#graylog

Intrusion Monitoring mit Graylog

Ein modernes Smart Home braucht mehr als eine Firewall. Ein intelligentes IDS/IPS auf Basis von OPNsense mit Suricata und Graylog überwacht sämtliche Zugriffe auf Web-Services und analysiert nicht nur was passiert, sondern auch die Intention hinter den Requests.

#Guess Let's play 'Guess The Logo!' 🤔

Can you recognize this logo? Drop your guesses below!👇

💻 Explore insights on the latest in #technology on our Blog Page 👉 https://simplelogic-it.com/blogs/

In this post, we’ll look at how to configure Graylog Nginx reverse proxy with Let’s Encrypt SSL. In this manner, you may use a domain or hostname with a confirmed SSL certificate.

The first step is to install Let’s Encrypt client like certbot which we’ll use to request the certificate to be used by Graylog.

This is how I installed graylog on my Pi.

What is needed:

1.- Raspberry Pi 4 - 8 GB Ram with firmware patch to boot from USB.

2.- Geekworm Raspberry Pi 4 mSATA SSD Adapter X857.

3.- MSata drive (using a 250 gb drive).

4.- Raspbian/Debian, Ubuntu aarch64.

5.- Network connection (Ethernet, WiFi and BT disabled).

6.- Rpi4 heatsinks (optional/recommended).

Procedure:

Install OS (Raspbian Aarch64) on the MSata drive, boot the raspberry pi and then do

# sudo apt update && apt full-upgrade -y

# sudo apt install apt-transport-https openjdk-11-jre-headless uuid-runtime pwgen dirmngr gnupg wget zip curl

Install MongoDB

# curl -s https://www.mongodb.org/static/pgp/server-4.2.asc | sudo apt-key add -

# echo "deb [ arch=arm64 ] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.2 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.2.list

# sudo apt update && sudo apt install mongodb-org -y

# sudo systemctl enable mongod

# sudo systemctl start mongod

# sudo systemctl status mongod

Install Elasticsearch

# wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

# echo "deb [ arch=arm64 ] https://artifacts.elastic.co/packages/oss-7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list

# sudo apt update && sudo apt install elasticsearch-oss -y

# sudo tee -a /etc/elasticsearch/elasticsearch.yml > /dev/null <<EOT cluster.name: graylog network.host: 127.0.0.1 http.port: 9200 action.auto_create_index: false EOT

# sudo systemctl daemon-reload

# sudo systemctl enable elasticsearch.service

# sudo systemctl restart elasticsearch.service

Install Graylog

Download the latest graylog-x.x.x.tgz from https://www.graylog.org/downloads-2 and scp it to your PI or

# cd opt

# wget https://downloads.graylog.org/releases/graylog/graylog-x.x.x.tgz

# sudo tar -xf graylog-x.x.x.tgz

# sudo mv /opt/graylog-x.x.x /opt/graylog

# sudo rm graylog-x.x.x.tgz

# vi /etc/graylog/server/server.conf and configure to your needs

To start the server do:

# cd /opt/graylog/bin

# ./graylogctl start

After the server started go to http://server-ip:9000 and use the user admin with the password previously configured, create an input and that should be all.

How To Install Graylog On Ubuntu 20.04

In this article, you’ll learn how to install Graylog on Ubuntu 20.04. Graylog is an open-source enterprise-grade log management system, And also it will extract data from the server and aggregates logs. Graylog allows visualizing and search logs on web UI. Steps to Install Graylog On Ubuntu 20.04 Step 1: Update the Ubuntu system to avoid any dependency issues it is always recommended updating the…

Graylog is a centralized log management tool built for capturing, storing, and enabling real-time analysis of terabytes of machine data. Here is how you can install graylog in Ubuntu 20.04