mariussturm/gist:a1cb134da2f0f6a9eded

## gistfile1.txt
- Download Java7 RPM: http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html
- zypper install jdk-7u75-linux-x64.rpm
- Install MongoDB
- zypper addrepo http://download.opensuse.org/repositories/server:database/SLE_11_SP3/server:database.repo
- zypper refresh
- zypper install mongodb
- /sbin/chkconfig --add mongodb
- /etc/init.d/mongodb start
- Install Elasticsearch
- Download https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.1.noarch.rpm
- zypper install elasticsearch-1.4.1.noarch.rpm
- rm -r /etc/init.d/init.d
- vi /etc/init.d/elasticsearch
   put this inside: https://gist.githubusercontent.com/mariussturm/3d99f5c55b59db804e43/raw/181cbc19127bbaee4e0b85e148fc2957a155b0da/gistfile1.txt
- vi /etc/elasticsearch/elasticsearch.yml
   cluster.name: graylog2
   network.host: <main ip address>
- /sbin/chkconfig --add elasticsearch
- /etc/init.d/elasticsearch start

- Install graylog-server
- Download http://packages.graylog2.org/releases/graylog2-server/graylog2-server-0.92.4.tgz
- tar xzvf graylog2-server-0.92.4.tgz
- cp -r graylog2-server-0.92.4 /usr/share/graylog2-server
- groupadd -r graylog2
- useradd -r -g "graylog2" -d "/var/lib/graylog2-server" -s /sbin/nologin -c "Graylog2 server" "graylog2"
- install -d -o "graylog2" -g "graylog2" -m 0755 "/var/lib/graylog2-server"
- install -d -o "graylog2" -g "graylog2" -m 0755 "/var/lib/graylog2-server/spool"
- install -d -o "graylog2" -g "graylog2" -m 0755 "/var/log/graylog2-server"
- install -d -o "graylog2" -g "graylog2" -m 0755 "/var/run/graylog2-server"
- vi /etc/sysconfig/graylog2-server

```
# Path to the java executable.
JAVA=/usr/bin/java

# Default Java options for heap and garbage collection.
GRAYLOG_SERVER_JAVA_OPTS="-Xms1g -Xmx1g -XX:NewRatio=1 -XX:PermSize=128m -XX:MaxPermSize=256m -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow"

# Pass some extra args to graylog-server. (i.e. "-d" to enable debug mode)
GRAYLOG_SERVER_ARGS=""

# Program that will be used to wrap the graylog-server command. Useful to
# support programs like authbind.
GRAYLOG_COMMAND_WRAPPER=""
```

- vi /etc/init.d/graylog2-server

```
#! /bin/sh
#
# graylog2-server Starts/stop the "graylog2-server" daemon
#
# chkconfig:   - 95 5
# description: Runs the graylog2-server daemon

### BEGIN INIT INFO
# Provides:          graylog2-server
# Required-Start:    $network $named $remote_fs $syslog
# Required-Stop:     $network $named $remote_fs $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Graylog2 Server
# Description:       Graylog2 Server - Search your logs, create charts, send reports and be alerted when something happens.
### END INIT INFO

# Author: Lee Briggs <lee@leebriggs.co.uk>
# Contributor: Sandro Roth <sandro.roth@gmail.com>
# Contributor: Bernd Ahlers <bernd@torch.sh>

RETVAL=0
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DESC="Graylog2 Server"
NAME=graylog2-server
JAR_FILE=/usr/share/graylog2-server/graylog2-server.jar
JAVA=/usr/bin/java
PID_DIR=/var/run/graylog2-server
PID_FILE=$PID_DIR/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
LOCKFILE=/var/lock/subsys/$NAME
GRAYLOG_SERVER_USER=graylog2
EXEC="/usr/share/graylog2-server/bin/graylog2"

# Pull in sysconfig settings
[ -f /etc/sysconfig/${NAME} ] && . /etc/sysconfig/${NAME}

# Exit if the package is not installed
[ -e "$JAR_FILE" ] || exit 0
[ -x "$JAVA" ] || exit 0

start() {
    echo -n $"Starting ${NAME}: "
    install -d -m 755 -o $GRAYLOG_SERVER_USER -g $GRAYLOG_SERVER_USER -d $PID_DIR
    /sbin/startproc -p ${PID_FILE} -u ${GRAYLOG_SERVER_USER} ${EXEC}
    RETVAL=$?
    sleep 2
    [ $RETVAL = 0 ] && touch ${LOCKFILE}
    echo
    return $RETVAL
}

stop() {
    echo -n $"Stopping ${NAME}: "
    killproc -p ${PID_FILE} $JAVA
    RETVAL=$?
    [ $RETVAL = 0 ] && rm -f ${PID_FILE} && rm -f ${LOCKFILE}
    echo
    return $RETVAL
}

case "$1" in
    start)
        start
        ;;
    stop)
        stop
        ;;
    status)
        status -p ${PID_FILE} $NAME
        RETVAL=$?
        ;;
    restart|force-reload)
        stop
        start
        ;;
    *)
        N=/etc/init.d/${NAME}
        echo "Usage: $N {start|stop|status|restart|force-reload}" >&2
        RETVAL=2
        ;;
esac

exit $RETVAL
```

- vi /usr/share/graylog2-server/bin/graylog2

```
#!/bin/bash

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
NAME=graylog2-server
JAR_FILE=/usr/share/graylog2-server/graylog2-server.jar
JAVA=/usr/bin/java
PID_DIR=/var/run/graylog2-server
PID_FILE=$PID_DIR/$NAME.pid
JAVA_ARGS="-Djava.library.path=/usr/share/graylog2-server/lib/sigar -Dlog4j.configuration=file:///etc/graylog2/server/log4j.xml -jar $JAR_FILE -p $PID_FILE -f /etc/graylog2/server/server.conf"
GRAYLOG_SERVER_USER=graylog2
GRAYLOG_SERVER_JAVA_OPTS=""

# Pull in sysconfig settings
[ -f /etc/sysconfig/${NAME} ] && . /etc/sysconfig/${NAME}

$GRAYLOG_COMMAND_WRAPPER $JAVA $GRAYLOG_SERVER_JAVA_OPTS $JAVA_ARGS $GRAYLOG_SERVER_ARGS &
```

- chmod 0755 /usr/share/graylog2-server/bin/graylog2
- chmod 0755 /etc/init.d/graylog2-server
- install -d -o "graylog2" -g "graylog2" -m 0755 "/etc/graylog2/server"
- cp /usr/share/graylog2-server/graylog2.conf.example /etc/graylog2/server/server.conf
- vi /etc/graylog2/server/server.conf
   node_id_file = /etc/graylog2/server/node-id
   password_secret = BYUse9d4Y6M8Il8lKFTunT36pBCN8TeR9uvDb9jrU3yaoydhVCqErfXTI3tZpawZipXzcxQbXnSNaVwDzNghc28XHqdofnko
   root_password_sha2 = 8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
   plugin_dir = /usr/share/graylog2-server/plugin
   elasticsearch_discovery_zen_ping_unicast_hosts = <main ip address>:9300
   message_cache_spool_dir = /var/lib/graylog2-server/spool

- uuidgen > /etc/graylog2/server/node-id
- vi /etc/graylog2/server/log4j.xml

```
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE log4j:configuration PUBLIC "-//APACHE//DTD LOG4J 1.2//EN" "log4j.dtd">
<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">

    <!-- Appenders -->
    <appender name="fileAppender" class="org.apache.log4j.RollingFileAppender">
        <param name="append" value="true"/>
        <param name="file" value="/var/log/graylog2-server/server.log"/>
        <param name="MaxFileSize" value="10MB"/>
        <param name="MaxBackupIndex" value="10"/>
        <layout class="org.apache.log4j.PatternLayout">
            <param name="ConversionPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX} %-5p [%c{1}] %m%n"/>
        </layout>
    </appender>

    <!-- Application Loggers -->
    <logger name="org.graylog2">
        <level value="warn"/>
    </logger>
    <!-- this emits a harmless warning for ActiveDirectory every time which we can't work around :( -->
    <logger name="org.apache.directory.api.ldap.model.message.BindRequestImpl">
        <level value="error"/>
    </logger>
    <!-- Root Logger -->
    <root>
        <priority value="warn"/>
        <appender-ref ref="fileAppender"/>
    </root>

</log4j:configuration>
```

- chkconfig --add graylog2-server
- /etc/init.d/graylog2-server start
	- Download Java7 RPM: http://www.oracle.com/technetwork/java/javase/downloads/jdk7-downloads-1880260.html
	- zypper install jdk-7u75-linux-x64.rpm
	- Install MongoDB
	- zypper addrepo http://download.opensuse.org/repositories/server:database/SLE_11_SP3/server:database.repo
	- zypper refresh
	- zypper install mongodb
	- /sbin/chkconfig --add mongodb
	- /etc/init.d/mongodb start
	- Install Elasticsearch
	- Download https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.1.noarch.rpm
	- zypper install elasticsearch-1.4.1.noarch.rpm
	- rm -r /etc/init.d/init.d
	- vi /etc/init.d/elasticsearch
	put this inside: https://gist.githubusercontent.com/mariussturm/3d99f5c55b59db804e43/raw/181cbc19127bbaee4e0b85e148fc2957a155b0da/gistfile1.txt
	- vi /etc/elasticsearch/elasticsearch.yml
	cluster.name: graylog2
	network.host: <main ip address>
	- /sbin/chkconfig --add elasticsearch
	- /etc/init.d/elasticsearch start

	- Install graylog-server
	- Download http://packages.graylog2.org/releases/graylog2-server/graylog2-server-0.92.4.tgz
	- tar xzvf graylog2-server-0.92.4.tgz
	- cp -r graylog2-server-0.92.4 /usr/share/graylog2-server
	- groupadd -r graylog2
	- useradd -r -g "graylog2" -d "/var/lib/graylog2-server" -s /sbin/nologin -c "Graylog2 server" "graylog2"
	- install -d -o "graylog2" -g "graylog2" -m 0755 "/var/lib/graylog2-server"
	- install -d -o "graylog2" -g "graylog2" -m 0755 "/var/lib/graylog2-server/spool"
	- install -d -o "graylog2" -g "graylog2" -m 0755 "/var/log/graylog2-server"
	- install -d -o "graylog2" -g "graylog2" -m 0755 "/var/run/graylog2-server"
	- vi /etc/sysconfig/graylog2-server

	```
	# Path to the java executable.
	JAVA=/usr/bin/java

	# Default Java options for heap and garbage collection.
	GRAYLOG_SERVER_JAVA_OPTS="-Xms1g -Xmx1g -XX:NewRatio=1 -XX:PermSize=128m -XX:MaxPermSize=256m -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow"

	# Pass some extra args to graylog-server. (i.e. "-d" to enable debug mode)
	GRAYLOG_SERVER_ARGS=""

	# Program that will be used to wrap the graylog-server command. Useful to
	# support programs like authbind.
	GRAYLOG_COMMAND_WRAPPER=""
	```

	- vi /etc/init.d/graylog2-server

	```
	#! /bin/sh
	#
	# graylog2-server Starts/stop the "graylog2-server" daemon
	#
	# chkconfig: - 95 5
	# description: Runs the graylog2-server daemon

	### BEGIN INIT INFO
	# Provides: graylog2-server
	# Required-Start: $network $named $remote_fs $syslog
	# Required-Stop: $network $named $remote_fs $syslog
	# Default-Start: 2 3 4 5
	# Default-Stop: 0 1 6
	# Short-Description: Graylog2 Server
	# Description: Graylog2 Server - Search your logs, create charts, send reports and be alerted when something happens.
	### END INIT INFO

	# Author: Lee Briggs <lee@leebriggs.co.uk>
	# Contributor: Sandro Roth <sandro.roth@gmail.com>
	# Contributor: Bernd Ahlers <bernd@torch.sh>

	RETVAL=0
	PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
	DESC="Graylog2 Server"
	NAME=graylog2-server
	JAR_FILE=/usr/share/graylog2-server/graylog2-server.jar
	JAVA=/usr/bin/java
	PID_DIR=/var/run/graylog2-server
	PID_FILE=$PID_DIR/$NAME.pid
	SCRIPTNAME=/etc/init.d/$NAME
	LOCKFILE=/var/lock/subsys/$NAME
	GRAYLOG_SERVER_USER=graylog2
	EXEC="/usr/share/graylog2-server/bin/graylog2"

	# Pull in sysconfig settings
	[ -f /etc/sysconfig/${NAME} ] && . /etc/sysconfig/${NAME}

	# Exit if the package is not installed
	[ -e "$JAR_FILE" ] \|\| exit 0
	[ -x "$JAVA" ] \|\| exit 0

	start() {
	echo -n $"Starting ${NAME}: "
	install -d -m 755 -o $GRAYLOG_SERVER_USER -g $GRAYLOG_SERVER_USER -d $PID_DIR
	/sbin/startproc -p ${PID_FILE} -u ${GRAYLOG_SERVER_USER} ${EXEC}
	RETVAL=$?
	sleep 2
	[ $RETVAL = 0 ] && touch ${LOCKFILE}
	echo
	return $RETVAL
	}

	stop() {
	echo -n $"Stopping ${NAME}: "
	killproc -p ${PID_FILE} $JAVA
	RETVAL=$?
	[ $RETVAL = 0 ] && rm -f ${PID_FILE} && rm -f ${LOCKFILE}
	echo
	return $RETVAL
	}

	case "$1" in
	start)
	start
	;;
	stop)
	stop
	;;
	status)
	status -p ${PID_FILE} $NAME
	RETVAL=$?
	;;
	restart\|force-reload)
	stop
	start
	;;
	*)
	N=/etc/init.d/${NAME}
	echo "Usage: $N {start\|stop\|status\|restart\|force-reload}" >&2
	RETVAL=2
	;;
	esac

	exit $RETVAL
	```

	- vi /usr/share/graylog2-server/bin/graylog2

	```
	#!/bin/bash

	PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
	NAME=graylog2-server
	JAR_FILE=/usr/share/graylog2-server/graylog2-server.jar
	JAVA=/usr/bin/java
	PID_DIR=/var/run/graylog2-server
	PID_FILE=$PID_DIR/$NAME.pid
	JAVA_ARGS="-Djava.library.path=/usr/share/graylog2-server/lib/sigar -Dlog4j.configuration=file:///etc/graylog2/server/log4j.xml -jar $JAR_FILE -p $PID_FILE -f /etc/graylog2/server/server.conf"
	GRAYLOG_SERVER_USER=graylog2
	GRAYLOG_SERVER_JAVA_OPTS=""

	# Pull in sysconfig settings
	[ -f /etc/sysconfig/${NAME} ] && . /etc/sysconfig/${NAME}

	$GRAYLOG_COMMAND_WRAPPER $JAVA $GRAYLOG_SERVER_JAVA_OPTS $JAVA_ARGS $GRAYLOG_SERVER_ARGS &
	```

	- chmod 0755 /usr/share/graylog2-server/bin/graylog2
	- chmod 0755 /etc/init.d/graylog2-server
	- install -d -o "graylog2" -g "graylog2" -m 0755 "/etc/graylog2/server"
	- cp /usr/share/graylog2-server/graylog2.conf.example /etc/graylog2/server/server.conf
	- vi /etc/graylog2/server/server.conf
	node_id_file = /etc/graylog2/server/node-id
	password_secret = BYUse9d4Y6M8Il8lKFTunT36pBCN8TeR9uvDb9jrU3yaoydhVCqErfXTI3tZpawZipXzcxQbXnSNaVwDzNghc28XHqdofnko
	root_password_sha2 = 8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
	plugin_dir = /usr/share/graylog2-server/plugin
	elasticsearch_discovery_zen_ping_unicast_hosts = <main ip address>:9300
	message_cache_spool_dir = /var/lib/graylog2-server/spool

	- uuidgen > /etc/graylog2/server/node-id
	- vi /etc/graylog2/server/log4j.xml

	```
	<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE log4j:configuration PUBLIC "-//APACHE//DTD LOG4J 1.2//EN" "log4j.dtd">
	<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">

	<!-- Appenders -->
	<appender name="fileAppender" class="org.apache.log4j.RollingFileAppender">
	<param name="append" value="true"/>
	<param name="file" value="/var/log/graylog2-server/server.log"/>
	<param name="MaxFileSize" value="10MB"/>
	<param name="MaxBackupIndex" value="10"/>
	<layout class="org.apache.log4j.PatternLayout">
	<param name="ConversionPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX} %-5p [%c{1}] %m%n"/>
	</layout>
	</appender>

	<!-- Application Loggers -->
	<logger name="org.graylog2">
	<level value="warn"/>
	</logger>
	<!-- this emits a harmless warning for ActiveDirectory every time which we can't work around :( -->
	<logger name="org.apache.directory.api.ldap.model.message.BindRequestImpl">
	<level value="error"/>
	</logger>
	<!-- Root Logger -->
	<root>
	<priority value="warn"/>
	<appender-ref ref="fileAppender"/>
	</root>

	</log4j:configuration>
	```

	- chkconfig --add graylog2-server
	- /etc/init.d/graylog2-server start