sudo apt-get update && sudo apt-get upgrade
(yes)
sudo apt-get install apt-transport-https openjdk-8-jre-headless uuid-runtime pwgen
(yes)
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv
9DA31620334BD75D9DCB49F368818C72E52529D4
sudo echo "deb [ arch=amd64 ] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-
org/4.0 multiverse" | sudo tee /etc/apt/source.list.d/mongodb-org-4.0.list
sudo apt-get install -y mongodb-org
sudo systemctl daemon-reload
sudo systemctl enable mongod.service
sudo systemctl restart mongod.service
sudo ps aux | grep mongo
sudo wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key
add -
sudo apt-get update
sudo apt-get install elasticsearch-oss
sudo vi /etc/elasticsearch/elasticsearch.yml
cluster.name: graylog
action.auto_create_index: false
:wq!
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service
sudo ps aux | grep elasticsearch
sudo netstat -an | grep 9200
sudo wget https://packages.graylog2.org/repo/packages/graylog-3.0-
repository_latest.deb
sudo dpkg -i graylog-3.0-repository_latest.deb
sudo apt-get update
sudo apt-get install graylog-server
sudo vi /etc/graylog/server/server.conf
password_secret = "mettre un mot de passe"
:shell
sudo nwgen -N 1 -s 96
sudo pwgen -N 1 -s 96 (copier mot de passe)
exit (retourner sur sudo vi /etc/graylog/server/server.conf)
password_secret = (coller mot de passe)
:shell
sudo echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum |
cut -d" " -f1
admin
(copier mot de passe)
exit
root_password_sha2 = (coller mot de passe)
root_timezone = France (vérifier sur http://www.joda.org/joda-
time/timezones.html)
:wq!
sudo systemctl daemon-reload
sudo systemctl enable graylog-server.service
sudo systemctl start graylog-server
sudo tail -f /var/log/graylog-server/server.log
vi /etc/rsyslog.conf
*.* @
:shell
ifconfig
exit
*.* @"ip_de_ipconfig":1514;RSYSLOG_SyslogProtocol123Format
:wq!
�sudo systemctl restart rsyslog
sudo iptables -t nat -A PREROUTING -p tcp --dport 514 -j REDIRECT --to 1514
sudo iptables -t nat -A PREROUTING -p udp --dport 514 -j REDIRECT --to 1514
sudo iptables-save > /etc/iptables.rules
sudo less /etc/iptables.rules
sudo vi /etc/network/if-pre-up.d/iptables
#!/bin/sh
iptables-restore < /etc/iptables.rules
exit 0
:wq!
sudo chmod +x /etc/network/if-pre-up.d/iptables
sudo curl http://127.0.0.1:9000
sudo netstat -an | grep 9000
sudo vi /etc/graylog/server/server.conf
http_bind_address = "ip_de_ifconfig":9000 (rajouter cette ligne entre
les deux http_bind_address)
:wq!
sudo systemctl restart graylog-server
sudo tail -f /var/log/graylog-server/server.log
sudo netstat -an | grep 9000
^C
exit
sudo su -
Ouvrir chrome => rechercher "ip_de_ifconfig":9000
admin mdp
...
...
...
...
