade.sh
    ├── upgrade_to_graylog2_20_ubuntu.sh
    └── upgrade_to_latest_graylog2_20_ubuntu.sh
├── install_graylog2_20_centos.sh
├── install_graylog2_20_ubuntu.sh
├── install_graylog2_90_centos.sh
├── install_graylog2_90_ubuntu.sh
├── install_logstash_apache_ubuntu.sh
└── vagrant
    ├── Vagrantfile
    └── provision.sh


/.github/stale.yml:
--------------------------------------------------------------------------------
 1 | # Number of days of inactivity before an issue becomes stale
 2 | daysUntilStale: 60
 3 | # Number of days of inactivity before a stale issue is closed
 4 | daysUntilClose: 7
 5 | # Issues with these labels will never be considered stale
 6 | exemptLabels:
 7 |   - pinned
 8 |   - security
 9 | # Label to use when marking an issue as stale
10 | staleLabel: wontfix
11 | # Comment to post when marking an issue as stale. Set to `false` to disable
12 | markComment: >
13 |   This issue has been automatically marked as stale because it has not had
14 |   recent activity. It will be closed if no further activity occurs. Thank you
15 |   for your contributions.
16 | # Comment to post when closing a stale issue. Set to `false` to disable
17 | closeComment: false
18 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | GNU GENERAL PUBLIC LICENSE
 2 | 
 3 | Version 2, June 1991
 4 | 
 5 | Copyright (C) 1989, 1991 Free Software Foundation, Inc.  
 6 | 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
 7 | 
 8 | Everyone is permitted to copy and distribute verbatim copies
 9 | of this license document, but changing it is not allowed.
10 | Preamble
11 | 
12 | The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Lesser General Public License instead.) You can apply it to your programs, too.
13 | 
14 | When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things.
15 | 
16 | To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it.
17 | 
18 | For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights.
19 | 
20 | We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software.
21 | 
22 | Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations.
23 | 
24 | Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all.
25 | 
26 | The precise terms and conditions for copying, distribution and modification follow.
27 | 
28 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
29 | 
30 | 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you".
31 | 
32 | Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does.
33 | 
34 | 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program.
35 | 
36 | You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.
37 | 
38 | 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:
39 | 
40 | a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change.
41 | b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.
42 | c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.)
43 | These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.
44 | 
45 | Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program.
46 | 
47 | In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.
48 | 
49 | 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:
50 | 
51 | a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
52 | b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
53 | c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)
54 | The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.
55 | 
56 | If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code.
57 | 
58 | 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.
59 | 
60 | 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it.
61 | 
62 | 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.
63 | 
64 | 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program.
65 | 
66 | If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances.
67 | 
68 | It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.
69 | 
70 | This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.
71 | 
72 | 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.
73 | 
74 | 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.
75 | 
76 | Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation.
77 | 
78 | 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.
79 | 
80 | NO WARRANTY
81 | 
82 | 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
83 | 
84 | 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
85 | 
86 | END OF TERMS AND CONDITIONS


--------------------------------------------------------------------------------
/Old_Scripts/install_graylog2_centos.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash -x
  2 | #Provided by @mrlesmithjr
  3 | #EveryThingShouldBeVirtual.com
  4 | 
  5 | #updated by Boardstretcher
  6 | 
  7 | # update system 
  8 | yum update -y 
  9 |   
 10 | # disable ip6 
 11 | echo "" >> /etc/sysctl.conf 
 12 | echo "# Disable IPV6" >> /etc/sysctl.conf 
 13 | echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf 
 14 | echo "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.conf 
 15 | chkconfig ip6tables off 
 16 | chkconfig  iptables off 
 17 |   
 18 | # disable selinux 
 19 | sed -i 's/\=enforcing/\=disabled/g' /etc/selinux/config 
 20 | 
 21 | # reboot
 22 | 
 23 | # Setup logging
 24 | exec 2> >(tee "./graylog2/install_graylog2.err")
 25 | exec > >(tee "./graylog2/install_graylog2.log")
 26 | 
 27 | # Apache Settings
 28 | IPADDY="$(ifconfig | grep -A 1 'eth0' | tail -1 | cut -d ':' -f 2 | cut -d ' ' -f 1)"
 29 | SERVERNAME=$IPADDY
 30 | SERVERALIAS=$IPADDY
 31 | 
 32 | # Adding EL6 Extra Packages
 33 | yum install -y elrepo-release 
 34 | 
 35 | # Installing all pre-reqs
 36 | yum install -y gcc gcc-c++ gd gd-devel glibc glibc-common glibc-devel glibc-headers make automake httpd httpd-devel wget tar vim nc libcurl-devel openssl-devel zlib-devel zlib patch readline readline-devel libffi-devel curl-devel libyaml-devel libtoolbisonlibxml2-devel libxslt-devel libtool bison
 37 | 
 38 | #install sun java (unless you like crashes, in that case use openjdk)
 39 | curl -L http://javadl.sun.com/webapps/download/AutoDL?BundleId=80804 -o java.rpm
 40 | rpm -ivh java.rpm
 41 | 
 42 | # Download Elasticsearch, Graylog2-Server and Graylog2-Web-Interface
 43 | cd /opt
 44 | git clone https://github.com/elasticsearch/elasticsearch-servicewrapper.git
 45 | wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-0.20.6.tar.gz
 46 | wget http://download.graylog2.org/graylog2-server/graylog2-server-0.11.0.tar.gz
 47 | wget http://download.graylog2.org/graylog2-web-interface/graylog2-web-interface-0.11.0.tar.gz
 48 | 
 49 | # Extract files
 50 | for f in *.tar.gz
 51 | do
 52 | tar zxf "$f"
 53 | done
 54 | 
 55 | # Create Symbolic Links
 56 | ln -s elasticsearch-0.20.6/ elasticsearch
 57 | ln -s graylog2-server-0.11.0/ graylog2-server
 58 | 
 59 | # Install elasticsearch and start
 60 | mv *servicewrapper*/service elasticsearch/bin/
 61 | rm -Rf *servicewrapper*
 62 | /opt/elasticsearch/bin/service/elasticsearch install
 63 | ln -s `readlink -f elasticsearch/bin/service/elasticsearch` /usr/bin/elasticsearch_ctl
 64 | sed -i -e 's|# cluster.name: elasticsearch|cluster.name: graylog2|' /opt/elasticsearch/config/elasticsearch.yml
 65 | /etc/init.d/elasticsearch start
 66 | 
 67 | # Test elasticsearch
 68 | # curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'
 69 | 
 70 | # Install mongodb
 71 | (
 72 | cat <<'EOF'
 73 | [10gen]
 74 | name=10gen Repository
 75 | baseurl=http://downloads-distro.mongodb.org/repo/redhat/os/x86_64
 76 | gpgcheck=0
 77 | enabled=1
 78 | EOF
 79 | ) | tee /etc/yum.repos.d/10gen.repo
 80 | 
 81 | yum install -y mongo-10gen-server && /etc/init.d/mongod start
 82 | 
 83 | #Install graylog2-server
 84 | cd graylog2-server-0.11.0/
 85 | cp /opt/graylog2-server/elasticsearch.yml{.example,}
 86 | ln -s /opt/graylog2-server/elasticsearch.yml /etc/graylog2-elasticsearch.yml
 87 | cp /opt/graylog2-server/graylog2.conf{.example,}
 88 | ln -s /opt/graylog2-server/graylog2.conf /etc/graylog2.conf
 89 | sed -i -e 's|mongodb_useauth = true|mongodb_useauth = false|' /opt/graylog2-server/graylog2.conf
 90 | 
 91 | (
 92 | cat <<'EOF'
 93 | #!/bin/sh
 94 | #
 95 | # graylog2-server: graylog2 message collector
 96 | #
 97 | # chkconfig: - 98 02
 98 | # description: This daemon listens for syslog and GELF messages and stores them in mongodb
 99 | #
100 | CMD=$1
101 | NOHUP=`which nohup`
102 | JAVA_CMD=/usr/bin/java
103 | GRAYLOG2_SERVER_HOME=/opt/graylog2-server
104 | start() {
105 |  echo "Starting graylog2-server ..."
106 | $NOHUP $JAVA_CMD -jar $GRAYLOG2_SERVER_HOME/graylog2-server.jar > /var/log/graylog2.log 2>&1 &
107 | }
108 | 
109 | stop() {
110 | PID=`cat /tmp/graylog2.pid`
111 | echo "Stopping graylog2-server ($PID) ..."
112 | kill $PID
113 | }
114 | 
115 | restart() {
116 | echo "Restarting graylog2-server ..."
117 | stop
118 | start
119 | }
120 | 
121 | case "$CMD" in
122 | start)
123 | start
124 | ;;
125 | stop)
126 | stop
127 | ;;
128 | restart)
129 | restart
130 | ;;
131 | *)
132 | echo "Usage $0 {start|stop|restart}"
133 | RETVAL=1
134 | esac
135 | EOF
136 | ) | tee /etc/init.d/graylog2-server
137 | 
138 | # Make graylog2-server executable
139 | chmod +x /etc/init.d/graylog2-server
140 | 
141 | # Start graylog2-server on bootup
142 | chkconfig --add graylog2-server
143 | chkconfig graylog2-server on
144 | /etc/init.d/graylog2-server start
145 | 
146 | # Install graylog2 web interface
147 | cd /opt/
148 | ln -s graylog2-web-interface-0.11.0 graylog2-web-interface
149 | 
150 | # Install Ruby
151 | curl -L https://get.rvm.io | bash -s stable --ruby
152 | source /usr/local/rvm/scripts/rvm
153 | 
154 | # Install Ruby Gems
155 | cd /opt/graylog2-web-interface
156 | gem install bundle
157 | gem update
158 | 
159 | # Set MongoDB Settings
160 | echo "
161 | production:
162 |  host: localhost
163 |  port: 27017
164 |  username: grayloguser
165 |  password: password123
166 |  database: graylog2" | tee /opt/graylog2-web-interface/config/mongoid.yml
167 | 
168 | # Create MongoDB Users and Set Passwords
169 | mongo admin --eval "db.addUser('admin', 'password123')"
170 | mongo admin --eval "db.auth('admin', 'password123')"
171 | mongo graylog2 --eval "db.addUser('grayloguser', 'password123')"
172 | mongo graylog2 --eval "db.auth('grayloguser', 'password123')"
173 | 
174 | useradd graylog2 -d /opt/graylog2-web-interface -G rvm
175 | chown -R graylog2:graylog2 /opt/graylog2-web-interface
176 | usermod -g rvm root
177 | source /etc/profile.d/rvm.sh
178 | bundle install
179 | 
180 | # Test Install
181 | # cd /opt/graylog2-web-interface
182 | # RAILS_ENV=production script/rails server
183 | 
184 | # Install Apache-passenger
185 | yum -y install curl-devel
186 | gem install passenger
187 | gem install file-tail
188 | passenger-install-apache2-module --auto
189 | 
190 | # Add passenger modules for Apache2
191 | echo "LoadModule passenger_module /usr/local/rvm/gems/ruby-2.0.0-p247/gems/passenger-4.0.20/buildout/apache2/mod_passenger.so" | tee -a /etc/httpd/conf.d/passenger.conf
192 | echo "PassengerRoot /usr/local/rvm/gems/ruby-2.0.0-p247/gems/passenger-4.0.20" | tee -a /etc/httpd/conf.d/passenger.conf
193 | echo "PassengerDefaultRuby /usr/local/rvm/wrappers/ruby-2.0.0-p247/ruby" | tee -a /etc/httpd/conf.d/passenger.conf
194 | 
195 | # Assign permissions for Apache startup
196 | chown -R apache:apache /opt/graylog2-web-interface
197 | chkconfig httpd on
198 | /etc/init.d/httpd restart
199 | 
200 | # Configure virtualhost
201 | echo "Configuring Apache VirtualHost"
202 | echo "
203 | <VirtualHost *:80>
204 | ServerName ${SERVERNAME}
205 | ServerAlias ${SERVERALIAS}
206 | DocumentRoot /opt/graylog2-web-interface/public
207 | 
208 | #Allow from all
209 | Options -MultiViews
210 | 
211 | ErrorLog /var/log/httpd/error_log
212 | LogLevel warn
213 | CustomLog /var/log/httpd/access_log combined
214 | </VirtualHost>" | tee -a /etc/httpd/conf/httpd.conf
215 | 
216 | # Restart apache
217 | /etc/init.d/httpd restart
218 | 
219 | # Now we need to modify some things to get rsyslog to forward to graylog. this is useful for ESXi syslog format to be correct.
220 | sed -i -e 's|syslog_listen_port = 514|syslog_listen_port = 10514|' /etc/graylog2.conf
221 | sed -i -e 's|mongodb_password = 123|mongodb_password = password123|' /etc/graylog2.conf
222 | sed -i -e 's|#$ModLoad immark|$ModLoad immark|' /etc/rsyslog.conf
223 | sed -i -e 's|#$ModLoad imudp|$ModLoad imudp|' /etc/rsyslog.conf
224 | sed -i -e 's|#$UDPServerRun 514|$UDPServerRun 514|' /etc/rsyslog.conf
225 | sed -i -e 's|#$ModLoad imtcp|$ModLoad imtcp|' /etc/rsyslog.conf
226 | sed -i -e 's|#$InputTCPServerRun 514|$InputTCPServerRun 514|' /etc/rsyslog.conf
227 | sed -i -e 's|*.*;auth,authpriv.none|#*.*;auth,authpriv.none|' /etc/rsyslog.conf
228 | echo '$template GRAYLOG2,"<%PRI%>%HOSTNAME% %TIMESTAMP% %syslogtag% %APP-NAME% %msg%\n"' | tee /etc/rsyslog.d/32-graylog2.conf
229 | echo '$ActionForwardDefaultTemplate GRAYLOG2' | tee -a  /etc/rsyslog.d/32-graylog2.conf
230 | echo '$PreserveFQDN on' | tee -a  /etc/rsyslog.d/32-graylog2.conf
231 | echo '*.* @localhost:10514' | tee -a  /etc/rsyslog.d/32-graylog2.conf
232 | 
233 | # Restart All Services
234 | service elasticsearch restart
235 | service mongodb restart
236 | service graylog2-server restart
237 | service rsyslog restart
238 | service httpd restart
239 | 
240 | # All Done
241 | echo "Installation has completed!!"
242 | echo "Browse to IP address of this Graylog2 Server Used for Installation"
243 | echo "IP Address detected from system is $IPADDY"
244 | echo "Browse to http://$IPADDY"
245 | echo "You Entered $SERVERNAME During Install"
246 | echo "Browse to http://$SERVERNAME If Different"
247 | echo "EveryThingShouldBeVirtual.com"
248 | echo "@mrlesmithjr"
249 | 


--------------------------------------------------------------------------------
/Old_Scripts/install_graylog2_debian.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | #Provided by @mrlesmithjr
  3 | #EveryThingShouldBeVirtual.com
  4 | #
  5 | #
  6 | # Ubuntu Install Script
  7 | #
  8 | set -e
  9 | # Setup logging
 10 | # Logs stderr and stdout to separate files.
 11 | exec 2> >(tee "./graylog2/install_graylog2.err")
 12 | exec > >(tee "./graylog2/install_graylog2.log")
 13 | #
 14 | # Checking if running as root (10/16/2013 - No longer an issue - Should be ran as root or with sudo)
 15 | # Do not run as root
 16 | # if [[ $EUID -eq 0 ]];then
 17 | # echo "$(tput setaf 1)DO NOT RUN AS ROOT or use SUDO"
 18 | # echo "Now exiting...Hit Return"
 19 | # echo "$(tput setaf 3)Run script as normal non-root user and without sudo$(tput sgr0)"
 20 | # exit 1
 21 | # fi
 22 | 
 23 | # Apache Settings
 24 | # change x.x.x.x to whatever your ip address is of the server you are installing on or let the script auto detect your IP
 25 | # which is the default
 26 | # SERVERNAME="x.x.x.x"
 27 | # SERVERALIAS="x.x.x.x"
 28 | #
 29 | #
 30 | echo "Detecting IP Address"
 31 | IPADDY="$(ifconfig | grep -A 1 'eth0' | tail -1 | cut -d ':' -f 2 | cut -d ' ' -f 1)"
 32 | echo "Detected IP Address is $IPADDY"
 33 | 
 34 | SERVERNAME=$IPADDY
 35 | SERVERALIAS=$IPADDY
 36 | 
 37 | #Ruby Passenger Version
 38 | 
 39 | # Disable CD Sources in /etc/apt/sources.list
 40 | echo "Disabling CD Sources and Updating Apt Packages and Installing Pre-Reqs"
 41 | sed -i -e 's|deb cdrom:|# deb cdrom:|' /etc/apt/sources.list
 42 | apt-get -qq update
 43 | 
 44 | # Install Pre-Reqs
 45 | apt-get -y install git curl apache2 libcurl4-openssl-dev apache2-prefork-dev libapr1-dev libcurl4-openssl-dev apache2-prefork-dev libapr1-dev build-essential openssl libreadline6 libreadline6-dev curl git-core zlib1g zlib1g-dev libssl-dev libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt-dev autoconf libc6-dev ncurses-dev automake libtool bison subversion pkg-config python-software-properties software-properties-common openjdk-7-jre
 46 | 
 47 | # Install Oracle Java 7 **NOT Used - Installing openjdk-7-jre above
 48 | # echo "Installing Oracle Java 7"
 49 | # add-apt-repository -y ppa:webupd8team/java
 50 | # apt-get -qq update
 51 | # echo oracle-java7-installer shared/accepted-oracle-license-v1-1 select true | /usr/bin/debconf-set-selections
 52 | # apt-get -y install oracle-java7-installer
 53 | 
 54 | echo "Downloading Elasticsearch"
 55 | # chown -R $USER:$USER /opt
 56 | cd /opt
 57 | git clone https://github.com/elasticsearch/elasticsearch-servicewrapper.git
 58 | 
 59 | # Download Elasticsearch, Graylog2-Server and Graylog2-Web-Interface
 60 | echo "Downloading Elastic Search, Graylog2-Server and Graylog2-Web-Interface to /opt"
 61 | wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-0.20.6.tar.gz
 62 | wget https://github.com/Graylog2/graylog2-server/releases/download/0.12.0/graylog2-server-0.12.0.tar.gz
 63 | wget https://github.com/Graylog2/graylog2-web-interface/releases/download/0.12.0/graylog2-web-interface-0.12.0.tar.gz
 64 | 
 65 | # Extract files
 66 | echo "Extracting Elasticsearch, Graylog2-Server and Graylog2-Web-Interface to /opt"
 67 | for f in *.tar.gz
 68 | do
 69 | tar zxf "$f"
 70 | done
 71 | 
 72 | # Create Symbolic Links
 73 | echo "Creating SymLinks for elasticsearch and graylog2-server"
 74 | ln -s elasticsearch-0.20.6/ elasticsearch
 75 | ln -s graylog2-server-0.12.0/ graylog2-server
 76 | 
 77 | # Install elasticsearch
 78 | echo "Installing elasticsearch"
 79 | mv *servicewrapper*/service elasticsearch/bin/
 80 | rm -Rf *servicewrapper*
 81 | /opt/elasticsearch/bin/service/elasticsearch install
 82 | ln -s `readlink -f elasticsearch/bin/service/elasticsearch` /usr/bin/elasticsearch_ctl
 83 | sed -i -e 's|# cluster.name: elasticsearch|cluster.name: graylog2|' /opt/elasticsearch/config/elasticsearch.yml
 84 | /etc/init.d/elasticsearch start
 85 | 
 86 | # Test elasticsearch
 87 | # curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'
 88 | 
 89 | # Install mongodb
 90 | echo "Installing MongoDB"
 91 | apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10
 92 | echo "deb http://downloads-distro.mongodb.org/repo/debian-sysvinit dist 10gen" | sudo tee /etc/apt/sources.list.d/10gen.list
 93 | apt-get -qq update
 94 | apt-get -y install mongodb-10gen
 95 | 
 96 | # Install graylog2-server
 97 | echo "Installing graylog2-server"
 98 | cd graylog2-server-0.12.0/
 99 | cp /opt/graylog2-server/elasticsearch.yml{.example,}
100 | ln -s /opt/graylog2-server/elasticsearch.yml /etc/graylog2-elasticsearch.yml
101 | cp /opt/graylog2-server/graylog2.conf{.example,}
102 | ln -s /opt/graylog2-server/graylog2.conf /etc/graylog2.conf
103 | sed -i -e 's|mongodb_useauth = true|mongodb_useauth = false|' /opt/graylog2-server/graylog2.conf
104 | 
105 | # Create graylog2-server startup script
106 | echo "Creating /etc/init.d/graylog2-server startup script"
107 | (
108 | cat <<'EOF'
109 | #!/bin/sh
110 | #
111 | # graylog2-server: graylog2 message collector
112 | #
113 | # chkconfig: - 98 02
114 | # description: This daemon listens for syslog and GELF messages and stores them in mongodb
115 | #
116 | CMD=$1
117 | NOHUP=`which nohup`
118 | JAVA_CMD=/usr/bin/java
119 | GRAYLOG2_SERVER_HOME=/opt/graylog2-server
120 | start() {
121 |  echo "Starting graylog2-server ..."
122 | $NOHUP $JAVA_CMD -jar $GRAYLOG2_SERVER_HOME/graylog2-server.jar > /var/log/graylog2.log 2>&1 &
123 | }
124 | 
125 | stop() {
126 | PID=`cat /tmp/graylog2.pid`
127 | echo "Stopping graylog2-server ($PID) ..."
128 | kill $PID
129 | }
130 | 
131 | restart() {
132 | echo "Restarting graylog2-server ..."
133 | stop
134 | start
135 | }
136 | 
137 | case "$CMD" in
138 | start)
139 | start
140 | ;;
141 | stop)
142 | stop
143 | ;;
144 | restart)
145 | restart
146 | ;;
147 | *)
148 | echo "Usage $0 {start|stop|restart}"
149 | RETVAL=1
150 | esac
151 | EOF
152 | ) | tee /etc/init.d/graylog2-server
153 | 
154 | # Make graylog2-server executable
155 | chmod +x /etc/init.d/graylog2-server
156 | 
157 | # Start graylog2-server on bootup
158 | echo "Making graylog2-server startup on boot"
159 | update-rc.d graylog2-server defaults
160 | 
161 | # Install graylog2 web interface
162 | echo "Installing graylog2-web-interface"
163 | cd /opt/
164 | ln -s graylog2-web-interface-0.12.0 graylog2-web-interface
165 | mkdir  /opt/graylog2-web-interface-0.12.0/tmp/
166 | 
167 | # Install Ruby
168 | echo "Installing Ruby"
169 | apt-get -y install libgdbm-dev libffi-dev ruby1.9.3
170 | 
171 | # Install Ruby Gems
172 | echo "Installing Ruby Gems"
173 | cd /opt/graylog2-web-interface
174 | gem install bundler --no-ri --no-rdoc
175 | bundle install
176 | 
177 | # Set MongoDB Settings
178 | echo "Configuring MongoDB"
179 | echo "
180 | production:
181 |  host: localhost
182 |  port: 27017
183 |  username: grayloguser
184 |  password: password123
185 |  database: graylog2" | tee /opt/graylog2-web-interface/config/mongoid.yml
186 | 
187 | # Create MongoDB Users and Set Passwords
188 | echo "Creating MongoDB Users and Passwords"
189 | mongo admin --eval "db.addUser('admin', 'password123')"
190 | mongo admin --eval "db.auth('admin', 'password123')"
191 | mongo graylog2 --eval "db.addUser('grayloguser', 'password123')"
192 | mongo graylog2 --eval "db.auth('grayloguser', 'password123')"
193 | 
194 | # Test Install
195 | # cd /opt/graylog2-web-interface
196 | # RAILS_ENV=production script/rails server
197 | 
198 | # Install Apache-passenger
199 | echo "Installing Apache-Passenger Modules"
200 | gem install passenger
201 | # Create Passenger symbolic link to get around versions changing
202 | ln -s /var/lib/gems/1.9.1/gems/passenger-4* /var/lib/gems/1.9.1/gems/passenger
203 | # Build Apache2 passenger module
204 | /var/lib/gems/1.9.1/gems/passenger/bin/passenger-install-apache2-module --auto
205 | 
206 | # Add passenger modules for Apache2
207 | echo "Adding Apache Passenger modules to /etc/apache2/httpd.conf"
208 | echo "LoadModule passenger_module /var/lib/gems/1.9.1/gems/passenger/buildout/apache2/mod_passenger.so" | tee -a /etc/apache2/mods-available/passenger.load
209 | echo "PassengerRoot /var/lib/gems/1.9.1/gems/passenger" | tee -a /etc/apache2/mods-available/passenger.conf
210 | echo "PassengerRuby /usr/bin/ruby1.9.1" | tee -a /etc/apache2/mods-available/passenger.conf
211 | 
212 | # Enable passenger modules
213 | echo "Enabling Apache Passenger module"
214 | a2enmod passenger
215 | 
216 | # Restart Apache2
217 | echo "Restarting Apache2"
218 | service apache2 restart
219 | # If apache fails and complains about unable to load mod_passenger.so check and verify that your passengerroot version matches
220 | 
221 | # Configure Apache virtualhost
222 | echo "Configuring Apache VirtualHost"
223 | echo "
224 | <VirtualHost *:80>
225 | ServerName ${SERVERNAME}
226 | ServerAlias ${SERVERALIAS}
227 | DocumentRoot /opt/graylog2-web-interface/public
228 | 
229 | #Allow from all
230 | Options -MultiViews
231 | 
232 | ErrorLog /var/log/apache2/error.log
233 | LogLevel warn
234 | CustomLog /var/log/apache2/access.log combined
235 | </VirtualHost>" | tee /etc/apache2/sites-available/graylog2
236 | 
237 | # Enable virtualhost
238 | echo "Enabling Apache VirtualHost Settings"
239 | a2dissite 000-default
240 | a2ensite graylog2
241 | service apache2 reload
242 | 
243 | # Restart apache
244 | echo "Restarting Apache2"
245 | service apache2 restart
246 | 
247 | # Now we need to modify some things to get rsyslog to forward to graylog. this is useful for ESXi syslog format to be correct.
248 | echo "Updating graylog2.conf, rsyslog.conf"
249 | sed -i -e 's|syslog_listen_port = 514|syslog_listen_port = 10514|' /etc/graylog2.conf
250 | sed -i -e 's|mongodb_password = 123|mongodb_password = password123|' /etc/graylog2.conf
251 | sed -i -e 's|#$ModLoad immark|$ModLoad immark|' /etc/rsyslog.conf
252 | sed -i -e 's|#$ModLoad imudp|$ModLoad imudp|' /etc/rsyslog.conf
253 | sed -i -e 's|#$UDPServerRun 514|$UDPServerRun 514|' /etc/rsyslog.conf
254 | sed -i -e 's|#$ModLoad imtcp|$ModLoad imtcp|' /etc/rsyslog.conf
255 | sed -i -e 's|#$InputTCPServerRun 514|$InputTCPServerRun 514|' /etc/rsyslog.conf
256 | sed -i -e 's|*.*;auth,authpriv.none|#*.*;auth,authpriv.none|' /etc/rsyslog.conf
257 | echo '$template GRAYLOG2,"<%PRI%>1 %timegenerated:::date-rfc3339% %FROMHOST% %syslogtag% - %APP-NAME%: %msg:::drop-last-lf%\n"' | tee /etc/rsyslog.d/32-graylog2.conf
258 | echo '$ActionForwardDefaultTemplate GRAYLOG2' | tee -a  /etc/rsyslog.d/32-graylog2.conf
259 | echo '$PreserveFQDN on' | tee -a  /etc/rsyslog.d/32-graylog2.conf
260 | # Log syslog levels info and above
261 | echo '*.info @localhost:10514' | tee -a  /etc/rsyslog.d/32-graylog2.conf
262 | 
263 | # Fixing issue with secret_token in /opt/graylog2-web-interface/config/initializers/secret_token.rb
264 | sed -i -e "s|Graylog2WebInterface::Application.config.secret_token = 'CHANGE ME'|Graylog2WebInterface::Application.config.secret_token = 'b356d1af93673e37d6e21399d033d77c15354849fdde6d83fa0dca19608aa71f2fcd9d1f2784fb95e9400d8eeaf6dd9584d8d35b8f0b5c231369a70aac5e5777'|" /opt/graylog2-web-interface/config/initializers/secret_token.rb
265 | 
266 | # Fixing /opt/graylog2-web-interface Permissions
267 | echo "Fixing Graylog2 Web Interface Permissions"
268 | chown -R root:root /opt/elasticsearch*
269 | chown -R root:root /opt/graylog2*
270 | chown -R www-data:www-data /opt/graylog2-web-interface*
271 | 
272 | # Cleaning up /opt
273 | echo "Cleaning up"
274 | rm /opt/elasticsearch*.tar.gz
275 | rm /opt/graylog2-server*.tar.gz
276 | rm /opt/graylog2-web-interface*.tar.gz
277 | 
278 | # Restart All Services
279 | echo "Restarting All Services Required for Graylog2 to work"
280 | service elasticsearch restart
281 | service mongodb restart
282 | service graylog2-server restart
283 | service rsyslog restart
284 | service apache2 restart
285 | 
286 | # All Done
287 | echo "Installation has completed!!"
288 | echo "Browse to IP address of this Graylog2 Server Used for Installation"
289 | echo "IP Address detected from system is $IPADDY"
290 | echo "Browse to http://$IPADDY"
291 | echo "You Entered $SERVERNAME During Install"
292 | echo "Browse to http://$SERVERNAME If Different"
293 | echo "EveryThingShouldBeVirtual.com"
294 | echo "@mrlesmithjr"
295 | echo "Enjoy!!!"
296 | 


--------------------------------------------------------------------------------
/Old_Scripts/install_graylog2_preview_ubuntu.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | #Provided by @mrlesmithjr
  3 | #EveryThingShouldBeVirtual.com
  4 | 
  5 | # Ubuntu Install Script
  6 | 
  7 | set -e
  8 | # Setup logging
  9 | # Logs stderr and stdout to separate files.
 10 | exec 2> >(tee "./graylog2/install_graylog2.err")
 11 | exec > >(tee "./graylog2/install_graylog2.log")
 12 | 
 13 | # Checking if running as root (10/16/2013 - No longer an issue - Should be ran as root or with sudo)
 14 | # Do not run as root
 15 | # if [[ $EUID -eq 0 ]];then
 16 | # echo "$(tput setaf 1)DO NOT RUN AS ROOT or use SUDO"
 17 | # echo "Now exiting...Hit Return"
 18 | # echo "$(tput setaf 3)Run script as normal non-root user and without sudo$(tput sgr0)"
 19 | # exit 1
 20 | # fi
 21 | 
 22 | echo "Detecting IP Address"
 23 | IPADDY="$(ifconfig | grep -A 1 'eth0' | tail -1 | cut -d ':' -f 2 | cut -d ' ' -f 1)"
 24 | echo "Detected IP Address is $IPADDY"
 25 | 
 26 | SERVERNAME=$IPADDY
 27 | SERVERALIAS=$IPADDY
 28 | 
 29 | # Disable CD Sources in /etc/apt/sources.list
 30 | echo "Disabling CD Sources and Updating Apt Packages and Installing Pre-Reqs"
 31 | sed -i -e 's|deb cdrom:|# deb cdrom:|' /etc/apt/sources.list
 32 | apt-get -qq update
 33 | 
 34 | # Install Pre-Reqs
 35 | # apt-get -y install git curl libcurl4-openssl-dev libapr1-dev libcurl4-openssl-dev libapr1-dev build-essential openssl libreadline6 libreadline6-dev curl git-core zlib1g zlib1g-dev libssl-dev libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt-dev autoconf libc6-dev ncurses-dev automake libtool bison subversion pkg-config python-software-properties software-properties-common openjdk-7-jre pwgen
 36 | apt-get -y install git curl build-essential openjdk-7-jre pwgen wget
 37 | 
 38 | # Download Elasticsearch, Graylog2-Server and Graylog2-Web-Interface
 39 | echo "Downloading Elastic Search, Graylog2-Server and Graylog2-Web-Interface to /opt"
 40 | cd /opt
 41 | #wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-0.90.7.deb
 42 | #wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-0.90.10.deb
 43 | wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-0.90.11.deb
 44 | 
 45 | #wget https://github.com/Graylog2/graylog2-server/releases/download/0.20.0-preview.6/graylog2-server-0.20.0-preview.6.tgz
 46 | #wget https://github.com/Graylog2/graylog2-web-interface/releases/download/0.20.0-preview.6/graylog2-web-interface-0.20.0-preview.6.tgz
 47 | #wget https://github.com/Graylog2/graylog2-server/releases/download/0.20.0-preview.7/graylog2-server-0.20.0-preview.7.tgz
 48 | #wget https://github.com/Graylog2/graylog2-server/releases/download/0.20.0-preview.8/graylog2-server-0.20.0-preview.8.tgz
 49 | #wget https://github.com/Graylog2/graylog2-server/releases/download/0.20.0-rc.1/graylog2-server-0.20.0-rc.1.tgz
 50 | #wget https://github.com/Graylog2/graylog2-server/releases/download/0.20.0-rc.1-1/graylog2-server-0.20.0-rc.1-1.tgz
 51 | wget https://github.com/Graylog2/graylog2-server/releases/download/0.20.0-rc.2/graylog2-server-0.20.0-rc.2.tgz
 52 | #wget https://github.com/Graylog2/graylog2-web-interface/releases/download/0.20.0-preview.7/graylog2-web-interface-0.20.0-preview.7.tgz
 53 | #wget https://github.com/Graylog2/graylog2-web-interface/releases/download/0.20.0-preview.8/graylog2-web-interface-0.20.0-preview.8.tgz
 54 | #wget https://github.com/Graylog2/graylog2-web-interface/releases/download/0.20.0-rc.1/graylog2-web-interface-0.20.0-rc.1.tgz
 55 | #wget https://github.com/Graylog2/graylog2-web-interface/releases/download/0.20.0-rc.1-1/graylog2-web-interface-0.20.0-rc.1-1.tgz
 56 | wget https://github.com/Graylog2/graylog2-web-interface/releases/download/0.20.0-rc.2/graylog2-web-interface-0.20.0-rc.2.tgz
 57 | 
 58 | # Extract files
 59 | echo "Extracting Graylog2-Server and Graylog2-Web-Interface to /opt"
 60 |   for f in *.*gz
 61 | do
 62 | tar zxf "$f"
 63 | done
 64 | 
 65 | # Create Symbolic Links
 66 | echo "Creating SymLink Graylog2-server"
 67 | ln -s graylog2-server-0.2*/ graylog2-server
 68 | 
 69 | # Install elasticsearch
 70 | echo "Installing elasticsearch"
 71 | #dpkg -i elasticsearch-0.90.7.deb
 72 | dpkg -i elasticsearch-0.90.11.deb
 73 | sed -i -e 's|# cluster.name: elasticsearch|cluster.name: graylog2|' /etc/elasticsearch/elasticsearch.yml
 74 | 
 75 | # Test elasticsearch
 76 | # curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'
 77 | 
 78 | # Install mongodb
 79 | echo "Installing MongoDB"
 80 | apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10
 81 | echo "deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen" | tee /etc/apt/sources.list.d/10gen.list
 82 | apt-get -qq update
 83 | apt-get -y install mongodb-10gen
 84 | 
 85 | # Install graylog2-server
 86 | echo "Installing graylog2-server"
 87 | cd graylog2-server/
 88 | cp /opt/graylog2-server/graylog2.conf{.example,}
 89 | mv graylog2.conf /etc/
 90 | #ln -s /opt/graylog2-server/graylog2.conf /etc/graylog2.conf
 91 | pass_secret=$(pwgen -s 96)
 92 | sed -i -e 's|password_secret =|password_secret = '$pass_secret'|' /etc/graylog2.conf
 93 | #root_pass_sha2=$(echo -n password123 | shasum -a 256)
 94 | sed -i -e "s|root_password_sha2 =|root_password_sha2 = ef92b778bafe771e89245b89ecbc08a44a4e166c06659911881f383d4473e94f|" /etc/graylog2.conf
 95 | sed -i -e 's|elasticsearch_shards = 4|elasticsearch_shards = 1|' /etc/graylog2.conf
 96 | sed -i -e 's|mongodb_useauth = true|mongodb_useauth = false|' /etc/graylog2.conf
 97 | sed -i -e 's|#elasticsearch_discovery_zen_ping_multicast_enabled = false|elasticsearch_discovery_zen_ping_multicast_enabled = false|' /etc/graylog2.conf
 98 | sed -i -e 's|#elasticsearch_discovery_zen_ping_unicast_hosts = 192.168.1.203:9300|elasticsearch_discovery_zen_ping_unicast_hosts = 127.0.0.1:9300|' /etc/graylog2.conf
 99 | # Setting new retention policy setting or Graylog2 Server will not start
100 | sed -i 's|retention_strategy = delete|retention_strategy = close|' /etc/graylog2.conf
101 | 
102 | # Create graylog2-server startup script
103 | echo "Creating /etc/init.d/graylog2-server startup script"
104 | (
105 | cat <<'EOF'
106 | #!/bin/bash
107 | 
108 | CMD=$1
109 | NOHUP=`which nohup`
110 | 
111 | GRAYLOG2CTL_DIR="/opt/graylog2-server/bin"
112 | GRAYLOG2_SERVER_JAR=graylog2-server.jar
113 | GRAYLOG2_CONF=/etc/graylog2.conf
114 | GRAYLOG2_PID=/tmp/graylog2.pid
115 | LOG_FILE=log/graylog2-server.log
116 | 
117 | start() {
118 |     echo "Starting graylog2-server ..."
119 |     cd "$GRAYLOG2CTL_DIR/.."
120 |     sleep 2m
121 |     $NOHUP java -jar ${GRAYLOG2_SERVER_JAR} -f ${GRAYLOG2_CONF} -p ${GRAYLOG2_PID} >> ${LOG_FILE} &
122 | }
123 | 
124 | stop() {
125 |     PID=`cat ${GRAYLOG2_PID}`
126 |     echo "Stopping graylog2-server ($PID) ..."
127 |     if kill $PID; then
128 |         rm ${GRAYLOG2_PID}
129 |     fi
130 | }
131 | 
132 | restart() {
133 |     echo "Restarting graylog2-server ..."
134 |     stop
135 |     start
136 | }
137 | 
138 | status() {
139 |     pid=$(get_pid)
140 |     if [ ! -z $pid ]; then
141 |         if pid_running $pid; then
142 |             echo "graylog2-server running as pid $pid"
143 |             return 0
144 |         else
145 |             echo "Stale pid file with $pid - removing..."
146 |             rm ${GRAYLOG2_PID}
147 |         fi
148 |     fi
149 | 
150 |     echo "graylog2-server not running"
151 | }
152 | 
153 | get_pid() {
154 |     cat ${GRAYLOG2_PID} 2> /dev/null
155 | }
156 | 
157 | pid_running() {
158 |     kill -0 $1 2> /dev/null
159 | }
160 | 
161 | case "$CMD" in
162 |     start)
163 |         start
164 |         ;;
165 |     stop)
166 |         stop
167 |         ;;
168 |     restart)
169 |         restart
170 |         ;;
171 |     status)
172 |         status
173 |         ;;
174 |     *)
175 |         echo "Usage $0 {start|stop|restart|status}"
176 |         RETVAL=1
177 | esac
178 | EOF
179 | ) | tee /etc/init.d/graylog2-server
180 | 
181 | # Make graylog2-server executable
182 | chmod +x /etc/init.d/graylog2-server
183 | 
184 | # Start graylog2-server on bootup
185 | echo "Making graylog2-server startup on boot"
186 | update-rc.d graylog2-server defaults
187 | 
188 | echo "Starting graylog2-server"
189 | service graylog2-server start
190 | 
191 | # Install graylog2 web interface
192 | echo "Installing graylog2-web-interface"
193 | cd /opt/
194 | ln -s graylog2-web-interface-0.2*/ graylog2-web-interface
195 | 
196 | echo "Creating Graylog2-web-interface startup script"
197 | (
198 | cat <<'EOF'
199 | #!/bin/sh
200 | #
201 | # graylog2-web-interface: graylog2 web frontend
202 | #
203 | # chkconfig: - 98 02
204 | # description: This daemon listens for syslog and GELF messages and stores them in mongodb
205 | #
206 | CMD=$1
207 | NOHUP=`which nohup`
208 | JAVA_CMD=/usr/bin/java
209 | GRAYLOG2_WEB_INTERFACE_HOME=/opt/graylog2-web-interface
210 | 
211 | GRAYLOG2_WEB_INTERFACE_PID=/opt/graylog2-web-interface/RUNNING_PID
212 | 
213 | start() {
214 | echo "Starting graylog2-web-interface ..."
215 | #sleep 3m
216 | $NOHUP /opt/graylog2-web-interface/bin/graylog2-web-interface &
217 | }
218 | 
219 | stop() {
220 | echo "Stopping graylog2-web-interface ($PID) ..."
221 | PID=`cat ${GRAYLOG2_WEB_INTERFACE_PID}`
222 | if kill $PID; then
223 |         rm ${GRAYLOG2_WEB_INTERFACE_PID}
224 | fi
225 | }
226 | 
227 | restart() {
228 | echo "Restarting graylog2-web-interface ..."
229 | stop
230 | start
231 | }
232 | 
233 | status() {
234 |     pid=$(get_pid)
235 |     if [ ! -z $pid ]; then
236 |         if pid_running $pid; then
237 |             echo "graylog2-web-interface running as pid $pid"
238 |             return 0
239 |         else
240 |             echo "Stale pid file with $pid - removing..."
241 |             rm ${GRAYLOG2_WEB_INTERFACE_PID}
242 |         fi
243 |     fi
244 | 
245 |     echo "graylog2-web-interface not running"
246 | }
247 | 
248 | get_pid() {
249 |     cat ${GRAYLOG2_WEB_INTERFACE_PID} 2> /dev/null
250 | }
251 | 
252 | pid_running() {
253 |     kill -0 $1 2> /dev/null
254 | }
255 | 
256 | case "$CMD" in
257 |         start)
258 |                 start
259 |                 ;;
260 |         stop)
261 |                 stop
262 |                 ;;
263 |         restart)
264 |                 restart
265 |                 ;;
266 |         status)
267 |                 status
268 |                 ;;
269 | *)
270 | echo "Usage $0 {start|stop|restart|status}"
271 | RETVAL=1
272 | esac
273 | EOF
274 | ) | tee /etc/init.d/graylog2-web-interface
275 | 
276 | # Make graylog2-web-interface executable
277 | chmod +x /etc/init.d/graylog2-web-interface
278 | 
279 | # Start graylog2-web-interface on bootup
280 | echo "Making graylog2-web-interface startup on boot"
281 | update-rc.d graylog2-web-interface defaults
282 | 
283 | echo "Starting graylog2-web-interface"
284 | service graylog2-web-interface start
285 | 
286 | # Now we need to modify some things to get rsyslog to forward to graylog. this is useful for ESXi syslog format to be correct.
287 | echo "Updating graylog2.conf and rsyslog.conf"
288 | #sed -i -e 's|syslog_listen_port = 514|syslog_listen_port = 10514|' /etc/graylog2.conf
289 | #sed -i -e 's|#$ModLoad immark|$ModLoad immark|' /etc/rsyslog.conf
290 | sed -i -e 's|#$ModLoad imudp|$ModLoad imudp|' /etc/rsyslog.conf
291 | sed -i -e 's|#$UDPServerRun 514|$UDPServerRun 514|' /etc/rsyslog.conf
292 | sed -i -e 's|#$ModLoad imtcp|$ModLoad imtcp|' /etc/rsyslog.conf
293 | sed -i -e 's|#$InputTCPServerRun 514|$InputTCPServerRun 514|' /etc/rsyslog.conf
294 | sed -i -e 's|*.*;auth,authpriv.none|#*.*;auth,authpriv.none|' /etc/rsyslog.d/50-default.conf
295 | echo '$template GRAYLOG2,"<%PRI%>1 %timegenerated:::date-rfc3339% %hostname% %syslogtag% - %APP-NAME%: %msg:::drop-last-lf%\n"' | tee /etc/rsyslog.d/32-graylog2.conf
296 | echo '$ActionForwardDefaultTemplate GRAYLOG2' | tee -a  /etc/rsyslog.d/32-graylog2.conf
297 | echo '$PreserveFQDN on' | tee -a  /etc/rsyslog.d/32-graylog2.conf
298 | echo '*.info @localhost:10514' | tee -a  /etc/rsyslog.d/32-graylog2.conf
299 | sed -i -e 's|graylog2-server.uris=""|graylog2-server.uris="http://127.0.0.1:12900/"|' /opt/graylog2-web-interface/conf/graylog2-web-interface.conf
300 | app_secret=$(pwgen -s 96)
301 | sed -i -e 's|application.secret=""|application.secret="'$app_secret'"|' /opt/graylog2-web-interface/conf/graylog2-web-interface.conf
302 | 
303 | # Fixing /opt/graylog2-web-interface Permissions
304 | echo "Fixing Graylog2 Web Interface Permissions"
305 | chown -R root:root /opt/graylog2*
306 | #chown -R www-data:www-data /opt/graylog2-web-interface*
307 | 
308 | # Cleaning up /opt
309 | echo "Cleaning up"
310 | rm /opt/graylog2-server*.*gz
311 | rm /opt/graylog2-web-interface*.*gz
312 | rm /opt/elasticsearch-0.90.11.deb
313 | 
314 | # Restart All Services
315 | echo "Restarting All Services Required for Graylog2 to work"
316 | service elasticsearch restart
317 | service mongodb restart
318 | service rsyslog restart
319 | 
320 | # All Done
321 | echo "Installation has completed!!"
322 | echo "Browse to IP address of this Graylog2 Server Used for Installation"
323 | echo "IP Address detected from system is $IPADDY"
324 | echo "Browse to http://$IPADDY:9000"
325 | echo "Login with username: admin"
326 | echo "Login with password: password123"
327 | echo "You Entered $SERVERNAME During Install"
328 | echo "Browse to http://$SERVERNAME:9000 If Different"
329 | echo "EveryThingShouldBeVirtual.com"
330 | echo "@mrlesmithjr"
331 | 


--------------------------------------------------------------------------------
/Old_Scripts/install_graylog2_ubuntu.sh:
--------------------------------------------------------------------------------
  1 | #! /bin/bash
  2 | #Provided by @mrlesmithjr
  3 | #EveryThingShouldBeVirtual.com
  4 | #
  5 | #
  6 | # Ubuntu Install Script
  7 | #
  8 | set -e
  9 | # Setup logging
 10 | # Logs stderr and stdout to separate files.
 11 | exec 2> >(tee "./graylog2/install_graylog2.err")
 12 | exec > >(tee "./graylog2/install_graylog2.log")
 13 | #
 14 | # Checking if running as root (10/16/2013 - No longer an issue - Should be ran as root or with sudo)
 15 | # Do not run as root
 16 | # if [[ $EUID -eq 0 ]];then
 17 | # echo "$(tput setaf 1)DO NOT RUN AS ROOT or use SUDO"
 18 | # echo "Now exiting...Hit Return"
 19 | # echo "$(tput setaf 3)Run script as normal non-root user and without sudo$(tput sgr0)"
 20 | # exit 1
 21 | # fi
 22 | 
 23 | # Apache Settings
 24 | # change x.x.x.x to whatever your ip address is of the server you are installing on or let the script auto detect your IP
 25 | # which is the default
 26 | # SERVERNAME="x.x.x.x"
 27 | # SERVERALIAS="x.x.x.x"
 28 | #
 29 | #
 30 | echo "Detecting IP Address"
 31 | IPADDY="$(ifconfig | grep -A 1 'eth0' | tail -1 | cut -d ':' -f 2 | cut -d ' ' -f 1)"
 32 | echo "Detected IP Address is $IPADDY"
 33 | 
 34 | SERVERNAME=$IPADDY
 35 | SERVERALIAS=$IPADDY
 36 | 
 37 | #Ruby Passenger Version
 38 | 
 39 | # Disable CD Sources in /etc/apt/sources.list
 40 | echo "Disabling CD Sources and Updating Apt Packages and Installing Pre-Reqs"
 41 | sed -i -e 's|deb cdrom:|# deb cdrom:|' /etc/apt/sources.list
 42 | apt-get -qq update
 43 | 
 44 | # Install Pre-Reqs
 45 | apt-get -y install git curl apache2 libcurl4-openssl-dev apache2-prefork-dev libapr1-dev libcurl4-openssl-dev apache2-prefork-dev libapr1-dev build-essential openssl libreadline6 libreadline6-dev curl git-core zlib1g zlib1g-dev libssl-dev libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt-dev autoconf libc6-dev ncurses-dev automake libtool bison subversion pkg-config python-software-properties software-properties-common openjdk-7-jre wget
 46 | 
 47 | # Install Oracle Java 7 **NOT Used - Installing openjdk-7-jre above
 48 | # echo "Installing Oracle Java 7"
 49 | # add-apt-repository -y ppa:webupd8team/java
 50 | # apt-get -qq update
 51 | # echo oracle-java7-installer shared/accepted-oracle-license-v1-1 select true | /usr/bin/debconf-set-selections
 52 | # apt-get -y install oracle-java7-installer
 53 | 
 54 | echo "Downloading Elasticsearch"
 55 | # chown -R $USER:$USER /opt
 56 | cd /opt
 57 | # git clone https://github.com/elasticsearch/elasticsearch-servicewrapper.git
 58 | 
 59 | # Download Elasticsearch, Graylog2-Server and Graylog2-Web-Interface
 60 | echo "Downloading Elasticsearch, Graylog2-Server and Graylog2-Web-Interface to /opt"
 61 | # wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-0.20.6.tar.gz
 62 | wget https://github.com/Graylog2/graylog2-server/releases/download/0.12.0/graylog2-server-0.12.0.tar.gz
 63 | wget https://github.com/Graylog2/graylog2-web-interface/releases/download/0.12.0/graylog2-web-interface-0.12.0.tar.gz
 64 | wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-0.20.6.deb
 65 | 
 66 | # Extract files
 67 | echo "Extracting Elasticsearch, Graylog2-Server and Graylog2-Web-Interface to /opt"
 68 | for f in *.tar.gz
 69 | do
 70 | tar zxf "$f"
 71 | done
 72 | 
 73 | # Create Symbolic Links
 74 | echo "Creating SymLinks for elasticsearch and graylog2-server"
 75 | # ln -s elasticsearch-0.20.6/ elasticsearch
 76 | ln -s graylog2-server-0.12.0/ graylog2-server
 77 | 
 78 | # Install elasticsearch
 79 | echo "Installing elasticsearch"
 80 | # mv *servicewrapper*/service elasticsearch/bin/
 81 | # rm -Rf *servicewrapper*
 82 | # /opt/elasticsearch/bin/service/elasticsearch install
 83 | # ln -s `readlink -f elasticsearch/bin/service/elasticsearch` /usr/bin/elasticsearch_ctl
 84 | dpkg -i elasticsearch-0.20.6.deb
 85 | sed -i -e 's|# cluster.name: elasticsearch|cluster.name: graylog2|' /etc/elasticsearch/elasticsearch.yml
 86 | service elasticsearch restart
 87 | 
 88 | # Test elasticsearch
 89 | # curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'
 90 | 
 91 | # Install mongodb
 92 | echo "Installing MongoDB"
 93 | apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10
 94 | echo "deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen" | tee /etc/apt/sources.list.d/10gen.list
 95 | apt-get -qq update
 96 | apt-get -y install mongodb-10gen
 97 | 
 98 | # Install graylog2-server
 99 | echo "Installing graylog2-server"
100 | cd graylog2-server-0.12.0/
101 | cp /opt/graylog2-server/elasticsearch.yml{.example,}
102 | ln -s /opt/graylog2-server/elasticsearch.yml /etc/graylog2-elasticsearch.yml
103 | cp /opt/graylog2-server/graylog2.conf{.example,}
104 | ln -s /opt/graylog2-server/graylog2.conf /etc/graylog2.conf
105 | sed -i -e 's|mongodb_useauth = true|mongodb_useauth = false|' /opt/graylog2-server/graylog2.conf
106 | 
107 | # Create graylog2-server startup script
108 | echo "Creating /etc/init.d/graylog2-server startup script"
109 | (
110 | cat <<'EOF'
111 | #!/bin/sh
112 | #
113 | # graylog2-server: graylog2 message collector
114 | #
115 | # chkconfig: - 98 02
116 | # description: This daemon listens for syslog and GELF messages and stores them in mongodb
117 | #
118 | CMD=$1
119 | NOHUP=`which nohup`
120 | JAVA_CMD=/usr/bin/java
121 | GRAYLOG2_SERVER_HOME=/opt/graylog2-server
122 | start() {
123 |  echo "Starting graylog2-server ..."
124 | $NOHUP $JAVA_CMD -jar $GRAYLOG2_SERVER_HOME/graylog2-server.jar > /var/log/graylog2.log 2>&1 &
125 | }
126 | 
127 | stop() {
128 | PID=`cat /tmp/graylog2.pid`
129 | echo "Stopping graylog2-server ($PID) ..."
130 | kill $PID
131 | }
132 | 
133 | restart() {
134 | echo "Restarting graylog2-server ..."
135 | stop
136 | start
137 | }
138 | 
139 | case "$CMD" in
140 | start)
141 | start
142 | ;;
143 | stop)
144 | stop
145 | ;;
146 | restart)
147 | restart
148 | ;;
149 | *)
150 | echo "Usage $0 {start|stop|restart}"
151 | RETVAL=1
152 | esac
153 | EOF
154 | ) | tee /etc/init.d/graylog2-server
155 | 
156 | # Make graylog2-server executable
157 | chmod +x /etc/init.d/graylog2-server
158 | 
159 | # Start graylog2-server on bootup
160 | echo "Making graylog2-server startup on boot"
161 | update-rc.d graylog2-server defaults
162 | 
163 | # Install graylog2 web interface
164 | echo "Installing graylog2-web-interface"
165 | cd /opt/
166 | ln -s graylog2-web-interface-0.12.0 graylog2-web-interface
167 | mkdir  /opt/graylog2-web-interface-0.12.0/tmp/
168 | 
169 | # Install Ruby
170 | echo "Installing Ruby"
171 | apt-get -y install libgdbm-dev libffi-dev ruby1.9.3
172 | 
173 | # Install Ruby Gems
174 | echo "Installing Ruby Gems"
175 | cd /opt/graylog2-web-interface
176 | gem install bundler --no-ri --no-rdoc
177 | bundle install
178 | 
179 | # Set MongoDB Settings
180 | echo "Configuring MongoDB"
181 | echo "
182 | production:
183 |  host: localhost
184 |  port: 27017
185 |  username: grayloguser
186 |  password: password123
187 |  database: graylog2" | tee /opt/graylog2-web-interface/config/mongoid.yml
188 | 
189 | # Create MongoDB Users and Set Passwords
190 | echo "Creating MongoDB Users and Passwords"
191 | mongo admin --eval "db.addUser('admin', 'password123')"
192 | mongo admin --eval "db.auth('admin', 'password123')"
193 | mongo graylog2 --eval "db.addUser('grayloguser', 'password123')"
194 | mongo graylog2 --eval "db.auth('grayloguser', 'password123')"
195 | 
196 | # Test Install
197 | # cd /opt/graylog2-web-interface
198 | # RAILS_ENV=production script/rails server
199 | 
200 | # Install Apache-passenger
201 | echo "Installing Apache-Passenger Modules"
202 | gem install passenger
203 | # Create Passenger symbolic link to get around versions changing
204 | ln -s /var/lib/gems/1.9.1/gems/passenger-4* /var/lib/gems/1.9.1/gems/passenger
205 | # Build Apache2 passenger module
206 | /var/lib/gems/1.9.1/gems/passenger/bin/passenger-install-apache2-module --auto
207 | 
208 | # Add passenger modules for Apache2
209 | echo "Adding Apache Passenger modules to /etc/apache2/httpd.conf"
210 | echo "LoadModule passenger_module /var/lib/gems/1.9.1/gems/passenger/buildout/apache2/mod_passenger.so" | tee -a /etc/apache2/mods-available/passenger.load
211 | echo "PassengerRoot /var/lib/gems/1.9.1/gems/passenger" | tee -a /etc/apache2/mods-available/passenger.conf
212 | echo "PassengerRuby /usr/bin/ruby1.9.1" | tee -a /etc/apache2/mods-available/passenger.conf
213 | 
214 | # Enable passenger modules
215 | echo "Enabling Apache Passenger module"
216 | a2enmod passenger
217 | 
218 | # Restart Apache2
219 | echo "Restarting Apache2"
220 | service apache2 restart
221 | # If apache fails and complains about unable to load mod_passenger.so check and verify that your passengerroot version matches
222 | 
223 | # Configure Apache virtualhost
224 | echo "Configuring Apache VirtualHost"
225 | echo "
226 | <VirtualHost *:80>
227 | ServerName ${SERVERNAME}
228 | ServerAlias ${SERVERALIAS}
229 | DocumentRoot /opt/graylog2-web-interface/public
230 | 
231 | #Allow from all
232 | Options -MultiViews
233 | 
234 | ErrorLog /var/log/apache2/error.log
235 | LogLevel warn
236 | CustomLog /var/log/apache2/access.log combined
237 | </VirtualHost>" | tee /etc/apache2/sites-available/graylog2
238 | 
239 | # Enable virtualhost
240 | echo "Enabling Apache VirtualHost Settings"
241 | a2dissite 000-default
242 | a2ensite graylog2
243 | service apache2 reload
244 | 
245 | # Restart apache
246 | echo "Restarting Apache2"
247 | service apache2 restart
248 | 
249 | # Now we need to modify some things to get rsyslog to forward to graylog. this is useful for ESXi syslog format to be correct.
250 | echo "Updating graylog2.conf, rsyslog.conf"
251 | sed -i -e 's|syslog_listen_port = 514|syslog_listen_port = 10514|' /etc/graylog2.conf
252 | sed -i -e 's|mongodb_password = 123|mongodb_password = password123|' /etc/graylog2.conf
253 | sed -i -e 's|#$ModLoad immark|$ModLoad immark|' /etc/rsyslog.conf
254 | sed -i -e 's|#$ModLoad imudp|$ModLoad imudp|' /etc/rsyslog.conf
255 | sed -i -e 's|#$UDPServerRun 514|$UDPServerRun 514|' /etc/rsyslog.conf
256 | sed -i -e 's|#$ModLoad imtcp|$ModLoad imtcp|' /etc/rsyslog.conf
257 | sed -i -e 's|#$InputTCPServerRun 514|$InputTCPServerRun 514|' /etc/rsyslog.conf
258 | sed -i -e 's|*.*;auth,authpriv.none|#*.*;auth,authpriv.none|' /etc/rsyslog.d/50-default.conf
259 | echo '$template GRAYLOG2,"<%PRI%>1 %timegenerated:::date-rfc3339% %hostname% %syslogtag% - %APP-NAME%: %msg:::drop-last-lf%\n"' | tee /etc/rsyslog.d/32-graylog2.conf
260 | echo '$ActionForwardDefaultTemplate GRAYLOG2' | tee -a  /etc/rsyslog.d/32-graylog2.conf
261 | echo '$PreserveFQDN on' | tee -a  /etc/rsyslog.d/32-graylog2.conf
262 | # Log syslog levels info and above
263 | echo '*.info @localhost:10514' | tee -a  /etc/rsyslog.d/32-graylog2.conf
264 | 
265 | # Fixing issue with secret_token in /opt/graylog2-web-interface/config/initializers/secret_token.rb
266 | sed -i -e "s|Graylog2WebInterface::Application.config.secret_token = 'CHANGE ME'|Graylog2WebInterface::Application.config.secret_token = 'b356d1af93673e37d6e21399d033d77c15354849fdde6d83fa0dca19608aa71f2fcd9d1f2784fb95e9400d8eeaf6dd9584d8d35b8f0b5c231369a70aac5e5777'|" /opt/graylog2-web-interface/config/initializers/secret_token.rb
267 | 
268 | # Fixing /opt/graylog2-web-interface Permissions
269 | echo "Fixing Graylog2 Web Interface Permissions"
270 | # chown -R root:root /opt/elasticsearch*
271 | chown -R root:root /opt/graylog2*
272 | chown -R www-data:www-data /opt/graylog2-web-interface*
273 | 
274 | # Cleaning up /opt
275 | echo "Cleaning up"
276 | # rm /opt/elasticsearch*.tar.gz
277 | rm /opt/graylog2-server*.tar.gz
278 | rm /opt/graylog2-web-interface*.tar.gz
279 | 
280 | # Restart All Services
281 | echo "Restarting All Services Required for Graylog2 to work"
282 | service elasticsearch restart
283 | service mongodb restart
284 | service graylog2-server restart
285 | service rsyslog restart
286 | service apache2 restart
287 | 
288 | # All Done
289 | echo "Installation has completed!!"
290 | echo "Browse to IP address of this Graylog2 Server Used for Installation"
291 | echo "IP Address detected from system is $IPADDY"
292 | echo "Browse to http://$IPADDY"
293 | echo "You Entered $SERVERNAME During Install"
294 | echo "Browse to http://$SERVERNAME If Different"
295 | echo "EveryThingShouldBeVirtual.com"
296 | echo "@mrlesmithjr"
297 | echo "Enjoy!!!"
298 | 


--------------------------------------------------------------------------------
/Old_Scripts/new_install_graylog2_ubuntu.sh:
--------------------------------------------------------------------------------
  1 | #! /bin/bash
  2 | #Provided by @mrlesmithjr
  3 | #EveryThingShouldBeVirtual.com
  4 | #
  5 | #
  6 | # Ubuntu Install Script
  7 | #
  8 | set -e
  9 | # Setup logging
 10 | # Logs stderr and stdout to separate files.
 11 | exec 2> >(tee "./graylog2/install_graylog2.err")
 12 | exec > >(tee "./graylog2/install_graylog2.log")
 13 | #
 14 | # Checking if running as root
 15 | # Do not run as root
 16 | #if [[ $EUID -eq 0 ]];then
 17 | #echo "$(tput setaf 1)DO NOT RUN AS ROOT or use SUDO"
 18 | #echo "Now exiting...Hit Return"
 19 | #echo "$(tput setaf 3)Run script as normal non-root user and without sudo$(tput sgr0)"
 20 | #exit 1
 21 | #fi
 22 | # Apache Settings
 23 | # change x.x.x.x to whatever your ip address is of the server you are installing on or let the script auto detect your IP
 24 | # which is the default
 25 | # SERVERNAME="x.x.x.x"
 26 | # SERVERALIAS="x.x.x.x"
 27 | #
 28 | #
 29 | echo "Detecting IP Address"
 30 | IPADDY="$(sudo ifconfig | grep -A 1 'eth0' | tail -1 | cut -d ':' -f 2 | cut -d ' ' -f 1)"
 31 | echo "Detected IP Address is $IPADDY"
 32 | 
 33 | SERVERNAME=$IPADDY
 34 | SERVERALIAS=$IPADDY
 35 | 
 36 | # Disable CD Sources in /etc/apt/sources.list
 37 | echo "Disabling CD Sources and Updating Apt Packages and Installing Pre-Reqs"
 38 | sed -i -e 's|deb cdrom:|# deb cdrom:|' /etc/apt/sources.list
 39 | apt-get -qq update
 40 | 
 41 | # Install Pre-Reqs
 42 | apt-get -y install git curl apache2 libcurl4-openssl-dev apache2-prefork-dev libapr1-dev libcurl4-openssl-dev apache2-prefork-dev libapr1-dev build-essential openssl libreadline6 libreadline6-dev curl git-core zlib1g zlib1g-dev libssl-dev libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt-dev autoconf libc6-dev ncurses-dev automake libtool bison subversion pkg-config python-software-properties software-properties-common
 43 | 
 44 | # Install Oracle Java 7
 45 | # echo "Installing Oracle Java 7"
 46 | # add-apt-repository -y ppa:webupd8team/java
 47 | # apt-get -qq update
 48 | # echo oracle-java7-installer shared/accepted-oracle-license-v1-1 select true | /usr/bin/debconf-set-selections
 49 | # apt-get -y install oracle-java7-installer
 50 | 
 51 | #echo "Downloading Elasticsearch"
 52 | #sudo chown -R $USER:$USER /opt
 53 | #cd /opt
 54 | #git clone https://github.com/elasticsearch/elasticsearch-servicewrapper.git
 55 | 
 56 | # Install Java
 57 | apt-get -y install --force-yes openjdk-7-jre-headless
 58 | 
 59 | # Download Elasticsearch, Graylog2-Server and Graylog2-Web-Interface
 60 | echo "Downloading Elastic Search, Graylog2-Server and Graylog2-Web-Interface to /opt"
 61 | cd /opt
 62 | #wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-0.20.6.tar.gz
 63 | wget https://github.com/Graylog2/graylog2-server/releases/download/0.12.0/graylog2-server-0.12.0.tar.gz
 64 | wget https://github.com/Graylog2/graylog2-web-interface/releases/download/0.12.0/graylog2-web-interface-0.12.0.tar.gz
 65 | 
 66 | # Extract files
 67 | echo "Extracting Elasticsearch, Graylog2-Server and Graylog2-Web-Interface to /opt"
 68 | for f in *.tar.gz
 69 | do
 70 | tar zxf "$f"
 71 | done
 72 | 
 73 | # Create Symbolic Links
 74 | echo "Creating SymLinks for elasticsearch and graylog2-server"
 75 | #ln -s elasticsearch-0.20.6/ elasticsearch
 76 | #ln -s graylog2-server-0.11.0/ graylog2-server
 77 | ln -s graylog2-server-0.12.0/ graylog2-server
 78 | 
 79 | # Install elasticsearch
 80 | #echo "Installing elasticsearch"
 81 | #mv *servicewrapper*/service elasticsearch/bin/
 82 | #rm -Rf *servicewrapper*
 83 | #sudo /opt/elasticsearch/bin/service/elasticsearch install
 84 | #sudo ln -s `readlink -f elasticsearch/bin/service/elasticsearch` /usr/bin/elasticsearch_ctl
 85 | #sed -i -e 's|# cluster.name: elasticsearch|cluster.name: graylog2|' /opt/elasticsearch/config/elasticsearch.yml
 86 | #/etc/init.d/elasticsearch start
 87 | 
 88 | # Install Elasticsearch
 89 | wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-0.90.5.deb
 90 | dpkg -i elasticsearch-0.90.5.deb
 91 | 
 92 | sed -i '$a\cluster.name: "default-cluster"' /etc/elasticsearch/elasticsearch.yml
 93 | sed -i '$a\node.name: "elastic-master"' /etc/elasticsearch/elasticsearch.yml
 94 | sed -i '$a\discovery.zen.ping.multicast.enabled: false' /etc/elasticsearch/elasticsearch.yml
 95 | sed -i '$a\discovery.zen.ping.unicast.hosts: ["127.0.0.1:[9300-9400]"]' /etc/elasticsearch/elasticsearch.yml
 96 | sed -i '$a\node.master: true' /etc/elasticsearch/elasticsearch.yml
 97 | sed -i '$a\node.data: true' /etc/elasticsearch/elasticsearch.yml
 98 | sed -i '$a\index.number_of_shards: 1' /etc/elasticsearch/elasticsearch.yml
 99 | sed -i '$a\index.number_of_replicas: 0' /etc/elasticsearch/elasticsearch.yml
100 | sed -i '$a\bootstrap.mlockall: true' /etc/elasticsearch/elasticsearch.yml
101 | service elasticsearch restart
102 | 
103 | # Test elasticsearch
104 | # curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'
105 | 
106 | # Install mongodb
107 | echo "Installing MongoDB"
108 | apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10
109 | echo "deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen" | sudo tee /etc/apt/sources.list.d/10gen.list
110 | apt-get -qq update
111 | apt-get -y install mongodb-10gen
112 | 
113 | # Install graylog2-server
114 | echo "Installing graylog2-server"
115 | cd graylog2-server-0.12.0/
116 | cp /opt/graylog2-server/elasticsearch.yml{.example,}
117 | ln -s /opt/graylog2-server/elasticsearch.yml /etc/graylog2-elasticsearch.yml
118 | cp /opt/graylog2-server/graylog2.conf{.example,}
119 | ln -s /opt/graylog2-server/graylog2.conf /etc/graylog2.conf
120 | sed -i -e 's|mongodb_useauth = true|mongodb_useauth = false|' /opt/graylog2-server/graylog2.conf
121 | # sed -i -e 's|elasticsearch_config_file = /etc/graylog2-elasticsearch.yml|elasticsearch_config_file = /etc/elasticsearch/elasticsearch.yml|' /opt/graylog2-server/graylog2.conf
122 | # Create graylog2-server startup script
123 | echo "Creating /etc/init.d/graylog2-server startup script"
124 | (
125 | cat <<'EOF'
126 | #!/bin/sh
127 | #
128 | # graylog2-server: graylog2 message collector
129 | #
130 | # chkconfig: - 98 02
131 | # description: This daemon listens for syslog and GELF messages and stores them in mongodb
132 | #
133 | CMD=$1
134 | NOHUP=`which nohup`
135 | JAVA_CMD=/usr/bin/java
136 | GRAYLOG2_SERVER_HOME=/opt/graylog2-server
137 | start() {
138 |  echo "Starting graylog2-server ..."
139 | $NOHUP $JAVA_CMD -jar $GRAYLOG2_SERVER_HOME/graylog2-server.jar > /var/log/graylog2.log 2>&1 &
140 | }
141 | 
142 | stop() {
143 | PID=`cat /tmp/graylog2.pid`
144 | echo "Stopping graylog2-server ($PID) ..."
145 | kill $PID
146 | }
147 | 
148 | restart() {
149 | echo "Restarting graylog2-server ..."
150 | stop
151 | start
152 | }
153 | 
154 | case "$CMD" in
155 | start)
156 | start
157 | ;;
158 | stop)
159 | stop
160 | ;;
161 | restart)
162 | restart
163 | ;;
164 | *)
165 | echo "Usage $0 {start|stop|restart}"
166 | RETVAL=1
167 | esac
168 | EOF
169 | ) | tee /etc/init.d/graylog2-server
170 | 
171 | # Make graylog2-server executable
172 | chmod +x /etc/init.d/graylog2-server
173 | 
174 | # Start graylog2-server on bootup
175 | echo "Making graylog2-server startup on boot"
176 | update-rc.d graylog2-server defaults
177 | 
178 | # Install graylog2 web interface
179 | echo "Installing graylog2-web-interface"
180 | cd /opt/
181 | ln -s graylog2-web-interface-0.12.0 graylog2-web-interface
182 | 
183 | # Install Ruby
184 | echo "Installing Ruby"
185 | apt-get -y install libgdbm-dev libffi-dev ruby1.9.3
186 | 
187 | # Install Ruby Gems
188 | echo "Installing Ruby Gems"
189 | cd /opt/graylog2-web-interface
190 | gem install bundler --no-ri --no-rdoc
191 | bundle install
192 | 
193 | # Set MongoDB Settings
194 | echo "Configuring MongoDB"
195 | echo "
196 | production:
197 |  host: localhost
198 |  port: 27017
199 |  username: grayloguser
200 |  password: password123
201 |  database: graylog2" | tee /opt/graylog2-web-interface/config/mongoid.yml
202 | 
203 | # Create MongoDB Users and Set Passwords
204 | echo Creating MongoDB Users and Passwords
205 | mongo admin --eval "db.addUser('admin', 'password123')"
206 | mongo admin --eval "db.auth('admin', 'password123')"
207 | mongo graylog2 --eval "db.addUser('grayloguser', 'password123')"
208 | mongo graylog2 --eval "db.auth('grayloguser', 'password123')"
209 | 
210 | # Test Install
211 | # cd /opt/graylog2-web-interface
212 | # RAILS_ENV=production script/rails server
213 | 
214 | # Install Apache-passenger
215 | echo Installing Apache-Passenger Modules
216 | gem install passenger
217 | /var/lib/gems/1.9.1/gems/passenger-4.0.20/bin/passenger-install-apache2-module --auto
218 | 
219 | # Add passenger modules for Apache2
220 | echo "Adding Apache Passenger modules to /etc/apache2/httpd.conf"
221 | echo "LoadModule passenger_module /var/lib/gems/1.9.1/gems/passenger-4.0.20/buildout/apache2/mod_passenger.so" | tee -a /etc/apache2/mods-available/passenger.load
222 | echo "PassengerRoot /var/lib/gems/1.9.1/gems/passenger-4.0.20" | tee -a /etc/apache2/mods-available/passenger.conf
223 | echo "PassengerRuby /usr/bin/ruby1.9.1" | tee -a /etc/apache2/mods-available/passenger.conf
224 | 
225 | # Enable passenger modules
226 | a2enmod passenger
227 | 
228 | # Restart Apache2
229 | echo "Restarting Apache2"
230 | service apache2 restart
231 | # If apache fails and complains about unable to load mod_passenger.so check and verify that your passengerroot version matches
232 | 
233 | # Configure Apache virtualhost
234 | echo "Configuring Apache VirtualHost"
235 | echo "
236 | <VirtualHost *:80>
237 | ServerName ${SERVERNAME}
238 | ServerAlias ${SERVERALIAS}
239 | DocumentRoot /opt/graylog2-web-interface/public
240 | 
241 | #Allow from all
242 | Options -MultiViews
243 | 
244 | ErrorLog /var/log/apache2/error.log
245 | LogLevel warn
246 | CustomLog /var/log/apache2/access.log combined
247 | </VirtualHost>" | tee /etc/apache2/sites-available/graylog2
248 | 
249 | # Enable virtualhost
250 | echo "Enabling Apache VirtualHost Settings"
251 | a2dissite 000-default
252 | a2ensite graylog2
253 | service apache2 reload
254 | 
255 | # Restart apache
256 | echo "Restarting Apache2"
257 | service apache2 restart
258 | 
259 | # Now we need to modify some things to get rsyslog to forward to graylog. this is useful for ESXi syslog format to be correct.
260 | echo "Updating graylog2.conf, rsyslog.conf"
261 | sed -i -e 's|syslog_listen_port = 514|syslog_listen_port = 10514|' /etc/graylog2.conf
262 | sed -i -e 's|mongodb_password = 123|mongodb_password = password123|' /etc/graylog2.conf
263 | sed -i -e 's|#$ModLoad immark|$ModLoad immark|' /etc/rsyslog.conf
264 | sed -i -e 's|#$ModLoad imudp|$ModLoad imudp|' /etc/rsyslog.conf
265 | sed -i -e 's|#$UDPServerRun 514|$UDPServerRun 514|' /etc/rsyslog.conf
266 | sed -i -e 's|#$ModLoad imtcp|$ModLoad imtcp|' /etc/rsyslog.conf
267 | sed -i -e 's|#$InputTCPServerRun 514|$InputTCPServerRun 514|' /etc/rsyslog.conf
268 | sed -i -e 's|*.*;auth,authpriv.none|#*.*;auth,authpriv.none|' /etc/rsyslog.d/50-default.conf
269 | # echo '$template GRAYLOG2,"<%PRI%>1 %timegenerated:::date-rfc3339% %HOSTNAME% %syslogtag% - %APP-NAME%: %msg:::drop-last-lf%\n"' | sudo tee /etc/rsyslog.d/32-graylog2.conf
270 | #echo '$template GRAYLOG2,"<%PRI%>1 %timegenerated:::date-rfc3339% %FROMHOST% %syslogtag% - %APP-NAME%: %msg:::drop-last-lf%\n"' | sudo tee /etc/rsyslog.d/32-graylog2.conf
271 | #echo '$ActionForwardDefaultTemplate GRAYLOG2' | tee -a  /etc/rsyslog.d/32-graylog2.conf
272 | #echo '$PreserveFQDN on' | tee -a  /etc/rsyslog.d/32-graylog2.conf
273 | #echo '*.err;*.crit;*.alert;*.emerg;cron.*;auth,authpriv.* @localhost:10514' | sudo tee -a  /etc/rsyslog.d/32-graylog2.conf
274 | # Log syslog levels info and above
275 | # echo '*.info @localhost:10514' | tee -a  /etc/rsyslog.d/32-graylog2.conf
276 | echo '*.* @localhost:5544' | tee -a /etc/rsyslog.d/50-default.conf
277 | 
278 | #Fixing issue with secret_token in /opt/graylog2-web-interface/config/initializers/secret_token.rb
279 | sed -i -e "s|Graylog2WebInterface::Application.config.secret_token = 'CHANGE ME'|Graylog2WebInterface::Application.config.secret_token = 'b356d1af93673e37d6e21399d033d77c15354849fdde6d83fa0dca19608aa71f2fcd9d1f2784fb95e9400d8eeaf6dd9584d8d35b8f0b5c231369a70aac5e5777'|" /opt/graylog2-web-interface/config/initializers/secret_token.rb
280 | 
281 | chown -R root:root /opt/elasticsearch*
282 | chown -R root:root /opt/graylog2*
283 | chown -R www-data:www-data /opt/graylog2-web-interface
284 | chown -R www-data:www-data /opt/graylog2-web-interface/
285 | 
286 | # Cleaning up /opt
287 | echo "Cleaning up"
288 | # rm /opt/elasticsearch*.tar.gz
289 | rm /opt/graylog2-server*.tar.gz
290 | rm /opt/graylog2-web-interface*.tar.gz
291 | 
292 | # Restart All Services
293 | echo "Restarting All Services Required for Graylog2 to work"
294 | service elasticsearch restart
295 | service mongodb restart
296 | service graylog2-server restart
297 | service rsyslog restart
298 | service apache2 restart
299 | 
300 | # Install Logstash 
301 | gem install fpm
302 | cd ~
303 | git clone https://github.com/Yuav/logstash-packaging.git --depth=1
304 | cd logstash-packaging
305 | ./package.sh
306 | cd ..
307 | dpkg -i logstash_*.deb
308 | sed -i -e 's|export JAVA_HOME=/usr/lib/jvm/default-java|export JAVA_HOME=/usr/lib/jvm/java-7-openjdk-amd64|' /etc/init.d/logstash
309 | (
310 | cat <<'EOF'
311 | input {
312 | udp {
313 | type => "syslog"
314 | port => "5544"
315 | }
316 | }
317 | 
318 | 
319 | filter {
320 | grep {
321 | type => "syslog"
322 | match => [ "@message", "dhclient:" ]
323 | negate => true
324 | }
325 | }
326 | 
327 | output {
328 | elasticsearch {
329 | embedded => false
330 | host => "127.0.0.1"
331 | }
332 | output {
333 |   stdout { }
334 |   gelf {
335 |     facility => "logstash-gelf"
336 |     host => '127.0.0.1'
337 |   }
338 | }
339 | EOF
340 | ) | sudo tee /etc/logstash/logstash.conf
341 | 
342 | rm /etc/logstash/syslog.conf
343 | 
344 | service logstash restart
345 | 
346 | # Install and configure the Kibana frontend
347 | cd /opt
348 | git clone --branch=kibana-ruby https://github.com/rashidkpc/Kibana.git
349 | cd /opt/Kibana
350 | sed -i 's#KibanaHost =.*#KibanaHost = "0.0.0.0"#' KibanaConfig.rb
351 | sed -i 's#KibanaPort =.*#KibanaPort = 8080#' KibanaConfig.rb
352 | gem install bundler
353 | bundle install
354 | 
355 | # Create Kibana conf file
356 | tee -a /etc/init/kibana.conf <<EOF
357 | # Kibana
358 | #
359 | 
360 | description Kibana:"logstash frontend"
361 | 
362 | start on virtual-filesystems
363 | stop on runlevel [06]
364 | 
365 | respawn
366 | respawn limit 5 30
367 | 
368 | chdir /opt/Kibana
369 | 
370 | console log
371 | 
372 | script
373 |   exec ruby kibana.rb
374 | end script
375 | EOF
376 | 
377 | initctl reload-configuration
378 | start kibana
379 | 
380 | # All Done
381 | echo "Installation has completed!!"
382 | echo "Browse to IP address of this Graylog2 Server Used for Installation"
383 | echo "IP Address detected from system is $IPADDY"
384 | echo "Browse to http://$IPADDY"
385 | echo "You Entered $SERVERNAME During Install"
386 | echo "Browse to http://$SERVERNAME If Different"
387 | echo "Browse to http://$IPADDY:8080 to access Kibana/logstash"
388 | echo "EveryThingShouldBeVirtual.com"
389 | echo "@mrlesmithjr"
390 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # graylog2
 2 | 
 3 | This installation script will perform an automated install of [Graylog2](http://graylog2.org)
 4 | on Ubuntu 12.04/12.10/13.10/14.04 and will be updated as times goes on.
 5 | 
 6 | > NOTE: This repo is no longer updated or maintained.
 7 | >
 8 | > Update 02/21/2014 - Graylog2 v0.12.0 no longer maintained - v0.20.x is the
 9 | > going forward version (The script to use now is for version v0.20.x)
10 | >
11 | > Update 04/30/2014 - All older unmaintained v.0.12.0 scripts are in `graylog2/Old_Scripts`
12 | >
13 | > Update 01/21/2015 - Newest versions maintained are 0.9x.x
14 | >
15 | > Update 11/19/2015 - A note about this repo and scripts....No further development
16 | > is being done. For a newer version (Not always up to date) using Ansible for
17 | > deployments can be found at <https://github.com/mrlesmithjr/ansible-graylog>
18 | 
19 | ## Installation steps
20 | 
21 | ### Ubuntu
22 | 
23 | ```bash
24 | sudo apt-get -y install git
25 | cd ~
26 | git clone https://github.com/mrlesmithjr/graylog2
27 | chmod +x ./graylog2/install_graylog2_90_ubuntu.sh
28 | ```
29 | 
30 | To change your ip address of the server you are installing on you will need to edit the script or let the script auto detect your IP for you. The default is auto detect. If you use the default of auto detect skip editing the file and continue on.
31 | 
32 | Edit the file
33 | 
34 | ```bash
35 | nano ./graylog2/install_graylog2_90_ubuntu.sh
36 | ```
37 | 
38 | Save the file with ctrl^x.
39 | 
40 | Now enter the following to start running the script.
41 | 
42 | ```bash
43 | cd ~
44 | sudo ./graylog2/install_graylog2_90_ubuntu.sh
45 | ```
46 | 
47 | ### Debian 6.0
48 | 
49 | Within the github repository there is also a script to automate a Debian 6.0 Graylog2 (v0.12.0) installation. If you are installing on Debian 6.0 run the following instead.
50 | 
51 | ```bash
52 | chmod +x ./graylog2/Old_Scripts/install_graylog2_debian.sh
53 | cd ~
54 | ./graylog2/Old_Scripts/install_graylog2_debian.sh
55 | ```
56 | 
57 | ### CentOS
58 | 
59 | There is also a CentOS script for installing Graylog2. Thanks to boardstretcher for the help on this. <https://github.com/boardstretcher>
60 | 
61 | ```bash
62 | chmod +x ./graylog2/install_graylog2_20_centos.sh
63 | ./graylog2/install_graylog2_20_centos.sh
64 | ```
65 | 
66 | ## Uninstall steps for Preview/RC/Final v0.20.0 releases
67 | 
68 | ```bash
69 | cd ~
70 | mv graylog2 graylog2.old
71 | git clone <https://github.com/mrlesmithjr/graylog2/>
72 | chmod +x ./graylog2/Uninstall_Scripts/uninstall_graylog2_preview_ubuntu.sh
73 | sudo ./graylog2/Uninstall_Scripts/uninstall_graylog2_preview_ubuntu.sh
74 | ```
75 | 
76 | ## Upgrade steps from Preview/RC to Final v0.20.0 releases (**_Use with caution as of now_**) \*\*Not for v0.12.0 to v0.20.x versions!!!
77 | 
78 | ```bash
79 | cd ~
80 | mv graylog2 graylog2.old
81 | git clone <https://github.com/mrlesmithjr/graylog2/>
82 | chmod +x ./graylog2/Upgrade_Scripts/upgrade_to_graylog2_20_ubuntu.sh
83 | sudo ./graylog2/Upgrade_Scripts/upgrade_to_graylog2_20_ubuntu.sh
84 | ```
85 | 
86 | ## Author Info
87 | 
88 | -   [@mrlesmithjr](https://www.twitter.com/mrlesmithjr)
89 | -   [EverythingShouldBeVirtual](http://everythingshouldbevirtual.com)
90 | 


--------------------------------------------------------------------------------
/Uninstall_Scripts/uninstall_graylog2_preview_ubuntu.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | # Provided by @mrlesmithjr
 3 | # EveryThingShouldBeVirtual.com
 4 | #
 5 | # Ubuntu Graylog2 Preview/RC Uninstall Script
 6 | set -e
 7 | # Setup logging
 8 | # Logs stderr and stdout to separate files.
 9 | exec 2> >(tee "./graylog2/uninstall_graylog2.err")
10 | exec > >(tee "./graylog2/uninstall_graylog2.log")
11 | #
12 | service rsyslog stop
13 | service mongodb stop
14 | service elasticsearch stop
15 | service graylog2-web-interface stop
16 | rm /etc/init.d/graylog2-web-interface
17 | update-rc.d graylog2-web-interface remove
18 | service graylog2-server stop
19 | rm /etc/init.d/graylog2-server
20 | update-rc.d graylog2-server remove
21 | rm /etc/graylog2.conf
22 | apt-get -y remove mongodb-10gen
23 | apt-get -y purge mongodb-10gen
24 | dpkg -r elasticsearch
25 | dpkg -P elasticsearch
26 | rm -rf /opt/graylog2-*
27 | rm /etc/graylog2-server-node-id
28 | rm -rf /var/lib/mongodb
29 | 


--------------------------------------------------------------------------------
/Uninstall_Scripts/uninstall_graylog2_v0.12.0_ubuntu.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | #Provided by @mrlesmithjr
 3 | #EveryThingShouldBeVirtual.com
 4 | 
 5 | # Ubuntu Uninstall Script for Graylog2 v.0.12.0
 6 | 
 7 | set -e
 8 | # Setup logging
 9 | # Logs stderr and stdout to separate files.
10 | exec 2> >(tee "./graylog2/uninstall_graylog2.err")
11 | exec > >(tee "./graylog2/uninstall_graylog2.log")
12 | 
13 | # Stop All Services
14 | echo "Stopping All Services Required for Graylog2 to work"
15 | service elasticsearch stop
16 | service mongodb stop
17 | service graylog2-server stop
18 | service rsyslog stop
19 | service apache2 stop
20 | 
21 | # Disable virtualhost
22 | echo "Disabling Apache VirtualHost Settings"
23 | a2ensite 000-default
24 | a2dissite graylog2
25 | service apache2 reload
26 | rm /etc/apache2/sites-available/graylog2
27 | 
28 | # Disable passenger modules
29 | echo "Enabling Apache Passenger module"
30 | a2dismod passenger
31 | rm /etc/apache2/mods-available/passenger.conf
32 | rm /etc/apache2/mods-available/passenger.load
33 | 
34 | # Uninstall all Ruby Gems
35 | for i in `gem list --no-versions`; do gem uninstall -aIx $i; done
36 | 
37 | # Uninstall graylog2-server
38 | rm /etc/init.d/graylog2-server
39 | update-rc.d graylog2-server remove
40 | rm /etc/graylog2.conf
41 | 
42 | # Remove /opt/graylog2*
43 | rm /etc/graylog2-elasticsearch.yml
44 | rm -rf /opt/graylog2*
45 | 
46 | # Uninstall elasticsearch
47 | /opt/elasticsearch/bin/service/elasticsearch remove
48 | rm -rf /opt/elasticsearch*
49 | 
50 | # Uninstall MongoDB
51 | apt-get -y remove mongodb-10gen
52 | apt-get -y purge mongodb-10gen
53 | 
54 | # Cleanup rsyslog
55 | rm /etc/rsyslog.d/32-graylog2.conf
56 | service rsyslog restart
57 | 
58 | # Remove old package dependencies
59 | apt-get remove -y apache2 apache2-prefork-dev apache2-prefork-dev pkg-config python-software-properties software-properties-common
60 | 
61 | # All Done
62 | echo "Uninstall has completed!!"
63 | echo "EveryThingShouldBeVirtual.com"
64 | echo "@mrlesmithjr"
65 | 


--------------------------------------------------------------------------------
/Upgrade_Scripts/Graylog2_Appliance_Upgrade.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | #Provided by @mrlesmithjr
  3 | #EveryThingShouldBeVirtual.com
  4 | 
  5 | # Graylog2 upgrade script for appliance
  6 | 
  7 | set -e
  8 | # Setup logging
  9 | # Logs stderr and stdout to separate files.
 10 | exec 2> >(tee "./graylog2/upgrade_graylog2.err")
 11 | exec > >(tee "./graylog2/upgrade_graylog2.log")
 12 | 
 13 | # Setup Pause function
 14 | function pause(){
 15 |    read -p "$*"
 16 | }
 17 | 
 18 | echo "Detecting IP Address"
 19 | IPADDY="$(ifconfig | grep -A 1 'eth0' | tail -1 | cut -d ':' -f 2 | cut -d ' ' -f 1)"
 20 | echo "Detected IP Address is $IPADDY"
 21 | 
 22 | SERVERNAME=$IPADDY
 23 | SERVERALIAS=$IPADDY
 24 | 
 25 | # Stop Graylog2 Services
 26 | service graylog2-server stop
 27 | service graylog2-web-interface stop
 28 | 
 29 | # Remove graylog2 symlinks
 30 | rm /opt/graylog2-server
 31 | rm /opt/graylog2-web-interface
 32 | 
 33 | # Remove previous graylog2 server and web-interface
 34 | rm -rf /opt/graylog2-server*
 35 | cp /etc/graylog2.conf /etc/graylog2.conf.orig
 36 | rm -rf /opt/graylog2-web-interface*
 37 | 
 38 | # Download Graylog2-Server and Graylog2-Web-Interface
 39 | echo "Downloading Graylog2-Server and Graylog2-Web-Interface to /opt"
 40 | cd /opt
 41 | wget https://github.com/Graylog2/graylog2-server/releases/download/0.20.3/graylog2-server-0.20.3.tgz
 42 | wget https://github.com/Graylog2/graylog2-web-interface/releases/download/0.20.3/graylog2-web-interface-0.20.3.tgz
 43 | 
 44 | # Extract files
 45 | echo "Extracting Graylog2-Server and Graylog2-Web-Interface to /opt"
 46 |   for f in *.*gz
 47 | do
 48 | tar zxf "$f"
 49 | done
 50 | 
 51 | # Reconfigure graylog2-server startup
 52 | update-rc.d -f graylog2-server remove
 53 | update-rc.d graylog2-server defaults 96 04
 54 | 
 55 | # Create Symbolic Links
 56 | echo "Creating SymLink Graylog2-server"
 57 | ln -s graylog2-server-0.2*/ graylog2-server
 58 | 
 59 | # Install graylog2-server
 60 | echo "Installing graylog2-server"
 61 | echo -n "Enter a password to use for the admin account to login to the Graylog2 webUI: "
 62 | read adminpass
 63 | echo "You entered $adminpass (MAKE SURE TO NOT FORGET THIS PASSWORD!)"
 64 | pause 'Press [Enter] key to continue...'
 65 | cd graylog2-server/
 66 | cp /etc/graylog2.conf /etc/graylog2.conf.pre-upgrade
 67 | cp /opt/graylog2-server/graylog2.conf{.example,}
 68 | mv graylog2.conf /etc/
 69 | pass_secret=$(pwgen -s 96)
 70 | admin_pass_hash=$(echo -n $adminpass|sha256sum|awk '{print $1}')
 71 | sed -i -e 's|password_secret =|password_secret = '$pass_secret'|' /etc/graylog2.conf
 72 | sed -i -e "s|root_password_sha2 =|root_password_sha2 = $admin_pass_hash|" /etc/graylog2.conf
 73 | sed -i -e 's|elasticsearch_shards = 4|elasticsearch_shards = 1|' /etc/graylog2.conf
 74 | sed -i -e 's|mongodb_useauth = true|mongodb_useauth = false|' /etc/graylog2.conf
 75 | sed -i -e 's|#elasticsearch_discovery_zen_ping_multicast_enabled = false|elasticsearch_discovery_zen_ping_multicast_enabled = false|' /etc/graylog2.conf
 76 | sed -i -e 's|#elasticsearch_discovery_zen_ping_unicast_hosts = 192.168.1.203:9300|elasticsearch_discovery_zen_ping_unicast_hosts = 127.0.0.1:9300|' /etc/graylog2.conf
 77 | 
 78 | # Setting new retention policy setting or Graylog2 Server will not start
 79 | sed -i 's|retention_strategy = delete|retention_strategy = close|' /etc/graylog2.conf
 80 | 
 81 | # This setting is required as of v0.20.2 in /etc/graylog2.conf
 82 | sed -i -e 's|#rest_transport_uri = http://192.168.1.1:12900/|rest_transport_uri = http://127.0.0.1:12900/|' /etc/graylog2.conf
 83 | 
 84 | # Install graylog2 web interface
 85 | echo "Installing graylog2-web-interface"
 86 | cd /opt/
 87 | ln -s graylog2-web-interface-0.2*/ graylog2-web-interface
 88 | 
 89 | # Setting up graylog2 web interface
 90 | sed -i -e 's|graylog2-server.uris=""|graylog2-server.uris="http://127.0.0.1:12900/"|' /opt/graylog2-web-interface/conf/graylog2-web-interface.conf
 91 | app_secret=$(pwgen -s 96)
 92 | sed -i -e 's|application.secret=""|application.secret="'$app_secret'"|' /opt/graylog2-web-interface/conf/graylog2-web-interface.conf
 93 | 
 94 | # Fixing /opt/graylog2-web-interface Permissions
 95 | echo "Fixing Graylog2 Web Interface Permissions"
 96 | chown -R root:root /opt/graylog2*
 97 | 
 98 | # Cleaning up /opt
 99 | echo "Cleaning up"
100 | rm /opt/graylog2-server*.*gz
101 | rm /opt/graylog2-web-interface*.*gz
102 | 
103 | # Restart Services
104 | service graylog2-server restart
105 | service graylog2-web-interface restart
106 | 
107 | # All Done
108 | echo "Installation has completed!!"
109 | echo "Browse to IP address of this Graylog2 Server Used for Installation"
110 | echo "IP Address detected from system is $IPADDY"
111 | echo "Browse to http://$IPADDY:9000"
112 | echo "Login with username: admin"
113 | echo "Login with password: $adminpass"
114 | echo "You Entered $SERVERNAME During Install"
115 | echo "Browse to http://$SERVERNAME:9000 If Different"
116 | echo "EveryThingShouldBeVirtual.com"
117 | echo "@mrlesmithjr"
118 | 


--------------------------------------------------------------------------------
/Upgrade_Scripts/upgrade_to_graylog2_20_ubuntu.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | # Provided by @mrlesmithjr
  3 | # EveryThingShouldBeVirtual.com
  4 | #
  5 | # Ubuntu Graylog2 Preview/RC Upgrade to Final v0.20.0 Script
  6 | set -e
  7 | # Setup logging
  8 | # Logs stderr and stdout to separate files.
  9 | exec 2> >(tee "./graylog2/upgrade_graylog2.err")
 10 | exec > >(tee "./graylog2/upgrade_graylog2.log")
 11 | 
 12 | service graylog2-web-interface stop
 13 | rm /etc/init.d/graylog2-web-interface
 14 | update-rc.d graylog2-web-interface remove
 15 | service graylog2-server stop
 16 | rm /etc/init.d/graylog2-server
 17 | update-rc.d graylog2-server remove
 18 | mv /etc/graylog2.conf /etc/graylog2.bak
 19 | rm -rf /opt/graylog2-*
 20 | # rm /etc/graylog2-server-node-id
 21 | 
 22 | echo "Detecting IP Address"
 23 | IPADDY="$(ifconfig | grep -A 1 'eth0' | tail -1 | cut -d ':' -f 2 | cut -d ' ' -f 1)"
 24 | echo "Detected IP Address is $IPADDY"
 25 | 
 26 | SERVERNAME=$IPADDY
 27 | SERVERALIAS=$IPADDY
 28 | 
 29 | # Download Elasticsearch, Graylog2-Server and Graylog2-Web-Interface
 30 | echo "Downloading Elastic Search, Graylog2-Server and Graylog2-Web-Interface to /opt"
 31 | cd /opt
 32 | wget https://github.com/Graylog2/graylog2-server/releases/download/0.20.3/graylog2-server-0.20.3.tgz
 33 | wget https://github.com/Graylog2/graylog2-web-interface/releases/download/0.20.3/graylog2-web-interface-0.20.3.tgz
 34 | 
 35 | # Extract files
 36 | echo "Extracting Graylog2-Server and Graylog2-Web-Interface to /opt"
 37 |   for f in *.*gz
 38 | do
 39 | tar zxf "$f"
 40 | done
 41 | 
 42 | # Reconfigure graylog2-server startup
 43 | update-rc.d -f graylog2-server remove
 44 | update-rc.d graylog2-server defaults 96 04
 45 | 
 46 | # Create Symbolic Links
 47 | echo "Creating SymLink Graylog2-server"
 48 | ln -s graylog2-server-0.2*/ graylog2-server
 49 | 
 50 | # Making changes to /etc/security/limits.conf to allow more open files for elasticsearch
 51 | mv /etc/security/limits.conf /etc/security/limits.bak
 52 | grep -Ev "# End of file" /etc/security/limits.bak > /etc/security/limits.conf
 53 | echo "elasticsearch soft nofile 32000" >> /etc/security/limits.conf
 54 | echo "elasticsearch hard nofile 32000" >> /etc/security/limits.conf
 55 | echo "# End of file" >> /etc/security/limits.conf
 56 | 
 57 | # Install graylog2-server
 58 | echo "Installing graylog2-server"
 59 | cd graylog2-server/
 60 | cp /opt/graylog2-server/graylog2.conf{.example,}
 61 | mv graylog2.conf /etc/
 62 | #ln -s /opt/graylog2-server/graylog2.conf /etc/graylog2.conf
 63 | pass_secret=$(pwgen -s 96)
 64 | sed -i -e 's|password_secret =|password_secret = '$pass_secret'|' /etc/graylog2.conf
 65 | #root_pass_sha2=$(echo -n password123 | shasum -a 256)
 66 | sed -i -e "s|root_password_sha2 =|root_password_sha2 = ef92b778bafe771e89245b89ecbc08a44a4e166c06659911881f383d4473e94f|" /etc/graylog2.conf
 67 | sed -i -e 's|elasticsearch_shards = 4|elasticsearch_shards = 1|' /etc/graylog2.conf
 68 | sed -i -e 's|mongodb_useauth = true|mongodb_useauth = false|' /etc/graylog2.conf
 69 | sed -i -e 's|#elasticsearch_discovery_zen_ping_multicast_enabled = false|elasticsearch_discovery_zen_ping_multicast_enabled = false|' /etc/graylog2.conf
 70 | sed -i -e 's|#elasticsearch_discovery_zen_ping_unicast_hosts = 192.168.1.203:9300|elasticsearch_discovery_zen_ping_unicast_hosts = 127.0.0.1:9300|' /etc/graylog2.conf
 71 | # Setting new retention policy setting or Graylog2 Server will not start
 72 | sed -i 's|retention_strategy = delete|retention_strategy = close|' /etc/graylog2.conf
 73 | 
 74 | # Create graylog2-server startup script
 75 | echo "Creating /etc/init.d/graylog2-server startup script"
 76 | (
 77 | cat <<'EOF'
 78 | #!/bin/bash
 79 | 
 80 | ### BEGIN INIT INFO
 81 | # Provides: graylog2-server
 82 | # Required-Start: $elasticsearch
 83 | # Required-Stop: $graylog2-web-interface
 84 | # Default-Start: 2 3 4 5
 85 | # Default-Stop: 0 1 6
 86 | # Short-Description: Start graylog2-server at boot time
 87 | # Description: Starts graylog2-server using start-stop-daemon
 88 | ### END INIT INFO
 89 | 
 90 | CMD=$1
 91 | NOHUP=`which nohup`
 92 | 
 93 | GRAYLOG2CTL_DIR="/opt/graylog2-server/bin"
 94 | GRAYLOG2_SERVER_JAR=graylog2-server.jar
 95 | GRAYLOG2_CONF=/etc/graylog2.conf
 96 | GRAYLOG2_PID=/tmp/graylog2.pid
 97 | LOG_FILE=log/graylog2-server.log
 98 | 
 99 | start() {
100 | echo "Starting graylog2-server ..."
101 | cd "$GRAYLOG2CTL_DIR/.."
102 | # sleep 2m
103 | $NOHUP java -jar ${GRAYLOG2_SERVER_JAR} -f ${GRAYLOG2_CONF} -p ${GRAYLOG2_PID} >> ${LOG_FILE} &
104 | }
105 | 
106 | stop() {
107 | PID=`cat ${GRAYLOG2_PID}`
108 | echo "Stopping graylog2-server ($PID) ..."
109 | if kill $PID; then
110 | rm ${GRAYLOG2_PID}
111 | fi
112 | }
113 | 
114 | restart() {
115 | echo "Restarting graylog2-server ..."
116 | stop
117 | start
118 | }
119 | 
120 | status() {
121 | pid=$(get_pid)
122 | if [ ! -z $pid ]; then
123 | if pid_running $pid; then
124 | echo "graylog2-server running as pid $pid"
125 | return 0
126 | else
127 | echo "Stale pid file with $pid - removing..."
128 | rm ${GRAYLOG2_PID}
129 | fi
130 | fi
131 | 
132 | echo "graylog2-server not running"
133 | }
134 | 
135 | get_pid() {
136 | cat ${GRAYLOG2_PID} 2> /dev/null
137 | }
138 | 
139 | pid_running() {
140 | kill -0 $1 2> /dev/null
141 | }
142 | 
143 | case "$CMD" in
144 | start)
145 | start
146 | ;;
147 | stop)
148 | stop
149 | ;;
150 | restart)
151 | restart
152 | ;;
153 | status)
154 | status
155 | ;;
156 | *)
157 | echo "Usage $0 {start|stop|restart|status}"
158 | RETVAL=1
159 | esac
160 | EOF
161 | ) | tee /etc/init.d/graylog2-server
162 | 
163 | # Make graylog2-server executable
164 | chmod +x /etc/init.d/graylog2-server
165 | 
166 | # Start graylog2-server on bootup
167 | echo "Making graylog2-server startup on boot"
168 | update-rc.d graylog2-server defaults
169 | 
170 | echo "Starting graylog2-server"
171 | service graylog2-server start
172 | 
173 | # Install graylog2 web interface
174 | echo "Installing graylog2-web-interface"
175 | cd /opt/
176 | ln -s graylog2-web-interface-0.2*/ graylog2-web-interface
177 | 
178 | echo "Creating Graylog2-web-interface startup script"
179 | (
180 | cat <<'EOF'
181 | #!/bin/sh
182 | 
183 | ### BEGIN INIT INFO
184 | # Provides: graylog2-web-interface
185 | # Required-Start: $graylog2-server
186 | # Required-Stop: $graylog2-server
187 | # Default-Start: 2 3 4 5
188 | # Default-Stop: 0 1 6
189 | # Short-Description: Start graylog2-server at boot time
190 | # Description: Starts graylog2-server using start-stop-daemon
191 | ### END INIT INFO
192 | 
193 | CMD=$1
194 | NOHUP=`which nohup`
195 | JAVA_CMD=/usr/bin/java
196 | GRAYLOG2_WEB_INTERFACE_HOME=/opt/graylog2-web-interface
197 | 
198 | GRAYLOG2_WEB_INTERFACE_PID=/opt/graylog2-web-interface/RUNNING_PID
199 | 
200 | start() {
201 | echo "Starting graylog2-web-interface ..."
202 | #sleep 3m
203 | $NOHUP /opt/graylog2-web-interface/bin/graylog2-web-interface &
204 | }
205 | 
206 | stop() {
207 | echo "Stopping graylog2-web-interface ($PID) ..."
208 | PID=`cat ${GRAYLOG2_WEB_INTERFACE_PID}`
209 | if kill $PID; then
210 | rm ${GRAYLOG2_WEB_INTERFACE_PID}
211 | fi
212 | }
213 | 
214 | restart() {
215 | echo "Restarting graylog2-web-interface ..."
216 | stop
217 | start
218 | }
219 | 
220 | status() {
221 | pid=$(get_pid)
222 | if [ ! -z $pid ]; then
223 | if pid_running $pid; then
224 | echo "graylog2-web-interface running as pid $pid"
225 | return 0
226 | else
227 | echo "Stale pid file with $pid - removing..."
228 | rm ${GRAYLOG2_WEB_INTERFACE_PID}
229 | fi
230 | fi
231 | 
232 | echo "graylog2-web-interface not running"
233 | }
234 | 
235 | get_pid() {
236 | cat ${GRAYLOG2_WEB_INTERFACE_PID} 2> /dev/null
237 | }
238 | 
239 | pid_running() {
240 | kill -0 $1 2> /dev/null
241 | }
242 | 
243 | case "$CMD" in
244 | start)
245 | start
246 | ;;
247 | stop)
248 | stop
249 | ;;
250 | restart)
251 | restart
252 | ;;
253 | status)
254 | status
255 | ;;
256 | *)
257 | echo "Usage $0 {start|stop|restart|status}"
258 | RETVAL=1
259 | esac
260 | EOF
261 | ) | tee /etc/init.d/graylog2-web-interface
262 | 
263 | # Make graylog2-web-interface executable
264 | chmod +x /etc/init.d/graylog2-web-interface
265 | 
266 | # Start graylog2-web-interface on bootup
267 | echo "Making graylog2-web-interface startup on boot"
268 | update-rc.d graylog2-web-interface defaults
269 | 
270 | # Now we need to modify some things to get rsyslog to forward to graylog. this is useful for ESXi syslog format to be correct.
271 | echo "Updating graylog2.conf and rsyslog"
272 | echo '$template GRAYLOG2,"<%PRI%>1 %timegenerated:::date-rfc3339% %hostname% %syslogtag% - %APP-NAME%: %msg:::drop-last-lf%\n"' | tee /etc/rsyslog.d/32-graylog2.conf
273 | echo '$ActionForwardDefaultTemplate GRAYLOG2' | tee -a /etc/rsyslog.d/32-graylog2.conf
274 | echo '$PreserveFQDN on' | tee -a /etc/rsyslog.d/32-graylog2.conf
275 | echo '*.info @localhost:10514' | tee -a /etc/rsyslog.d/32-graylog2.conf
276 | sed -i -e 's|graylog2-server.uris=""|graylog2-server.uris="http://127.0.0.1:12900/"|' /opt/graylog2-web-interface/conf/graylog2-web-interface.conf
277 | app_secret=$(pwgen -s 96)
278 | sed -i -e 's|application.secret=""|application.secret="'$app_secret'"|' /opt/graylog2-web-interface/conf/graylog2-web-interface.conf
279 | 
280 | # Fixing /opt/graylog2-web-interface Permissions
281 | echo "Fixing Graylog2 Web Interface Permissions"
282 | chown -R root:root /opt/graylog2*
283 | # chown -R www-data:www-data /opt/graylog2-web-interface*
284 | 
285 | # Cleaning up /opt
286 | echo "Cleaning up"
287 | rm /opt/graylog2-server*.*gz
288 | rm /opt/graylog2-web-interface*.*gz
289 | 
290 | echo "Starting graylog2-web-interface"
291 | service graylog2-web-interface start
292 | 
293 | # All Done
294 | echo "Upgrade has completed!!"
295 | echo "Browse to IP address of this Graylog2 Server Used for Installation"
296 | echo "IP Address detected from system is $IPADDY"
297 | echo "Browse to http://$IPADDY:9000"
298 | echo "Login with username: admin"
299 | echo "Login with password: password123"
300 | echo "You Entered $SERVERNAME During Install"
301 | echo "Browse to http://$SERVERNAME:9000 If Different"
302 | echo "EveryThingShouldBeVirtual.com"
303 | echo "@mrlesmithjr"
304 | 


--------------------------------------------------------------------------------
/Upgrade_Scripts/upgrade_to_latest_graylog2_20_ubuntu.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | #Provided by @mrlesmithjr
  3 | #EveryThingShouldBeVirtual.com
  4 | 
  5 | # Graylog2 upgrade script
  6 | 
  7 | set -e
  8 | # Setup logging
  9 | # Logs stderr and stdout to separate files.
 10 | exec 2> >(tee "./graylog2/upgrade_graylog2.err")
 11 | exec > >(tee "./graylog2/upgrade_graylog2.log")
 12 | 
 13 | # Setup Pause function
 14 | function pause(){
 15 |    read -p "$*"
 16 | }
 17 | 
 18 | echo "Detecting IP Address"
 19 | IPADDY="$(ifconfig | grep -A 1 'eth0' | tail -1 | cut -d ':' -f 2 | cut -d ' ' -f 1)"
 20 | echo "Detected IP Address is $IPADDY"
 21 | 
 22 | SERVERNAME=$IPADDY
 23 | SERVERALIAS=$IPADDY
 24 | 
 25 | # Stop Graylog2 Services
 26 | service graylog2-server stop
 27 | service graylog2-web-interface stop
 28 | 
 29 | # Remove graylog2 symlinks
 30 | rm /opt/graylog2-server
 31 | rm /opt/graylog2-web-interface
 32 | 
 33 | # Remove previous graylog2 server and web-interface
 34 | rm -rf /opt/graylog2-server*
 35 | cp /etc/graylog2.conf /etc/graylog2.conf.orig
 36 | rm -rf /opt/graylog2-web-interface*
 37 | 
 38 | # Download Graylog2-Server and Graylog2-Web-Interface
 39 | echo "Downloading Graylog2-Server and Graylog2-Web-Interface to /opt"
 40 | cd /opt
 41 | wget https://github.com/Graylog2/graylog2-server/releases/download/0.20.3/graylog2-server-0.20.3.tgz
 42 | wget https://github.com/Graylog2/graylog2-web-interface/releases/download/0.20.3/graylog2-web-interface-0.20.3.tgz
 43 | 
 44 | # Extract files
 45 | echo "Extracting Graylog2-Server and Graylog2-Web-Interface to /opt"
 46 |   for f in *.*gz
 47 | do
 48 | tar zxf "$f"
 49 | done
 50 | 
 51 | # Reconfigure graylog2-server startup
 52 | update-rc.d -f graylog2-server remove
 53 | update-rc.d graylog2-server defaults 96 04
 54 | 
 55 | # Create Symbolic Links
 56 | echo "Creating SymLink Graylog2-server"
 57 | ln -s graylog2-server-0.2*/ graylog2-server
 58 | 
 59 | # Install graylog2-server
 60 | echo "Installing graylog2-server"
 61 | echo -n "Enter a password to use for the admin account to login to the Graylog2 webUI: "
 62 | read adminpass
 63 | echo "You entered $adminpass (MAKE SURE TO NOT FORGET THIS PASSWORD!)"
 64 | pause 'Press [Enter] key to continue...'
 65 | cd graylog2-server/
 66 | cp /etc/graylog2.conf /etc/graylog2.conf.pre-upgrade
 67 | cp /opt/graylog2-server/graylog2.conf{.example,}
 68 | mv graylog2.conf /etc/
 69 | pass_secret=$(pwgen -s 96)
 70 | admin_pass_hash=$(echo -n $adminpass|sha256sum|awk '{print $1}')
 71 | sed -i -e 's|password_secret =|password_secret = '$pass_secret'|' /etc/graylog2.conf
 72 | sed -i -e "s|root_password_sha2 =|root_password_sha2 = $admin_pass_hash|" /etc/graylog2.conf
 73 | sed -i -e 's|elasticsearch_shards = 4|elasticsearch_shards = 1|' /etc/graylog2.conf
 74 | sed -i -e 's|mongodb_useauth = true|mongodb_useauth = false|' /etc/graylog2.conf
 75 | sed -i -e 's|#elasticsearch_discovery_zen_ping_multicast_enabled = false|elasticsearch_discovery_zen_ping_multicast_enabled = false|' /etc/graylog2.conf
 76 | sed -i -e 's|#elasticsearch_discovery_zen_ping_unicast_hosts = 192.168.1.203:9300|elasticsearch_discovery_zen_ping_unicast_hosts = 127.0.0.1:9300|' /etc/graylog2.conf
 77 | 
 78 | # Setting new retention policy setting or Graylog2 Server will not start
 79 | sed -i 's|retention_strategy = delete|retention_strategy = close|' /etc/graylog2.conf
 80 | 
 81 | # This setting is required as of v0.20.2 in /etc/graylog2.conf
 82 | sed -i -e 's|#rest_transport_uri = http://192.168.1.1:12900/|rest_transport_uri = http://127.0.0.1:12900/|' /etc/graylog2.conf
 83 | 
 84 | # Install graylog2 web interface
 85 | echo "Installing graylog2-web-interface"
 86 | cd /opt/
 87 | ln -s graylog2-web-interface-0.2*/ graylog2-web-interface
 88 | 
 89 | # Setting up graylog2 web interface
 90 | sed -i -e 's|graylog2-server.uris=""|graylog2-server.uris="http://127.0.0.1:12900/"|' /opt/graylog2-web-interface/conf/graylog2-web-interface.conf
 91 | app_secret=$(pwgen -s 96)
 92 | sed -i -e 's|application.secret=""|application.secret="'$app_secret'"|' /opt/graylog2-web-interface/conf/graylog2-web-interface.conf
 93 | 
 94 | # Fixing /opt/graylog2-web-interface Permissions
 95 | echo "Fixing Graylog2 Web Interface Permissions"
 96 | chown -R root:root /opt/graylog2*
 97 | 
 98 | # Cleaning up /opt
 99 | echo "Cleaning up"
100 | rm /opt/graylog2-server*.*gz
101 | rm /opt/graylog2-web-interface*.*gz
102 | 
103 | # Restart Services
104 | service graylog2-server restart
105 | service graylog2-web-interface restart
106 | 
107 | # All Done
108 | echo "Installation has completed!!"
109 | echo "Browse to IP address of this Graylog2 Server Used for Installation"
110 | echo "IP Address detected from system is $IPADDY"
111 | echo "Browse to http://$IPADDY:9000"
112 | echo "Login with username: admin"
113 | echo "Login with password: $adminpass"
114 | echo "You Entered $SERVERNAME During Install"
115 | echo "Browse to http://$SERVERNAME:9000 If Different"
116 | echo "EveryThingShouldBeVirtual.com"
117 | echo "@mrlesmithjr"
118 | 


--------------------------------------------------------------------------------
/install_graylog2_20_centos.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash -x
  2 | #Provided by @mrlesmithjr
  3 | #EveryThingShouldBeVirtual.com
  4 | 
  5 | # Setup Pause function
  6 | function pause(){
  7 |    read -p "$*"
  8 | }
  9 | 
 10 | #updated by Boardstretcher
 11 | 
 12 | EPEL_REPO="/etc/yum.repos.d/epel.repo"
 13 | 
 14 | echo "Creating $EPEL_REPO"
 15 | cat << 'EOF' > ${EPEL_REPO}
 16 | [epel]
 17 | name=Extra Packages for Enterprise Linux 6 - $basearch
 18 | #baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
 19 | mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
 20 | failovermethod=priority
 21 | enabled=1
 22 | gpgcheck=0
 23 | EOF
 24 | 
 25 | # update system 
 26 | yum update -y 
 27 |   
 28 | # disable ip6 
 29 | echo "" >> /etc/sysctl.conf 
 30 | echo "# Disable IPV6" >> /etc/sysctl.conf 
 31 | echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf 
 32 | echo "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.conf 
 33 | chkconfig ip6tables off
 34 | chkconfig  iptables off
 35 | /etc/init.d/iptables stop
 36 | /etc/init.d/ip6tables stop
 37 |   
 38 | # disable selinux 
 39 | sed -i 's/\=enforcing/\=disabled/g' /etc/selinux/config 
 40 | 
 41 | # reboot
 42 | 
 43 | # Setup logging
 44 | exec 2> >(tee "./graylog2/install_graylog2.err")
 45 | exec > >(tee "./graylog2/install_graylog2.log")
 46 | 
 47 | # Apache Settings
 48 | IPADDY="$(ifconfig | grep -A 1 'eth0' | tail -1 | cut -d ':' -f 2 | cut -d ' ' -f 1)"
 49 | SERVERNAME=$IPADDY
 50 | SERVERALIAS=$IPADDY
 51 | 
 52 | # Installing all pre-reqs
 53 | yum install -y gcc gcc-c++ gd gd-devel glibc glibc-common glibc-devel glibc-headers make automake wget tar vim nc libcurl-devel openssl-devel zlib-devel zlib patch readline readline-devel libffi-devel curl-devel libyaml-devel libtoolbisonlibxml2-devel libxslt-devel libtool bison pwgen nc
 54 | 
 55 | #install sun java (unless you like crashes, in that case use openjdk)
 56 | curl -L http://javadl.sun.com/webapps/download/AutoDL?BundleId=80804 -o java.rpm
 57 | rpm -ivh java.rpm
 58 | 
 59 | # Download Elasticsearch, Graylog2-Server and Graylog2-Web-Interface
 60 | echo "Downloading Elastic Search, Graylog2-Server and Graylog2-Web-Interface to /opt"
 61 | cd /opt
 62 | wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-0.90.10.noarch.rpm
 63 | wget https://github.com/Graylog2/graylog2-server/releases/download/0.20.3/graylog2-server-0.20.3.tgz
 64 | wget https://github.com/Graylog2/graylog2-web-interface/releases/download/0.20.3/graylog2-web-interface-0.20.3.tgz
 65 | 
 66 | # Extract files
 67 | echo "Extracting Graylog2-Server and Graylog2-Web-Interface to /opt"
 68 |   for f in *.*gz
 69 | do
 70 | tar zxf "$f"
 71 | done
 72 | 
 73 | # Create Symbolic Links
 74 | echo "Creating SymLink Graylog2-server"
 75 | ln -s graylog2-server-0.2*/ graylog2-server
 76 | 
 77 | # Install elasticsearch and start
 78 | echo "Installing elasticsearch"
 79 | rpm -ivh elasticsearch-0.90.10.noarch.rpm
 80 | sed -i -e 's|# cluster.name: elasticsearch|cluster.name: graylog2|' /etc/elasticsearch/elasticsearch.yml
 81 | 
 82 | # Restart elasticsearch
 83 | service elasticsearch restart
 84 | 
 85 | # Test elasticsearch
 86 | # curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'
 87 | 
 88 | # Install mongodb
 89 | (
 90 | cat <<'EOF'
 91 | [10gen]
 92 | name=10gen Repository
 93 | baseurl=http://downloads-distro.mongodb.org/repo/redhat/os/x86_64
 94 | gpgcheck=0
 95 | enabled=1
 96 | EOF
 97 | ) | tee /etc/yum.repos.d/10gen.repo
 98 | 
 99 | yum install -y mongo-10gen-server && /etc/init.d/mongod start
100 | 
101 | # Waiting for MongoDB to start accepting connections on tcp/27017
102 | echo "!!!*** Waiting for MongoDB to start accepting connections ***!!!"
103 | echo "This could take a while so connection timeouts below are normal!"
104 | while ! nc -vz localhost 27017; do sleep 1; done
105 | 
106 | # Install graylog2-server
107 | echo "Installing graylog2-server"
108 | echo -n "Enter a password to use for the admin account to login to the Graylog2 webUI: "
109 | read adminpass
110 | echo "You entered $adminpass (MAKE SURE TO NOT FORGET THIS PASSWORD!)"
111 | pause 'Press [Enter] key to continue...'
112 | cd graylog2-server/
113 | cp /opt/graylog2-server/graylog2.conf{.example,}
114 | mv graylog2.conf /etc/
115 | pass_secret=$(pwgen -s 96)
116 | admin_pass_hash=$(echo -n $adminpass|sha256sum|awk '{print $1}')
117 | sed -i -e 's|password_secret =|password_secret = '$pass_secret'|' /etc/graylog2.conf
118 | sed -i -e "s|root_password_sha2 =|root_password_sha2 = $admin_pass_hash|" /etc/graylog2.conf
119 | sed -i -e 's|elasticsearch_shards = 4|elasticsearch_shards = 1|' /etc/graylog2.conf
120 | sed -i -e 's|mongodb_useauth = true|mongodb_useauth = false|' /etc/graylog2.conf
121 | sed -i -e 's|#elasticsearch_discovery_zen_ping_multicast_enabled = false|elasticsearch_discovery_zen_ping_multicast_enabled = false|' /etc/graylog2.conf
122 | sed -i -e 's|#elasticsearch_discovery_zen_ping_unicast_hosts = 192.168.1.203:9300|elasticsearch_discovery_zen_ping_unicast_hosts = 127.0.0.1:9300|' /etc/graylog2.conf
123 | 
124 | # Setting new retention policy setting or Graylog2 Server will not start
125 | sed -i 's|retention_strategy = delete|retention_strategy = close|' /etc/graylog2.conf
126 | 
127 | # This setting is required as of v0.20.2 in /etc/graylog2.conf
128 | sed -i -e 's|#rest_transport_uri = http://192.168.1.1:12900/|rest_transport_uri = http://127.0.0.1:12900/|' /etc/graylog2.conf
129 | 
130 | # Create graylog2-server startup script
131 | echo "Creating /etc/init.d/graylog2-server startup script"
132 | (
133 | cat <<'EOF'
134 | #!/bin/bash
135 | 
136 | # chkconfig:   2345 85 15
137 | 
138 | ### BEGIN INIT INFO
139 | # Provides:          graylog2-server
140 | # Required-Start:    $elasticsearch
141 | # Required-Stop:     $graylog2-web-interface
142 | # Default-Start:     2 3 4 5
143 | # Default-Stop:      0 1 6
144 | # Short-Description: Start graylog2-server at boot time
145 | # Description:       Starts graylog2-server using start-stop-daemon
146 | ### END INIT INFO
147 | 
148 | CMD=$1
149 | NOHUP=`which nohup`
150 | 
151 | GRAYLOG2CTL_DIR="/opt/graylog2-server/bin"
152 | GRAYLOG2_SERVER_JAR=graylog2-server.jar
153 | GRAYLOG2_CONF=/etc/graylog2.conf
154 | GRAYLOG2_PID=/tmp/graylog2.pid
155 | LOG_FILE=log/graylog2-server.log
156 | 
157 | start() {
158 |     echo "Starting graylog2-server ..."
159 |     cd "$GRAYLOG2CTL_DIR/.."
160 | #    sleep 2m
161 |     $NOHUP java -jar ${GRAYLOG2_SERVER_JAR} -f ${GRAYLOG2_CONF} -p ${GRAYLOG2_PID} >> ${LOG_FILE} &
162 | }
163 | 
164 | stop() {
165 |     PID=`cat ${GRAYLOG2_PID}`
166 |     echo "Stopping graylog2-server ($PID) ..."
167 |     if kill $PID; then
168 |         rm ${GRAYLOG2_PID}
169 |     fi
170 | }
171 | 
172 | restart() {
173 |     echo "Restarting graylog2-server ..."
174 |     stop
175 |     start
176 | }
177 | 
178 | status() {
179 |     pid=$(get_pid)
180 |     if [ ! -z $pid ]; then
181 |         if pid_running $pid; then
182 |             echo "graylog2-server running as pid $pid"
183 |             return 0
184 |         else
185 |             echo "Stale pid file with $pid - removing..."
186 |             rm ${GRAYLOG2_PID}
187 |         fi
188 |     fi
189 | 
190 |     echo "graylog2-server not running"
191 | }
192 | 
193 | get_pid() {
194 |     cat ${GRAYLOG2_PID} 2> /dev/null
195 | }
196 | 
197 | pid_running() {
198 |     kill -0 $1 2> /dev/null
199 | }
200 | 
201 | case "$CMD" in
202 |     start)
203 |         start
204 |         ;;
205 |     stop)
206 |         stop
207 |         ;;
208 |     restart)
209 |         restart
210 |         ;;
211 |     status)
212 |         status
213 |         ;;
214 |     *)
215 |         echo "Usage $0 {start|stop|restart|status}"
216 |         RETVAL=1
217 | esac
218 | EOF
219 | ) | tee /etc/init.d/graylog2-server
220 | 
221 | # Make graylog2-server executable
222 | chmod +x /etc/init.d/graylog2-server
223 | 
224 | # Start graylog2-server on bootup
225 | chkconfig --add graylog2-server
226 | chkconfig graylog2-server on
227 | service graylog2-server start
228 | 
229 | # Waiting for Graylog2-Server to start accepting requests on tcp/12900
230 | echo "Waiting for Graylog2-Server to start!"
231 | while ! nc -vz localhost 12900; do sleep 1; done
232 | 
233 | # Install graylog2 web interface
234 | echo "Installing graylog2-web-interface"
235 | cd /opt/
236 | ln -s graylog2-web-interface-0.2*/ graylog2-web-interface
237 | 
238 | echo "Creating Graylog2-web-interface startup script"
239 | (
240 | cat <<'EOF'
241 | #!/bin/sh
242 | 
243 | # chkconfig:   2345 90 10
244 | 
245 | ### BEGIN INIT INFO
246 | # Provides:          graylog2-web-interface
247 | # Required-Start:    $graylog2-server
248 | # Required-Stop:     $graylog2-server
249 | # Default-Start:     2 3 4 5
250 | # Default-Stop:      0 1 6
251 | # Short-Description: Start graylog2-server at boot time
252 | # Description:       Starts graylog2-server using start-stop-daemon
253 | ### END INIT INFO
254 | 
255 | CMD=$1
256 | NOHUP=`which nohup`
257 | JAVA_CMD=/usr/bin/java
258 | GRAYLOG2_WEB_INTERFACE_HOME=/opt/graylog2-web-interface
259 | 
260 | GRAYLOG2_WEB_INTERFACE_PID=/opt/graylog2-web-interface/RUNNING_PID
261 | 
262 | start() {
263 | echo "Starting graylog2-web-interface ..."
264 | #sleep 3m
265 | $NOHUP /opt/graylog2-web-interface/bin/graylog2-web-interface &
266 | }
267 | 
268 | stop() {
269 | echo "Stopping graylog2-web-interface ($PID) ..."
270 | PID=`cat ${GRAYLOG2_WEB_INTERFACE_PID}`
271 | if kill $PID; then
272 |         rm ${GRAYLOG2_WEB_INTERFACE_PID}
273 | fi
274 | }
275 | 
276 | restart() {
277 | echo "Restarting graylog2-web-interface ..."
278 | stop
279 | start
280 | }
281 | 
282 | status() {
283 |     pid=$(get_pid)
284 |     if [ ! -z $pid ]; then
285 |         if pid_running $pid; then
286 |             echo "graylog2-web-interface running as pid $pid"
287 |             return 0
288 |         else
289 |             echo "Stale pid file with $pid - removing..."
290 |             rm ${GRAYLOG2_WEB_INTERFACE_PID}
291 |         fi
292 |     fi
293 | 
294 |     echo "graylog2-web-interface not running"
295 | }
296 | 
297 | get_pid() {
298 |     cat ${GRAYLOG2_WEB_INTERFACE_PID} 2> /dev/null
299 | }
300 | 
301 | pid_running() {
302 |     kill -0 $1 2> /dev/null
303 | }
304 | 
305 | case "$CMD" in
306 |         start)
307 |                 start
308 |                 ;;
309 |         stop)
310 |                 stop
311 |                 ;;
312 |         restart)
313 |                 restart
314 |                 ;;
315 |         status)
316 |                 status
317 |                 ;;
318 | *)
319 | echo "Usage $0 {start|stop|restart|status}"
320 | RETVAL=1
321 | esac
322 | EOF
323 | ) | tee /etc/init.d/graylog2-web-interface
324 | 
325 | # Make graylog2-web-interface executable
326 | chmod +x /etc/init.d/graylog2-web-interface
327 | 
328 | # Start graylog2-server on bootup
329 | chkconfig --add graylog2-web-interface
330 | chkconfig graylog2-web-interface on
331 | 
332 | # Now we need to modify some things to get rsyslog to forward to graylog. this is useful for ESXi syslog format to be correct.
333 | echo "Updating graylog2.conf and rsyslog.conf"
334 | sed -i -e 's|#$ModLoad imudp|$ModLoad imudp|' /etc/rsyslog.conf
335 | sed -i -e 's|#$UDPServerRun 514|$UDPServerRun 514|' /etc/rsyslog.conf
336 | sed -i -e 's|#$ModLoad imtcp|$ModLoad imtcp|' /etc/rsyslog.conf
337 | sed -i -e 's|#$InputTCPServerRun 514|$InputTCPServerRun 514|' /etc/rsyslog.conf
338 | sed -i -e 's|*.*;auth,authpriv.none|#*.*;auth,authpriv.none|' /etc/rsyslog.d/50-default.conf
339 | echo '$template GRAYLOG2-1,"<%PRI%>1 %timegenerated:::date-rfc3339% %hostname% %syslogtag% - %APP-NAME%: %msg:::drop-last-lf%\n"' | tee /etc/rsyslog.d/32-graylog2.conf
340 | echo '$template GRAYLOG2-2,"<%pri%>1 %timegenerated:::date-rfc3339% %fromhost% %app-name% %procid% %msg%\n"'  | tee -a /etc/rsyslog.d/32-graylog2.conf
341 | echo '$template GRAYLOGRFC5424,"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msg%\n"' | tee -a /etc/rsyslog.d/32-graylog2.conf
342 | echo '$PreserveFQDN on' | tee -a  /etc/rsyslog.d/32-graylog2.conf
343 | echo '*.* @localhost:10514;GRAYLOG2-2' | tee -a  /etc/rsyslog.d/32-graylog2.conf
344 | sed -i -e 's|graylog2-server.uris=""|graylog2-server.uris="http://127.0.0.1:12900/"|' /opt/graylog2-web-interface/conf/graylog2-web-interface.conf
345 | app_secret=$(pwgen -s 96)
346 | sed -i -e 's|application.secret=""|application.secret="'$app_secret'"|' /opt/graylog2-web-interface/conf/graylog2-web-interface.conf
347 | 
348 | # Fixing /opt/graylog2-web-interface Permissions
349 | echo "Fixing Graylog2 Web Interface Permissions"
350 | chown -R root:root /opt/graylog2*
351 | 
352 | # Cleaning up /opt
353 | echo "Cleaning up"
354 | rm /opt/graylog2-server*.*gz
355 | rm /opt/graylog2-web-interface*.*gz
356 | rm /opt/elasticsearch-0.90.10.noarch.rpm
357 | 
358 | # Restart rsyslog
359 | service rsyslog restart
360 | 
361 | echo "Starting graylog2-web-interface"
362 | service graylog2-web-interface start
363 | 
364 | # All Done
365 | echo "Installation has completed!!"
366 | echo "Browse to IP address of this Graylog2 Server Used for Installation"
367 | echo "IP Address detected from system is $IPADDY"
368 | echo "Browse to http://$IPADDY:9000"
369 | echo "Login with username: admin"
370 | echo "Login with password: $adminpass"
371 | echo "You Entered $SERVERNAME During Install"
372 | echo "Browse to http://$SERVERNAME:9000 If Different"
373 | echo "EveryThingShouldBeVirtual.com"
374 | echo "@mrlesmithjr"
375 | 


--------------------------------------------------------------------------------
/install_graylog2_20_ubuntu.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | #Provided by @mrlesmithjr
  3 | #EveryThingShouldBeVirtual.com
  4 | 
  5 | # Ubuntu Install Script
  6 | 
  7 | set -e
  8 | # Setup logging
  9 | # Logs stderr and stdout to separate files.
 10 | exec 2> >(tee "./graylog2/install_graylog2.err")
 11 | exec > >(tee "./graylog2/install_graylog2.log")
 12 | 
 13 | # Setup Pause function
 14 | function pause(){
 15 |    read -p "$*"
 16 | }
 17 | 
 18 | # Checking if running as root (10/16/2013 - No longer an issue - Should be ran as root or with sudo)
 19 | # Do not run as root
 20 | # if [[ $EUID -eq 0 ]];then
 21 | # echo "$(tput setaf 1)DO NOT RUN AS ROOT or use SUDO"
 22 | # echo "Now exiting...Hit Return"
 23 | # echo "$(tput setaf 3)Run script as normal non-root user and without sudo$(tput sgr0)"
 24 | # exit 1
 25 | # fi
 26 | 
 27 | echo "Detecting IP Address"
 28 | IPADDY="$(ifconfig | grep -A 1 'eth0' | tail -1 | cut -d ':' -f 2 | cut -d ' ' -f 1)"
 29 | echo "Detected IP Address is $IPADDY"
 30 | 
 31 | SERVERNAME=$IPADDY
 32 | SERVERALIAS=$IPADDY
 33 | 
 34 | # Disable CD Sources in /etc/apt/sources.list
 35 | echo "Disabling CD Sources and Updating Apt Packages and Installing Pre-Reqs"
 36 | sed -i -e 's|deb cdrom:|# deb cdrom:|' /etc/apt/sources.list
 37 | apt-get -qq update
 38 | 
 39 | # Install Pre-Reqs
 40 | # apt-get -y install git curl libcurl4-openssl-dev libapr1-dev libcurl4-openssl-dev libapr1-dev build-essential openssl libreadline6 libreadline6-dev curl git-core zlib1g zlib1g-dev libssl-dev libyaml-dev libsqlite3-dev sqlite3 libxml2-dev libxslt-dev autoconf libc6-dev ncurses-dev automake libtool bison subversion pkg-config python-software-properties software-properties-common openjdk-7-jre pwgen
 41 | apt-get -y install git curl build-essential openjdk-7-jre pwgen wget
 42 | 
 43 | # Download Elasticsearch, Graylog2-Server and Graylog2-Web-Interface
 44 | echo "Downloading Elastic Search, Graylog2-Server and Graylog2-Web-Interface to /opt"
 45 | cd /opt
 46 | wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-0.90.10.deb
 47 | wget https://github.com/Graylog2/graylog2-server/releases/download/0.20.6/graylog2-server-0.20.6.tgz
 48 | wget https://github.com/Graylog2/graylog2-web-interface/releases/download/0.20.6/graylog2-web-interface-0.20.6.tgz
 49 | 
 50 | # Extract files
 51 | echo "Extracting Graylog2-Server and Graylog2-Web-Interface to /opt"
 52 |   for f in *.*gz
 53 | do
 54 | tar zxf "$f"
 55 | done
 56 | 
 57 | # Create Symbolic Links
 58 | echo "Creating SymLink Graylog2-server"
 59 | ln -s graylog2-server-0.2*/ graylog2-server
 60 | 
 61 | # Install elasticsearch
 62 | echo "Installing elasticsearch"
 63 | dpkg -i elasticsearch-0.90.10.deb
 64 | sed -i -e 's|# cluster.name: elasticsearch|cluster.name: graylog2|' /etc/elasticsearch/elasticsearch.yml
 65 | 
 66 | # Making elasticsearch start on boot
 67 | sudo update-rc.d elasticsearch defaults 95 10
 68 | 
 69 | # Restart elasticsearch
 70 | service elasticsearch restart
 71 | 
 72 | # Test elasticsearch
 73 | # curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'
 74 | 
 75 | # Install mongodb
 76 | echo "Installing MongoDB"
 77 | apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10
 78 | echo "deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen" | tee /etc/apt/sources.list.d/10gen.list
 79 | apt-get -qq update
 80 | apt-get -y install mongodb-10gen
 81 | 
 82 | # Waiting for MongoDB to start accepting connections on tcp/27017
 83 | echo "!!!*** Waiting for MongoDB to start accepting connections ***!!!"
 84 | echo "This could take a while so connection timeouts below are normal!"
 85 | while ! nc -vz localhost 27017; do sleep 1; done
 86 | 
 87 | # Making changes to /etc/security/limits.conf to allow more open files for elasticsearch
 88 | mv /etc/security/limits.conf /etc/security/limits.bak
 89 | grep -Ev "# End of file" /etc/security/limits.bak > /etc/security/limits.conf
 90 | echo "elasticsearch soft nofile 32000" >> /etc/security/limits.conf
 91 | echo "elasticsearch hard nofile 32000" >> /etc/security/limits.conf
 92 | echo "# End of file" >> /etc/security/limits.conf
 93 | 
 94 | # Install graylog2-server
 95 | echo "Installing graylog2-server"
 96 | echo -n "Enter a password to use for the admin account to login to the Graylog2 webUI: "
 97 | read adminpass
 98 | echo "You entered $adminpass (MAKE SURE TO NOT FORGET THIS PASSWORD!)"
 99 | pause 'Press [Enter] key to continue...'
100 | cd graylog2-server/
101 | cp /opt/graylog2-server/graylog2.conf{.example,}
102 | mv graylog2.conf /etc/
103 | #ln -s /opt/graylog2-server/graylog2.conf /etc/graylog2.conf
104 | pass_secret=$(pwgen -s 96)
105 | sed -i -e 's|password_secret =|password_secret = '$pass_secret'|' /etc/graylog2.conf
106 | #root_pass_sha2=$(echo -n password123 | shasum -a 256)
107 | admin_pass_hash=$(echo -n $adminpass|sha256sum|awk '{print $1}')
108 | sed -i -e "s|root_password_sha2 =|root_password_sha2 = $admin_pass_hash|" /etc/graylog2.conf
109 | sed -i -e 's|elasticsearch_shards = 4|elasticsearch_shards = 1|' /etc/graylog2.conf
110 | sed -i -e 's|mongodb_useauth = true|mongodb_useauth = false|' /etc/graylog2.conf
111 | sed -i -e 's|#elasticsearch_discovery_zen_ping_multicast_enabled = false|elasticsearch_discovery_zen_ping_multicast_enabled = false|' /etc/graylog2.conf
112 | sed -i -e 's|#elasticsearch_discovery_zen_ping_unicast_hosts = 192.168.1.203:9300|elasticsearch_discovery_zen_ping_unicast_hosts = 127.0.0.1:9300|' /etc/graylog2.conf
113 | 
114 | # Setting new retention policy setting or Graylog2 Server will not start
115 | sed -i 's|retention_strategy = delete|retention_strategy = close|' /etc/graylog2.conf
116 | 
117 | # This setting is required as of v0.20.2 in /etc/graylog2.conf
118 | sed -i -e 's|#rest_transport_uri = http://192.168.1.1:12900/|rest_transport_uri = http://127.0.0.1:12900/|' /etc/graylog2.conf
119 | 
120 | # Create graylog2-server startup script
121 | echo "Creating /etc/init.d/graylog2-server startup script"
122 | (
123 | cat <<'EOF'
124 | #!/bin/bash
125 | 
126 | ### BEGIN INIT INFO
127 | # Provides:          graylog2-server
128 | # Required-Start:    $elasticsearch
129 | # Required-Stop:     $graylog2-web-interface
130 | # Default-Start:     2 3 4 5
131 | # Default-Stop:      0 1 6
132 | # Short-Description: Start graylog2-server at boot time
133 | # Description:       Starts graylog2-server using start-stop-daemon
134 | ### END INIT INFO
135 | 
136 | CMD=$1
137 | NOHUP=`which nohup`
138 | 
139 | GRAYLOG2CTL_DIR="/opt/graylog2-server/bin"
140 | GRAYLOG2_SERVER_JAR=graylog2-server.jar
141 | GRAYLOG2_CONF=/etc/graylog2.conf
142 | GRAYLOG2_PID=/tmp/graylog2.pid
143 | LOG_FILE=log/graylog2-server.log
144 | 
145 | start() {
146 |     echo "Starting graylog2-server ..."
147 |     cd "$GRAYLOG2CTL_DIR/.."
148 | #    sleep 2m
149 |     $NOHUP java -jar ${GRAYLOG2_SERVER_JAR} -f ${GRAYLOG2_CONF} -p ${GRAYLOG2_PID} >> ${LOG_FILE} &
150 | }
151 | 
152 | stop() {
153 |     PID=`cat ${GRAYLOG2_PID}`
154 |     echo "Stopping graylog2-server ($PID) ..."
155 |     if kill $PID; then
156 |         rm ${GRAYLOG2_PID}
157 |     fi
158 | }
159 | 
160 | restart() {
161 |     echo "Restarting graylog2-server ..."
162 |     stop
163 |     start
164 | }
165 | 
166 | status() {
167 |     pid=$(get_pid)
168 |     if [ ! -z $pid ]; then
169 |         if pid_running $pid; then
170 |             echo "graylog2-server running as pid $pid"
171 |             return 0
172 |         else
173 |             echo "Stale pid file with $pid - removing..."
174 |             rm ${GRAYLOG2_PID}
175 |         fi
176 |     fi
177 | 
178 |     echo "graylog2-server not running"
179 | }
180 | 
181 | get_pid() {
182 |     cat ${GRAYLOG2_PID} 2> /dev/null
183 | }
184 | 
185 | pid_running() {
186 |     kill -0 $1 2> /dev/null
187 | }
188 | 
189 | case "$CMD" in
190 |     start)
191 |         start
192 |         ;;
193 |     stop)
194 |         stop
195 |         ;;
196 |     restart)
197 |         restart
198 |         ;;
199 |     status)
200 |         status
201 |         ;;
202 |     *)
203 |         echo "Usage $0 {start|stop|restart|status}"
204 |         RETVAL=1
205 | esac
206 | EOF
207 | ) | tee /etc/init.d/graylog2-server
208 | 
209 | # Make graylog2-server executable
210 | chmod +x /etc/init.d/graylog2-server
211 | 
212 | # Start graylog2-server on bootup
213 | echo "Making graylog2-server startup on boot"
214 | update-rc.d graylog2-server defaults
215 | 
216 | echo "Starting graylog2-server"
217 | service graylog2-server start
218 | 
219 | # Waiting for Graylog2-Server to start accepting requests on tcp/12900
220 | echo "Waiting for Graylog2-Server to start!"
221 | while ! nc -vz localhost 12900; do sleep 1; done
222 | 
223 | # Install graylog2 web interface
224 | echo "Installing graylog2-web-interface"
225 | cd /opt/
226 | ln -s graylog2-web-interface-0.2*/ graylog2-web-interface
227 | 
228 | echo "Creating Graylog2-web-interface startup script"
229 | (
230 | cat <<'EOF'
231 | #!/bin/sh
232 | 
233 | ### BEGIN INIT INFO
234 | # Provides:          graylog2-web-interface
235 | # Required-Start:    $graylog2-server
236 | # Required-Stop:     $graylog2-server
237 | # Default-Start:     2 3 4 5
238 | # Default-Stop:      0 1 6
239 | # Short-Description: Start graylog2-server at boot time
240 | # Description:       Starts graylog2-server using start-stop-daemon
241 | ### END INIT INFO
242 | 
243 | CMD=$1
244 | NOHUP=`which nohup`
245 | JAVA_CMD=/usr/bin/java
246 | GRAYLOG2_WEB_INTERFACE_HOME=/opt/graylog2-web-interface
247 | 
248 | GRAYLOG2_WEB_INTERFACE_PID=/opt/graylog2-web-interface/RUNNING_PID
249 | 
250 | start() {
251 | echo "Starting graylog2-web-interface ..."
252 | #sleep 3m
253 | $NOHUP /opt/graylog2-web-interface/bin/graylog2-web-interface &
254 | }
255 | 
256 | stop() {
257 | echo "Stopping graylog2-web-interface ($PID) ..."
258 | PID=`cat ${GRAYLOG2_WEB_INTERFACE_PID}`
259 | if kill $PID; then
260 |         rm ${GRAYLOG2_WEB_INTERFACE_PID}
261 | fi
262 | }
263 | 
264 | restart() {
265 | echo "Restarting graylog2-web-interface ..."
266 | stop
267 | start
268 | }
269 | 
270 | status() {
271 |     pid=$(get_pid)
272 |     if [ ! -z $pid ]; then
273 |         if pid_running $pid; then
274 |             echo "graylog2-web-interface running as pid $pid"
275 |             return 0
276 |         else
277 |             echo "Stale pid file with $pid - removing..."
278 |             rm ${GRAYLOG2_WEB_INTERFACE_PID}
279 |         fi
280 |     fi
281 | 
282 |     echo "graylog2-web-interface not running"
283 | }
284 | 
285 | get_pid() {
286 |     cat ${GRAYLOG2_WEB_INTERFACE_PID} 2> /dev/null
287 | }
288 | 
289 | pid_running() {
290 |     kill -0 $1 2> /dev/null
291 | }
292 | 
293 | case "$CMD" in
294 |         start)
295 |                 start
296 |                 ;;
297 |         stop)
298 |                 stop
299 |                 ;;
300 |         restart)
301 |                 restart
302 |                 ;;
303 |         status)
304 |                 status
305 |                 ;;
306 | *)
307 | echo "Usage $0 {start|stop|restart|status}"
308 | RETVAL=1
309 | esac
310 | EOF
311 | ) | tee /etc/init.d/graylog2-web-interface
312 | 
313 | # Make graylog2-web-interface executable
314 | chmod +x /etc/init.d/graylog2-web-interface
315 | 
316 | # Start graylog2-web-interface on bootup
317 | echo "Making graylog2-web-interface startup on boot"
318 | update-rc.d graylog2-web-interface defaults
319 | 
320 | # Now we need to modify some things to get rsyslog to forward to graylog. this is useful for ESXi syslog format to be correct.
321 | echo "Updating graylog2.conf and rsyslog.conf"
322 | #sed -i -e 's|syslog_listen_port = 514|syslog_listen_port = 10514|' /etc/graylog2.conf
323 | #sed -i -e 's|#$ModLoad immark|$ModLoad immark|' /etc/rsyslog.conf
324 | sed -i -e 's|#$ModLoad imudp|$ModLoad imudp|' /etc/rsyslog.conf
325 | sed -i -e 's|#$UDPServerRun 514|$UDPServerRun 514|' /etc/rsyslog.conf
326 | sed -i -e 's|#$ModLoad imtcp|$ModLoad imtcp|' /etc/rsyslog.conf
327 | sed -i -e 's|#$InputTCPServerRun 514|$InputTCPServerRun 514|' /etc/rsyslog.conf
328 | sed -i -e 's|*.*;auth,authpriv.none|#*.*;auth,authpriv.none|' /etc/rsyslog.d/50-default.conf
329 | echo '$template GRAYLOG2-1,"<%PRI%>1 %timegenerated:::date-rfc3339% %hostname% %syslogtag% - %APP-NAME%: %msg:::drop-last-lf%\n"' | tee /etc/rsyslog.d/32-graylog2.conf
330 | echo '$template GRAYLOG2-2,"<%pri%>1 %timegenerated:::date-rfc3339% %fromhost% %app-name% %procid% %msg%\n"'  | tee -a /etc/rsyslog.d/32-graylog2.conf
331 | echo '$template GRAYLOGRFC5424,"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msg%\n"' | tee -a /etc/rsyslog.d/32-graylog2.conf
332 | echo '$PreserveFQDN on' | tee -a  /etc/rsyslog.d/32-graylog2.conf
333 | echo '*.* @localhost:10514;GRAYLOG2-2' | tee -a  /etc/rsyslog.d/32-graylog2.conf
334 | sed -i -e 's|graylog2-server.uris=""|graylog2-server.uris="http://127.0.0.1:12900/"|' /opt/graylog2-web-interface/conf/graylog2-web-interface.conf
335 | app_secret=$(pwgen -s 96)
336 | sed -i -e 's|application.secret=""|application.secret="'$app_secret'"|' /opt/graylog2-web-interface/conf/graylog2-web-interface.conf
337 | 
338 | # Fixing /opt/graylog2-web-interface Permissions
339 | echo "Fixing Graylog2 Web Interface Permissions"
340 | chown -R root:root /opt/graylog2*
341 | #chown -R www-data:www-data /opt/graylog2-web-interface*
342 | 
343 | # Cleaning up /opt
344 | echo "Cleaning up"
345 | rm /opt/graylog2-server*.*gz
346 | rm /opt/graylog2-web-interface*.*gz
347 | rm /opt/elasticsearch-0.90.10.deb
348 | 
349 | # Restart All Services
350 | echo "Restarting All Services Required for Graylog2 to work"
351 | # service elasticsearch restart
352 | # service mongodb restart
353 | service rsyslog restart
354 | 
355 | echo "Starting graylog2-web-interface"
356 | service graylog2-web-interface start
357 | 
358 | # All Done
359 | echo "Installation has completed!!"
360 | echo "Browse to IP address of this Graylog2 Server Used for Installation"
361 | echo "IP Address detected from system is $IPADDY"
362 | echo "Browse to http://$IPADDY:9000"
363 | echo "Login with username: admin"
364 | echo "Login with password: $adminpass"
365 | echo "You Entered $SERVERNAME During Install"
366 | echo "Browse to http://$SERVERNAME:9000 If Different"
367 | echo "EveryThingShouldBeVirtual.com"
368 | echo "@mrlesmithjr"
369 | 


--------------------------------------------------------------------------------
/install_graylog2_90_centos.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash -x
  2 | #Provided by @mrlesmithjr
  3 | #EveryThingShouldBeVirtual.com
  4 | 
  5 | # Setup Pause function
  6 | function pause(){
  7 |    read -p "$*"
  8 | }
  9 | 
 10 | #updated by Boardstretcher
 11 | 
 12 | EPEL_REPO="/etc/yum.repos.d/epel.repo"
 13 | 
 14 | echo "Creating $EPEL_REPO"
 15 | cat << 'EOF' > ${EPEL_REPO}
 16 | [epel]
 17 | name=Extra Packages for Enterprise Linux 6 - $basearch
 18 | #baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
 19 | mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
 20 | failovermethod=priority
 21 | enabled=1
 22 | gpgcheck=0
 23 | EOF
 24 | 
 25 | # update system 
 26 | yum update -y 
 27 |   
 28 | # disable ip6 
 29 | echo "" >> /etc/sysctl.conf 
 30 | echo "# Disable IPV6" >> /etc/sysctl.conf 
 31 | echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf 
 32 | echo "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.conf 
 33 | chkconfig ip6tables off
 34 | chkconfig  iptables off
 35 | /etc/init.d/iptables stop
 36 | /etc/init.d/ip6tables stop
 37 |   
 38 | # disable selinux 
 39 | sed -i 's/\=enforcing/\=disabled/g' /etc/selinux/config 
 40 | 
 41 | # reboot
 42 | 
 43 | # Setup logging
 44 | exec 2> >(tee "./graylog2/install_graylog2.err")
 45 | exec > >(tee "./graylog2/install_graylog2.log")
 46 | 
 47 | # Apache Settings
 48 | IPADDY="$(ifconfig | grep -A 1 'eth0' | tail -1 | cut -d ':' -f 2 | cut -d ' ' -f 1)"
 49 | SERVERNAME=$IPADDY
 50 | SERVERALIAS=$IPADDY
 51 | 
 52 | # Installing all pre-reqs
 53 | yum install -y gcc gcc-c++ gd gd-devel glibc glibc-common glibc-devel glibc-headers make automake wget tar vim nc libcurl-devel openssl-devel zlib-devel zlib patch readline readline-devel libffi-devel curl-devel libyaml-devel libtoolbisonlibxml2-devel libxslt-devel libtool bison pwgen nc
 54 | 
 55 | #install sun java (unless you like crashes, in that case use openjdk)
 56 | curl -L http://javadl.sun.com/webapps/download/AutoDL?BundleId=80804 -o java.rpm
 57 | rpm -ivh java.rpm
 58 | 
 59 | # Download Elasticsearch, Graylog2-Server and Graylog2-Web-Interface
 60 | echo "Downloading Elastic Search, Graylog2-Server and Graylog2-Web-Interface to /opt"
 61 | cd /opt
 62 | wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-0.90.10.noarch.rpm
 63 | wget http://packages.graylog2.org/releases/graylog2-server/graylog2-server-0.90.0.tgz
 64 | wget http://packages.graylog2.org/releases/graylog2-web-interface/graylog2-web-interface-0.90.0.tgz
 65 | 
 66 | # Extract files
 67 | echo "Extracting Graylog2-Server and Graylog2-Web-Interface to /opt"
 68 |   for f in *.*gz
 69 | do
 70 | tar zxf "$f"
 71 | done
 72 | 
 73 | # Create Symbolic Links
 74 | echo "Creating SymLink Graylog2-server"
 75 | ln -s graylog2-server-0.9*/ graylog2-server
 76 | 
 77 | # Install elasticsearch and start
 78 | echo "Installing elasticsearch"
 79 | rpm -ivh elasticsearch-0.90.10.noarch.rpm
 80 | sed -i -e 's|# cluster.name: elasticsearch|cluster.name: graylog2|' /etc/elasticsearch/elasticsearch.yml
 81 | 
 82 | # Restart elasticsearch
 83 | service elasticsearch restart
 84 | 
 85 | # Test elasticsearch
 86 | # curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'
 87 | 
 88 | # Install mongodb
 89 | (
 90 | cat <<'EOF'
 91 | [10gen]
 92 | name=10gen Repository
 93 | baseurl=http://downloads-distro.mongodb.org/repo/redhat/os/x86_64
 94 | gpgcheck=0
 95 | enabled=1
 96 | EOF
 97 | ) | tee /etc/yum.repos.d/10gen.repo
 98 | 
 99 | yum install -y mongo-10gen-server && /etc/init.d/mongod start
100 | 
101 | # Waiting for MongoDB to start accepting connections on tcp/27017
102 | echo "!!!*** Waiting for MongoDB to start accepting connections ***!!!"
103 | echo "This could take a while so connection timeouts below are normal!"
104 | while ! nc -vz localhost 27017; do sleep 1; done
105 | 
106 | # Install graylog2-server
107 | echo "Installing graylog2-server"
108 | echo -n "Enter a password to use for the admin account to login to the Graylog2 webUI: "
109 | read adminpass
110 | echo "You entered $adminpass (MAKE SURE TO NOT FORGET THIS PASSWORD!)"
111 | pause 'Press [Enter] key to continue...'
112 | cd graylog2-server/
113 | cp /opt/graylog2-server/graylog2.conf{.example,}
114 | mv graylog2.conf /etc/
115 | pass_secret=$(pwgen -s 96)
116 | admin_pass_hash=$(echo -n $adminpass|sha256sum|awk '{print $1}')
117 | sed -i -e 's|password_secret =|password_secret = '$pass_secret'|' /etc/graylog2.conf
118 | sed -i -e "s|root_password_sha2 =|root_password_sha2 = $admin_pass_hash|" /etc/graylog2.conf
119 | sed -i -e 's|elasticsearch_shards = 4|elasticsearch_shards = 1|' /etc/graylog2.conf
120 | sed -i -e 's|mongodb_useauth = true|mongodb_useauth = false|' /etc/graylog2.conf
121 | sed -i -e 's|#elasticsearch_discovery_zen_ping_multicast_enabled = false|elasticsearch_discovery_zen_ping_multicast_enabled = false|' /etc/graylog2.conf
122 | sed -i -e 's|#elasticsearch_discovery_zen_ping_unicast_hosts = 192.168.1.203:9300|elasticsearch_discovery_zen_ping_unicast_hosts = 127.0.0.1:9300|' /etc/graylog2.conf
123 | 
124 | # Setting new retention policy setting or Graylog2 Server will not start
125 | sed -i 's|retention_strategy = delete|retention_strategy = close|' /etc/graylog2.conf
126 | 
127 | # This setting is required as of v0.20.2 in /etc/graylog2.conf
128 | sed -i -e 's|#rest_transport_uri = http://192.168.1.1:12900/|rest_transport_uri = http://127.0.0.1:12900/|' /etc/graylog2.conf
129 | 
130 | # Create graylog2-server startup script
131 | echo "Creating /etc/init.d/graylog2-server startup script"
132 | (
133 | cat <<'EOF'
134 | #!/bin/bash
135 | 
136 | # chkconfig:   2345 85 15
137 | 
138 | ### BEGIN INIT INFO
139 | # Provides:          graylog2-server
140 | # Required-Start:    $elasticsearch
141 | # Required-Stop:     $graylog2-web-interface
142 | # Default-Start:     2 3 4 5
143 | # Default-Stop:      0 1 6
144 | # Short-Description: Start graylog2-server at boot time
145 | # Description:       Starts graylog2-server using start-stop-daemon
146 | ### END INIT INFO
147 | 
148 | CMD=$1
149 | NOHUP=`which nohup`
150 | 
151 | GRAYLOG2CTL_DIR="/opt/graylog2-server/bin"
152 | GRAYLOG2_SERVER_JAR=graylog2-server.jar
153 | GRAYLOG2_CONF=/etc/graylog2.conf
154 | GRAYLOG2_PID=/tmp/graylog2.pid
155 | LOG_FILE=log/graylog2-server.log
156 | 
157 | start() {
158 |     echo "Starting graylog2-server ..."
159 |     cd "$GRAYLOG2CTL_DIR/.."
160 | #    sleep 2m
161 |     $NOHUP java -jar ${GRAYLOG2_SERVER_JAR} -f ${GRAYLOG2_CONF} -p ${GRAYLOG2_PID} >> ${LOG_FILE} &
162 | }
163 | 
164 | stop() {
165 |     PID=`cat ${GRAYLOG2_PID}`
166 |     echo "Stopping graylog2-server ($PID) ..."
167 |     if kill $PID; then
168 |         rm ${GRAYLOG2_PID}
169 |     fi
170 | }
171 | 
172 | restart() {
173 |     echo "Restarting graylog2-server ..."
174 |     stop
175 |     start
176 | }
177 | 
178 | status() {
179 |     pid=$(get_pid)
180 |     if [ ! -z $pid ]; then
181 |         if pid_running $pid; then
182 |             echo "graylog2-server running as pid $pid"
183 |             return 0
184 |         else
185 |             echo "Stale pid file with $pid - removing..."
186 |             rm ${GRAYLOG2_PID}
187 |         fi
188 |     fi
189 | 
190 |     echo "graylog2-server not running"
191 | }
192 | 
193 | get_pid() {
194 |     cat ${GRAYLOG2_PID} 2> /dev/null
195 | }
196 | 
197 | pid_running() {
198 |     kill -0 $1 2> /dev/null
199 | }
200 | 
201 | case "$CMD" in
202 |     start)
203 |         start
204 |         ;;
205 |     stop)
206 |         stop
207 |         ;;
208 |     restart)
209 |         restart
210 |         ;;
211 |     status)
212 |         status
213 |         ;;
214 |     *)
215 |         echo "Usage $0 {start|stop|restart|status}"
216 |         RETVAL=1
217 | esac
218 | EOF
219 | ) | tee /etc/init.d/graylog2-server
220 | 
221 | # Make graylog2-server executable
222 | chmod +x /etc/init.d/graylog2-server
223 | 
224 | # Start graylog2-server on bootup
225 | chkconfig --add graylog2-server
226 | chkconfig graylog2-server on
227 | service graylog2-server start
228 | 
229 | # Waiting for Graylog2-Server to start accepting requests on tcp/12900
230 | echo "Waiting for Graylog2-Server to start!"
231 | while ! nc -vz localhost 12900; do sleep 1; done
232 | 
233 | # Install graylog2 web interface
234 | echo "Installing graylog2-web-interface"
235 | cd /opt/
236 | ln -s graylog2-web-interface-0.9*/ graylog2-web-interface
237 | 
238 | echo "Creating Graylog2-web-interface startup script"
239 | (
240 | cat <<'EOF'
241 | #!/bin/sh
242 | 
243 | # chkconfig:   2345 90 10
244 | 
245 | ### BEGIN INIT INFO
246 | # Provides:          graylog2-web-interface
247 | # Required-Start:    $graylog2-server
248 | # Required-Stop:     $graylog2-server
249 | # Default-Start:     2 3 4 5
250 | # Default-Stop:      0 1 6
251 | # Short-Description: Start graylog2-server at boot time
252 | # Description:       Starts graylog2-server using start-stop-daemon
253 | ### END INIT INFO
254 | 
255 | CMD=$1
256 | NOHUP=`which nohup`
257 | JAVA_CMD=/usr/bin/java
258 | GRAYLOG2_WEB_INTERFACE_HOME=/opt/graylog2-web-interface
259 | 
260 | GRAYLOG2_WEB_INTERFACE_PID=/opt/graylog2-web-interface/RUNNING_PID
261 | 
262 | start() {
263 | echo "Starting graylog2-web-interface ..."
264 | #sleep 3m
265 | $NOHUP /opt/graylog2-web-interface/bin/graylog2-web-interface &
266 | }
267 | 
268 | stop() {
269 | echo "Stopping graylog2-web-interface ($PID) ..."
270 | PID=`cat ${GRAYLOG2_WEB_INTERFACE_PID}`
271 | if kill $PID; then
272 |         rm ${GRAYLOG2_WEB_INTERFACE_PID}
273 | fi
274 | }
275 | 
276 | restart() {
277 | echo "Restarting graylog2-web-interface ..."
278 | stop
279 | start
280 | }
281 | 
282 | status() {
283 |     pid=$(get_pid)
284 |     if [ ! -z $pid ]; then
285 |         if pid_running $pid; then
286 |             echo "graylog2-web-interface running as pid $pid"
287 |             return 0
288 |         else
289 |             echo "Stale pid file with $pid - removing..."
290 |             rm ${GRAYLOG2_WEB_INTERFACE_PID}
291 |         fi
292 |     fi
293 | 
294 |     echo "graylog2-web-interface not running"
295 | }
296 | 
297 | get_pid() {
298 |     cat ${GRAYLOG2_WEB_INTERFACE_PID} 2> /dev/null
299 | }
300 | 
301 | pid_running() {
302 |     kill -0 $1 2> /dev/null
303 | }
304 | 
305 | case "$CMD" in
306 |         start)
307 |                 start
308 |                 ;;
309 |         stop)
310 |                 stop
311 |                 ;;
312 |         restart)
313 |                 restart
314 |                 ;;
315 |         status)
316 |                 status
317 |                 ;;
318 | *)
319 | echo "Usage $0 {start|stop|restart|status}"
320 | RETVAL=1
321 | esac
322 | EOF
323 | ) | tee /etc/init.d/graylog2-web-interface
324 | 
325 | # Make graylog2-web-interface executable
326 | chmod +x /etc/init.d/graylog2-web-interface
327 | 
328 | # Start graylog2-server on bootup
329 | chkconfig --add graylog2-web-interface
330 | chkconfig graylog2-web-interface on
331 | 
332 | # Now we need to modify some things to get rsyslog to forward to graylog. this is useful for ESXi syslog format to be correct.
333 | echo "Updating graylog2.conf and rsyslog.conf"
334 | sed -i -e 's|#$ModLoad imudp|$ModLoad imudp|' /etc/rsyslog.conf
335 | sed -i -e 's|#$UDPServerRun 514|$UDPServerRun 514|' /etc/rsyslog.conf
336 | sed -i -e 's|#$ModLoad imtcp|$ModLoad imtcp|' /etc/rsyslog.conf
337 | sed -i -e 's|#$InputTCPServerRun 514|$InputTCPServerRun 514|' /etc/rsyslog.conf
338 | sed -i -e 's|*.*;auth,authpriv.none|#*.*;auth,authpriv.none|' /etc/rsyslog.d/50-default.conf
339 | echo '$template GRAYLOG2-1,"<%PRI%>1 %timegenerated:::date-rfc3339% %hostname% %syslogtag% - %APP-NAME%: %msg:::drop-last-lf%\n"' | tee /etc/rsyslog.d/32-graylog2.conf
340 | echo '$template GRAYLOG2-2,"<%pri%>1 %timegenerated:::date-rfc3339% %fromhost% %app-name% %procid% %msg%\n"'  | tee -a /etc/rsyslog.d/32-graylog2.conf
341 | echo '$template GRAYLOGRFC5424,"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msg%\n"' | tee -a /etc/rsyslog.d/32-graylog2.conf
342 | echo '$PreserveFQDN on' | tee -a  /etc/rsyslog.d/32-graylog2.conf
343 | echo '*.* @localhost:10514;GRAYLOG2-2' | tee -a  /etc/rsyslog.d/32-graylog2.conf
344 | sed -i -e 's|graylog2-server.uris=""|graylog2-server.uris="http://127.0.0.1:12900/"|' /opt/graylog2-web-interface/conf/graylog2-web-interface.conf
345 | app_secret=$(pwgen -s 96)
346 | sed -i -e 's|application.secret=""|application.secret="'$app_secret'"|' /opt/graylog2-web-interface/conf/graylog2-web-interface.conf
347 | 
348 | # Fixing /opt/graylog2-web-interface Permissions
349 | echo "Fixing Graylog2 Web Interface Permissions"
350 | chown -R root:root /opt/graylog2*
351 | 
352 | # Cleaning up /opt
353 | echo "Cleaning up"
354 | rm /opt/graylog2-server*.*gz
355 | rm /opt/graylog2-web-interface*.*gz
356 | rm /opt/elasticsearch-0.90.10.noarch.rpm
357 | 
358 | # Restart rsyslog
359 | service rsyslog restart
360 | 
361 | echo "Starting graylog2-web-interface"
362 | service graylog2-web-interface start
363 | 
364 | # All Done
365 | echo "Installation has completed!!"
366 | echo "Browse to IP address of this Graylog2 Server Used for Installation"
367 | echo "IP Address detected from system is $IPADDY"
368 | echo "Browse to http://$IPADDY:9000"
369 | echo "Login with username: admin"
370 | echo "Login with password: $adminpass"
371 | echo "You Entered $SERVERNAME During Install"
372 | echo "Browse to http://$SERVERNAME:9000 If Different"
373 | echo "EveryThingShouldBeVirtual.com"
374 | echo "@mrlesmithjr"
375 | 


--------------------------------------------------------------------------------
/install_graylog2_90_ubuntu.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | #Provided by @mrlesmithjr
  3 | #EveryThingShouldBeVirtual.com
  4 | 
  5 | # Ubuntu Install Script
  6 | 
  7 | set -e
  8 | # Setup logging
  9 | # Logs stderr and stdout to separate files.
 10 | exec 2> >(tee "./graylog2/install_graylog2.err")
 11 | exec > >(tee "./graylog2/install_graylog2.log")
 12 | 
 13 | # Setup Pause function
 14 | function pause(){
 15 |    read -p "$*"
 16 | }
 17 | 
 18 | # Checking if running as root (10/16/2013 - No longer an issue - Should be ran as root or with sudo)
 19 | # Do not run as root
 20 | # if [[ $EUID -eq 0 ]];then
 21 | # echo "$(tput setaf 1)DO NOT RUN AS ROOT or use SUDO"
 22 | # echo "Now exiting...Hit Return"
 23 | # echo "$(tput setaf 3)Run script as normal non-root user and without sudo$(tput sgr0)"
 24 | # exit 1
 25 | # fi
 26 | 
 27 | echo "Detecting IP Address"
 28 | IPADDY="$(ifconfig | grep -A 1 'eth0' | tail -1 | cut -d ':' -f 2 | cut -d ' ' -f 1)"
 29 | echo "Detected IP Address is $IPADDY"
 30 | 
 31 | SERVERNAME=$IPADDY
 32 | SERVERALIAS=$IPADDY
 33 | #adminpass=
 34 | 
 35 | # Disable CD Sources in /etc/apt/sources.list
 36 | echo "Disabling CD Sources and Updating Apt Packages and Installing Pre-Reqs"
 37 | sed -i -e 's|deb cdrom:|# deb cdrom:|' /etc/apt/sources.list
 38 | apt-get -qq update
 39 | 
 40 | # Install Pre-Reqs
 41 | apt-get -y install git curl build-essential openjdk-7-jre pwgen wget netcat
 42 | 
 43 | # Download Elasticsearch, Graylog2-Server and Graylog2-Web-Interface
 44 | echo "Downloading Elastic Search, Graylog2-Server and Graylog2-Web-Interface to /opt"
 45 | cd /opt
 46 | wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.2.deb
 47 | wget http://packages.graylog2.org/releases/graylog2-server/graylog2-server-0.92.4.tgz
 48 | wget http://packages.graylog2.org/releases/graylog2-web-interface/graylog2-web-interface-0.92.4.tgz
 49 | 
 50 | # Extract files
 51 | echo "Extracting Graylog2-Server and Graylog2-Web-Interface to /opt"
 52 |   for f in *.*gz
 53 | do
 54 | tar zxf "$f"
 55 | done
 56 | 
 57 | # Create Symbolic Links
 58 | echo "Creating SymLink Graylog2-server"
 59 | ln -s graylog2-server-0.9*/ graylog2-server
 60 | 
 61 | # Install elasticsearch
 62 | echo "Installing elasticsearch"
 63 | dpkg -i elasticsearch-1.4.2.deb
 64 | sed -i -e 's|#cluster.name: elasticsearch|cluster.name: graylog2|' /etc/elasticsearch/elasticsearch.yml
 65 | 
 66 | # Making elasticsearch start on boot
 67 | sudo update-rc.d elasticsearch defaults 95 10
 68 | 
 69 | # Restart elasticsearch
 70 | service elasticsearch restart
 71 | 
 72 | # Test elasticsearch
 73 | # curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'
 74 | 
 75 | # Install mongodb
 76 | echo "Installing MongoDB"
 77 | apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10
 78 | echo "deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen" | tee /etc/apt/sources.list.d/10gen.list
 79 | apt-get -qq update
 80 | apt-get -y install mongodb-org
 81 | 
 82 | # Waiting for MongoDB to start accepting connections on tcp/27017
 83 | echo "!!!*** Waiting for MongoDB to start accepting connections ***!!!"
 84 | echo "This could take a while so connection timeouts below are normal!"
 85 | while ! nc -vz localhost 27017; do sleep 1; done
 86 | 
 87 | # Making changes to /etc/security/limits.conf to allow more open files for elasticsearch
 88 | mv /etc/security/limits.conf /etc/security/limits.bak
 89 | grep -Ev "# End of file" /etc/security/limits.bak > /etc/security/limits.conf
 90 | echo "elasticsearch soft nofile 32000" >> /etc/security/limits.conf
 91 | echo "elasticsearch hard nofile 32000" >> /etc/security/limits.conf
 92 | echo "# End of file" >> /etc/security/limits.conf
 93 | 
 94 | # Install graylog2-server
 95 | echo "Installing graylog2-server"
 96 | echo -n "Enter a password to use for the admin account to login to the Graylog2 webUI: "
 97 | read adminpass
 98 | echo "You entered $adminpass (MAKE SURE TO NOT FORGET THIS PASSWORD!)"
 99 | pause 'Press [Enter] key to continue...'
100 | cd graylog2-server/
101 | cp /opt/graylog2-server/graylog2.conf{.example,}
102 | mv graylog2.conf /etc/
103 | #ln -s /opt/graylog2-server/graylog2.conf /etc/graylog2.conf
104 | pass_secret=$(pwgen -s 96)
105 | sed -i -e 's|password_secret =|password_secret = '$pass_secret'|' /etc/graylog2.conf
106 | #root_pass_sha2=$(echo -n password123 | shasum -a 256)
107 | admin_pass_hash=$(echo -n $adminpass|sha256sum|awk '{print $1}')
108 | sed -i -e "s|root_password_sha2 =|root_password_sha2 = $admin_pass_hash|" /etc/graylog2.conf
109 | sed -i -e 's|elasticsearch_shards = 4|elasticsearch_shards = 1|' /etc/graylog2.conf
110 | sed -i -e 's|mongodb_useauth = true|mongodb_useauth = false|' /etc/graylog2.conf
111 | sed -i -e 's|#elasticsearch_discovery_zen_ping_multicast_enabled = false|elasticsearch_discovery_zen_ping_multicast_enabled = false|' /etc/graylog2.conf
112 | sed -i -e 's|#elasticsearch_discovery_zen_ping_unicast_hosts = 192.168.1.203:9300|elasticsearch_discovery_zen_ping_unicast_hosts = 127.0.0.1:9300|' /etc/graylog2.conf
113 | 
114 | # Setting new retention policy setting or Graylog2 Server will not start
115 | sed -i 's|retention_strategy = delete|retention_strategy = close|' /etc/graylog2.conf
116 | 
117 | # This setting is required as of v0.20.2 in /etc/graylog2.conf
118 | sed -i -e 's|#rest_transport_uri = http://192.168.1.1:12900/|rest_transport_uri = http://127.0.0.1:12900/|' /etc/graylog2.conf
119 | 
120 | # Create graylog2-server startup script
121 | echo "Creating /etc/init.d/graylog2-server startup script"
122 | (
123 | cat <<'EOF'
124 | #!/bin/bash
125 | 
126 | ### BEGIN INIT INFO
127 | # Provides:          graylog2-server
128 | # Required-Start:    $elasticsearch
129 | # Required-Stop:     $graylog2-web-interface
130 | # Default-Start:     2 3 4 5
131 | # Default-Stop:      0 1 6
132 | # Short-Description: Start graylog2-server at boot time
133 | # Description:       Starts graylog2-server using start-stop-daemon
134 | ### END INIT INFO
135 | 
136 | CMD=$1
137 | NOHUP=`which nohup`
138 | 
139 | GRAYLOG2CTL_DIR="/opt/graylog2-server/bin"
140 | GRAYLOG2_SERVER_JAR=graylog2-server.jar
141 | GRAYLOG2_CONF=/etc/graylog2.conf
142 | GRAYLOG2_PID=/tmp/graylog2.pid
143 | LOG_FILE=log/graylog2-server.log
144 | 
145 | start() {
146 |     echo "Starting graylog2-server ..."
147 |     cd "$GRAYLOG2CTL_DIR/.."
148 | #    sleep 2m
149 |     $NOHUP java -jar ${GRAYLOG2_SERVER_JAR} -f ${GRAYLOG2_CONF} -p ${GRAYLOG2_PID} >> ${LOG_FILE} &
150 | }
151 | 
152 | stop() {
153 |     PID=`cat ${GRAYLOG2_PID}`
154 |     echo "Stopping graylog2-server ($PID) ..."
155 |     if kill $PID; then
156 |         rm ${GRAYLOG2_PID}
157 |     fi
158 | }
159 | 
160 | restart() {
161 |     echo "Restarting graylog2-server ..."
162 |     stop
163 |     start
164 | }
165 | 
166 | status() {
167 |     pid=$(get_pid)
168 |     if [ ! -z $pid ]; then
169 |         if pid_running $pid; then
170 |             echo "graylog2-server running as pid $pid"
171 |             return 0
172 |         else
173 |             echo "Stale pid file with $pid - removing..."
174 |             rm ${GRAYLOG2_PID}
175 |         fi
176 |     fi
177 | 
178 |     echo "graylog2-server not running"
179 | }
180 | 
181 | get_pid() {
182 |     cat ${GRAYLOG2_PID} 2> /dev/null
183 | }
184 | 
185 | pid_running() {
186 |     kill -0 $1 2> /dev/null
187 | }
188 | 
189 | case "$CMD" in
190 |     start)
191 |         start
192 |         ;;
193 |     stop)
194 |         stop
195 |         ;;
196 |     restart)
197 |         restart
198 |         ;;
199 |     status)
200 |         status
201 |         ;;
202 |     *)
203 |         echo "Usage $0 {start|stop|restart|status}"
204 |         RETVAL=1
205 | esac
206 | EOF
207 | ) | tee /etc/init.d/graylog2-server
208 | 
209 | # Make graylog2-server executable
210 | chmod +x /etc/init.d/graylog2-server
211 | 
212 | # Start graylog2-server on bootup
213 | echo "Making graylog2-server startup on boot"
214 | update-rc.d graylog2-server defaults
215 | 
216 | echo "Starting graylog2-server"
217 | service graylog2-server start
218 | 
219 | # Waiting for Graylog2-Server to start accepting requests on tcp/12900
220 | echo "Waiting for Graylog2-Server to start!"
221 | while ! nc -vz localhost 12900; do sleep 1; done
222 | 
223 | # Install graylog2 web interface
224 | echo "Installing graylog2-web-interface"
225 | cd /opt/
226 | ln -s graylog2-web-interface-0.9*/ graylog2-web-interface
227 | 
228 | echo "Creating Graylog2-web-interface startup script"
229 | (
230 | cat <<'EOF'
231 | #!/bin/sh
232 | 
233 | ### BEGIN INIT INFO
234 | # Provides:          graylog2-web-interface
235 | # Required-Start:    $graylog2-server
236 | # Required-Stop:     $graylog2-server
237 | # Default-Start:     2 3 4 5
238 | # Default-Stop:      0 1 6
239 | # Short-Description: Start graylog2-server at boot time
240 | # Description:       Starts graylog2-server using start-stop-daemon
241 | ### END INIT INFO
242 | 
243 | CMD=$1
244 | NOHUP=`which nohup`
245 | JAVA_CMD=/usr/bin/java
246 | GRAYLOG2_WEB_INTERFACE_HOME=/opt/graylog2-web-interface
247 | 
248 | GRAYLOG2_WEB_INTERFACE_PID=/opt/graylog2-web-interface/RUNNING_PID
249 | 
250 | start() {
251 | echo "Starting graylog2-web-interface ..."
252 | #sleep 3m
253 | $NOHUP /opt/graylog2-web-interface/bin/graylog2-web-interface &
254 | }
255 | 
256 | stop() {
257 | echo "Stopping graylog2-web-interface ($PID) ..."
258 | PID=`cat ${GRAYLOG2_WEB_INTERFACE_PID}`
259 | if kill $PID; then
260 |         rm ${GRAYLOG2_WEB_INTERFACE_PID}
261 | fi
262 | }
263 | 
264 | restart() {
265 | echo "Restarting graylog2-web-interface ..."
266 | stop
267 | start
268 | }
269 | 
270 | status() {
271 |     pid=$(get_pid)
272 |     if [ ! -z $pid ]; then
273 |         if pid_running $pid; then
274 |             echo "graylog2-web-interface running as pid $pid"
275 |             return 0
276 |         else
277 |             echo "Stale pid file with $pid - removing..."
278 |             rm ${GRAYLOG2_WEB_INTERFACE_PID}
279 |         fi
280 |     fi
281 | 
282 |     echo "graylog2-web-interface not running"
283 | }
284 | 
285 | get_pid() {
286 |     cat ${GRAYLOG2_WEB_INTERFACE_PID} 2> /dev/null
287 | }
288 | 
289 | pid_running() {
290 |     kill -0 $1 2> /dev/null
291 | }
292 | 
293 | case "$CMD" in
294 |         start)
295 |                 start
296 |                 ;;
297 |         stop)
298 |                 stop
299 |                 ;;
300 |         restart)
301 |                 restart
302 |                 ;;
303 |         status)
304 |                 status
305 |                 ;;
306 | *)
307 | echo "Usage $0 {start|stop|restart|status}"
308 | RETVAL=1
309 | esac
310 | EOF
311 | ) | tee /etc/init.d/graylog2-web-interface
312 | 
313 | # Make graylog2-web-interface executable
314 | chmod +x /etc/init.d/graylog2-web-interface
315 | 
316 | # Start graylog2-web-interface on bootup
317 | echo "Making graylog2-web-interface startup on boot"
318 | update-rc.d graylog2-web-interface defaults
319 | 
320 | # Now we need to modify some things to get rsyslog to forward to graylog. this is useful for ESXi syslog format to be correct.
321 | echo "Updating graylog2.conf and rsyslog.conf"
322 | #sed -i -e 's|syslog_listen_port = 514|syslog_listen_port = 10514|' /etc/graylog2.conf
323 | #sed -i -e 's|#$ModLoad immark|$ModLoad immark|' /etc/rsyslog.conf
324 | sed -i -e 's|#$ModLoad imudp|$ModLoad imudp|' /etc/rsyslog.conf
325 | sed -i -e 's|#$UDPServerRun 514|$UDPServerRun 514|' /etc/rsyslog.conf
326 | sed -i -e 's|#$ModLoad imtcp|$ModLoad imtcp|' /etc/rsyslog.conf
327 | sed -i -e 's|#$InputTCPServerRun 514|$InputTCPServerRun 514|' /etc/rsyslog.conf
328 | sed -i -e 's|*.*;auth,authpriv.none|#*.*;auth,authpriv.none|' /etc/rsyslog.d/50-default.conf
329 | echo '$template GRAYLOG2-1,"<%PRI%>1 %timegenerated:::date-rfc3339% %hostname% %syslogtag% - %APP-NAME%: %msg:::drop-last-lf%\n"' | tee /etc/rsyslog.d/32-graylog2.conf
330 | echo '$template GRAYLOG2-2,"<%pri%>1 %timegenerated:::date-rfc3339% %fromhost% %app-name% %procid% %msg%\n"'  | tee -a /etc/rsyslog.d/32-graylog2.conf
331 | echo '$template GRAYLOGRFC5424,"<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msg%\n"' | tee -a /etc/rsyslog.d/32-graylog2.conf
332 | echo '$PreserveFQDN on' | tee -a  /etc/rsyslog.d/32-graylog2.conf
333 | echo '*.* @localhost:10514;GRAYLOG2-2' | tee -a  /etc/rsyslog.d/32-graylog2.conf
334 | sed -i -e 's|graylog2-server.uris=""|graylog2-server.uris="http://127.0.0.1:12900/"|' /opt/graylog2-web-interface/conf/graylog2-web-interface.conf
335 | app_secret=$(pwgen -s 96)
336 | sed -i -e 's|application.secret=""|application.secret="'$app_secret'"|' /opt/graylog2-web-interface/conf/graylog2-web-interface.conf
337 | 
338 | # Fixing /opt/graylog2-web-interface Permissions
339 | echo "Fixing Graylog2 Web Interface Permissions"
340 | chown -R root:root /opt/graylog2*
341 | #chown -R www-data:www-data /opt/graylog2-web-interface*
342 | 
343 | # Cleaning up /opt
344 | echo "Cleaning up"
345 | rm /opt/graylog2-server*.*gz
346 | rm /opt/graylog2-web-interface*.*gz
347 | rm /opt/elasticsearch-1.4.2.deb
348 | 
349 | # Restart All Services
350 | echo "Restarting All Services Required for Graylog2 to work"
351 | # service elasticsearch restart
352 | # service mongodb restart
353 | service rsyslog restart
354 | 
355 | echo "Starting graylog2-web-interface"
356 | service graylog2-web-interface start
357 | 
358 | # All Done
359 | echo "Installation has completed!!"
360 | echo "Browse to IP address of this Graylog2 Server Used for Installation"
361 | echo "IP Address detected from system is $IPADDY"
362 | echo "Browse to http://$IPADDY:9000"
363 | echo "Login with username: admin"
364 | echo "Login with password: $adminpass"
365 | echo "You Entered $SERVERNAME During Install"
366 | echo "Browse to http://$SERVERNAME:9000 If Different"
367 | echo "EveryThingShouldBeVirtual.com"
368 | echo "@mrlesmithjr"
369 | 


--------------------------------------------------------------------------------
/install_logstash_apache_ubuntu.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | # Provided by @mrlesmithjr
  4 | # EveryThingShouldBeVirtual.com
  5 | 
  6 | # This will install logstash as a shipper to output to Graylog2 GELF Input UDP/12201 on another server
  7 | 
  8 | set -e
  9 | # Setup logging
 10 | # Logs stderr and stdout to separate files.
 11 | exec 2> >(tee "./graylog2/install_logstash_apache_ubuntu.err")
 12 | exec > >(tee "./graylog2/install_logstash_apache_ubuntu.log")
 13 | 
 14 | # Setting colors for output
 15 | red="$(tput setaf 1)"
 16 | yellow="$(tput bold ; tput setaf 3)"
 17 | NC="$(tput sgr0)"
 18 | 
 19 | # Capture your FQDN Domain Name and IP Address
 20 | echo "${yellow}Capturing your domain name${NC}"
 21 | yourdomainname=$(dnsdomainname)
 22 | echo "${yellow}Capturing your FQDN${NC}"
 23 | yourfqdn=$(hostname -f)
 24 | echo "${yellow}Detecting IP Address${NC}"
 25 | IPADDY="$(ifconfig | grep -A 1 'eth0' | tail -1 | cut -d ':' -f 2 | cut -d ' ' -f 1)"
 26 | echo "Your domain name is currently ${red}$yourdomainname${NC}"
 27 | echo "Your FQDN is currently ${red}$yourfqdn${NC}"
 28 | echo "Detected IP Address is ${red}$IPADDY${NC}"
 29 | 
 30 | # Disable CD Sources in /etc/apt/sources.list
 31 | echo "Disabling CD Sources and Updating Apt Packages and Installing Pre-Reqs"
 32 | sed -i -e 's|deb cdrom:|# deb cdrom:|' /etc/apt/sources.list
 33 | apt-get -qq update
 34 | 
 35 | # Install Pre-Reqs
 36 | apt-get install -y --force-yes openjdk-7-jre-headless libcurl4-openssl-dev git
 37 | 
 38 | # Install Logstash 
 39 | mkdir /opt/logstash
 40 | cd /opt/logstash
 41 | wget https://download.elasticsearch.org/logstash/logstash/logstash-1.3.3-flatjar.jar
 42 | mv logstash-*.jar logstash.jar
 43 | 
 44 | # Create Logstash Init Script
 45 | (
 46 | cat <<'EOF'
 47 | #! /bin/sh
 48 |  
 49 | ### BEGIN INIT INFO
 50 | # Provides:          logstash
 51 | # Required-Start:    $remote_fs $syslog
 52 | # Required-Stop:     $remote_fs $syslog
 53 | # Default-Start:     2 3 4 5
 54 | # Default-Stop:      0 1 6
 55 | # Short-Description: Start daemon at boot time
 56 | # Description:       Enable service provided by daemon.
 57 | ### END INIT INFO
 58 |  
 59 | . /lib/lsb/init-functions
 60 |  
 61 | name="logstash"
 62 | logstash_bin="/usr/bin/java -- -jar /opt/logstash/logstash.jar"
 63 | logstash_conf="/etc/logstash/apache_logstash.conf"
 64 | logstash_log="/var/log/logstash.log"
 65 | pid_file="/var/run/$name.pid"
 66 | patterns_path="/etc/logstash/patterns"
 67 |  
 68 | start () {
 69 |         command="${logstash_bin} agent -f $logstash_conf --log ${logstash_log}"
 70 |  
 71 |         log_daemon_msg "Starting $name" "$name"
 72 |         if start-stop-daemon --start --quiet --oknodo --pidfile "$pid_file" -b -m --exec $command; then
 73 |                 log_end_msg 0
 74 |         else
 75 |                 log_end_msg 1
 76 |         fi
 77 | }
 78 |  
 79 | stop () {
 80 |         log_daemon_msg "Stopping $name" "$name"
 81 |         start-stop-daemon --stop --quiet --oknodo --pidfile "$pid_file"
 82 | }
 83 |  
 84 | status () {
 85 |         status_of_proc -p "$pid_file" "$name"
 86 | }
 87 |  
 88 | case $1 in
 89 |         start)
 90 |                 if status; then exit 0; fi
 91 |                 start
 92 |                 ;;
 93 |         stop)
 94 |                 stop
 95 |                 ;;
 96 |         reload)
 97 |                 stop
 98 |                 start
 99 |                 ;;
100 |         restart)
101 |                 stop
102 |                 start
103 |                 ;;
104 |         status)
105 |                 status && exit 0 || exit $?
106 |                 ;;
107 |         *)
108 |                 echo "Usage: $0 {start|stop|restart|reload|status}"
109 |                 exit 1
110 |                 ;;
111 | esac
112 |  
113 | exit 0
114 | EOF
115 | ) | tee /etc/init.d/logstash
116 | 
117 | # Make logstash executable
118 | chmod +x /etc/init.d/logstash
119 | 
120 | # Enable logstash start on bootup
121 | update-rc.d logstash defaults
122 | 
123 | echo "Enter your Graylog2 server name or IP: "
124 | read graylog2server
125 | 
126 | # Create Logstash configuration file
127 | mkdir /etc/logstash
128 | tee -a /etc/logstash/apache_logstash.conf <<EOF
129 | input {
130 |   file {
131 |     path => "/var/log/apache2/*access.log"
132 |     type => "apache"
133 |     sincedb_path => "/var/log/.sincedb"
134 |   }
135 | }
136 |  
137 | filter {
138 |   if [type] == "apache" {
139 |     grok {
140 |       pattern => "%{COMBINEDAPACHELOG}"
141 |     }
142 |   }
143 | }
144 |  
145 | output {
146 |   gelf { host => "$graylog2server" }
147 | }
148 | EOF
149 | 
150 | # Create grok pattern folder
151 | mkdir -p /etc/logstash/patterns
152 | cd /tmp
153 | git clone https://github.com/logstash/logstash
154 | cp /tmp/logstash/patterns/* /etc/logstash/patterns/
155 | 
156 | # Restart logstash service
157 | service logstash restart
158 | 
159 | # All Done
160 | echo "Installation has completed!!"
161 | echo "${yellow}EveryThingShouldBeVirtual.com${NC}"
162 | echo "${yellow}@mrlesmithjr${NC}"
163 | echo "${yellow}Enjoy!!!${NC}"
164 | 


--------------------------------------------------------------------------------
/vagrant/Vagrantfile:
--------------------------------------------------------------------------------
 1 | #Provided by @mrlesmithjr
 2 | #EveryThingShouldBeVirtual.com
 3 | 
 4 | Vagrant.configure(2) do |config|
 5 |   config.vm.box = "mrlesmithjr/ubuntu-14.04-base"
 6 |   config.vm.provider "virtualbox" do |vb|
 7 |     vb.name = "graylog2-server"
 8 |     vb.memory = "2048"
 9 |     vb.cpus = "2"  
10 |   end
11 |   config.vm.define :server do |srv|
12 |     srv.vm.hostname = "graylog2-server"
13 |     srv.vm.network :forwarded_port, guest: 514, host: 1514, protocol: 'tcp'
14 |     srv.vm.network :forwarded_port, guest: 514, host: 1514, protocol: 'udp'
15 |     srv.vm.network :forwarded_port, guest: 9000, host: 9000
16 |     srv.vm.network :forwarded_port, guest: 12900, host: 12900
17 |     srv.vm.network :forwarded_port, guest: 12201, host: 12201, protocol: 'udp'
18 |     srv.vm.network :forwarded_port, guest: 12201, host: 12201, protocol: 'tcp'
19 |     srv.vm.provision :shell, path: "provision.sh"
20 |   end
21 | end
22 | 


--------------------------------------------------------------------------------
/vagrant/provision.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | #Provided by @mrlesmithjr
 3 | #EveryThingShouldBeVirtual.com
 4 | 
 5 | # Change to the password that you would like to use for logging into Graylog2
 6 | password="password123"
 7 | 
 8 | apt-get update
 9 | apt-get install -y git
10 | 
11 | # Pull down latest graylog2 install scripts
12 | git clone https://github.com/mrlesmithjr/graylog2
13 | 
14 | # Change password123 below to a different password for graylog2 login
15 | sed -i -e 's|#adminpass=|adminpass='$password'|' ./graylog2/install_graylog2_90_ubuntu.sh
16 | sed -i -e 's|echo -n "Enter a password to use for the admin account to login to the Graylog2 webUI: "|#echo -n "Enter a password to use for the admin account to login to the Graylog2 webUI: "|' ./graylog2/install_graylog2_90_ubuntu.sh
17 | sed -i -e 's|read adminpass|#read adminpass|' ./graylog2/install_graylog2_90_ubuntu.sh
18 | sed -i -e 's|pause 'Press [Enter] key to continue...'|#pause 'Press [Enter] key to continue...'|' ./graylog2/install_graylog2_90_ubuntu.sh
19 | chmod +x ./graylog2/install_graylog2_90_ubuntu.sh
20 | ./graylog2/install_graylog2_90_ubuntu.sh
21 | rm -rf ./graylog2
22 | 


--------------------------------------------------------------------------------