Install/Setup Graylog 3 on Ubuntu 18.04 - Zeeks logs + threat intel pipeline
git clone https://github.com/CptOfEvilMinions/BlogProjects.gitcd BlogProjects/Graylogv3
docker-compose up -d
vim hosts.iniand set:ansible_host- Set to the IP addr for Graylog
mv group_vars/all.yml.example group_vars/all.ymlvim group_vars/all.ymland set:base_domain- Set the domain forgraylogtimezone- Set country/state for NTP(time)cert stuff for OpenSSL cert- cert_*
mv group_vars/graylog.yml.example group_vars/graylog.ymlvim group_vars/graylog.ymland set:graylog_hostname- Set hostname for the new graylog boxgraylog_admin_password- Admin password for Graylog webguigraylog_beats_logging- Enable/Disable logging via Beatsgraylog_beats_port- Port to ingest Beats logs
graylog_syslog_tcp_logging- Enable/Disable logging via Syslog with TCPgraylog_syslog_tcp_port- Port to ingest Syslog with TCP
graylog_syslog_udp_logging- Enable/Disable logging via Syslog with UDPgraylog_syslog_udp_port- Port to ingest Syslog with UDP
ansible-playbook -i host.ini deploy_graylog.yml -u <username> -K
mv group_vars/logging.yml.example group_vars/logging.yml
vim hosts.iniand set:ansible_host- Set to the IP addr forfilebeat-agents
vim group_vars/logging.ymland set:zeek_log_dir- Directory where Zeek logs are stored
ansible-playbook -i host.ini deploy_filebeat_zeek.yml -u <username> -K
vim hosts.iniand set:ansible_host- Set to the IP addr forrsyslog-agents
vim group_vars/logging.ymland set:nginx_log_dir- Directory where NGINX logs are stored
ansible-playbook -i host.ini deploy_rsyslog_nginx.yml -u <username> -K
- How To Create a Self-Signed SSL Certificate for Nginx in Ubuntu 18.04
- Redirect HTTP to HTTPS in Nginx
- How does the web interface connect to the Graylog server?
- Ubuntu installation
- Graylog - Web interface for NGINX
- How To Set Up a Firewall with UFW on Ubuntu 18.04
- Enable HTTP/2 in Nginx
- Our Biggest and Baddest Yet: Graylog 3.0