vpnwall-services/install-graylog.sh

## install-graylog.sh
#!/bin/bash
sudo apt-get install apt-transport-https
wget https://packages.graylog2.org/repo/packages/graylog-3.0-repository_latest.deb
sudo dpkg -i graylog-3.0-repository_latest.deb
sudo apt-get update
sudo apt-get install graylog-server

## rsyslog.conf
#  /etc/rsyslog.conf	Configuration file for rsyslog.
#
#			For more information see
#			/usr/share/doc/rsyslog-doc/html/rsyslog_conf.html


#################
#### MODULES ####
#################

$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog   # provides kernel logging support
#$ModLoad immark  # provides --MARK-- message capability

# provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514

# provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 1514


###########################
#### GLOBAL DIRECTIVES ####
###########################

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

#
# Set the default permissions for all log files.
#
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022

#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog

#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf


###############
#### RULES ####
###############

#
# First some standard log files.  Log by facility.
#
auth,authpriv.*			/var/log/auth.log
*.*;auth,authpriv.none		-/var/log/syslog
#cron.*				/var/log/cron.log
daemon.*			-/var/log/daemon.log
kern.*				-/var/log/kern.log
lpr.*				-/var/log/lpr.log
mail.*				-/var/log/mail.log
user.*				-/var/log/user.log

#
# Logging for the mail system.  Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info			-/var/log/mail.info
mail.warn			-/var/log/mail.warn
mail.err			/var/log/mail.err

#
# Logging for INN news system.
#
news.crit			/var/log/news/news.crit
news.err			/var/log/news/news.err
news.notice			-/var/log/news/news.notice

#
# Some "catch-all" log files.
#
*.=debug;\
	auth,authpriv.none;\
	news.none;mail.none	-/var/log/debug
*.=info;*.=notice;*.=warn;\
	auth,authpriv.none;\
	cron,daemon.none;\
	mail,news.none		-/var/log/messages

#
# Emergencies are sent to everybody logged in.
#
*.emerg				:omusrmsg:*

#
# I like to have messages displayed on the console, but only on a virtual
# console I usually leave idle.
#
#daemon,mail.*;\
#	news.=crit;news.=err;news.=notice;\
#	*.=debug;*.=info;\
#	*.=notice;*.=warn	/dev/tty8

# The named pipe /dev/xconsole is for the `xconsole' utility.  To use it,
# you must invoke `xconsole' with the `-file' option:
#
#    $ xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
#      busy site..
#
daemon.*;mail.*;\
	news.err;\
	*.=debug;*.=info;\
	*.=notice;*.=warn	|/dev/xconsole

*.* @@127.0.0.1:5140,RSYSLOG_SyslogProtocol123Format
	#!/bin/bash
	sudo apt-get install apt-transport-https
	wget https://packages.graylog2.org/repo/packages/graylog-3.0-repository_latest.deb
	sudo dpkg -i graylog-3.0-repository_latest.deb
	sudo apt-get update
	sudo apt-get install graylog-server
	# /etc/rsyslog.conf Configuration file for rsyslog.
	#
	# For more information see
	# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html


	#################
	#### MODULES ####
	#################

	$ModLoad imuxsock # provides support for local system logging
	$ModLoad imklog # provides kernel logging support
	#$ModLoad immark # provides --MARK-- message capability

	# provides UDP syslog reception
	#$ModLoad imudp
	#$UDPServerRun 514

	# provides TCP syslog reception
	$ModLoad imtcp
	$InputTCPServerRun 1514


	###########################
	#### GLOBAL DIRECTIVES ####
	###########################

	#
	# Use traditional timestamp format.
	# To enable high precision timestamps, comment out the following line.
	#
	$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

	#
	# Set the default permissions for all log files.
	#
	$FileOwner root
	$FileGroup adm
	$FileCreateMode 0640
	$DirCreateMode 0755
	$Umask 0022

	#
	# Where to place spool and state files
	#
	$WorkDirectory /var/spool/rsyslog

	#
	# Include all config files in /etc/rsyslog.d/
	#
	$IncludeConfig /etc/rsyslog.d/*.conf


	###############
	#### RULES ####
	###############

	#
	# First some standard log files. Log by facility.
	#
	auth,authpriv.* /var/log/auth.log
	.;auth,authpriv.none -/var/log/syslog
	#cron.* /var/log/cron.log
	daemon.* -/var/log/daemon.log
	kern.* -/var/log/kern.log
	lpr.* -/var/log/lpr.log
	mail.* -/var/log/mail.log
	user.* -/var/log/user.log

	#
	# Logging for the mail system. Split it up so that
	# it is easy to write scripts to parse these files.
	#
	mail.info -/var/log/mail.info
	mail.warn -/var/log/mail.warn
	mail.err /var/log/mail.err

	#
	# Logging for INN news system.
	#
	news.crit /var/log/news/news.crit
	news.err /var/log/news/news.err
	news.notice -/var/log/news/news.notice

	#
	# Some "catch-all" log files.
	#
	*.=debug;\
	auth,authpriv.none;\
	news.none;mail.none -/var/log/debug
	.=info;.=notice;*.=warn;\
	auth,authpriv.none;\
	cron,daemon.none;\
	mail,news.none -/var/log/messages

	#
	# Emergencies are sent to everybody logged in.
	#
	.emerg :omusrmsg:

	#
	# I like to have messages displayed on the console, but only on a virtual
	# console I usually leave idle.
	#
	#daemon,mail.*;\
	# news.=crit;news.=err;news.=notice;\
	# .=debug;.=info;\
	# .=notice;.=warn /dev/tty8

	# The named pipe /dev/xconsole is for the `xconsole' utility. To use it,
	# you must invoke `xconsole' with the `-file' option:
	#
	# $ xconsole -file /dev/xconsole [...]
	#
	# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
	# busy site..
	#
	daemon.;mail.;\
	news.err;\
	.=debug;.=info;\
	.=notice;.=warn \|/dev/xconsole

	. @@127.0.0.1:5140,RSYSLOG_SyslogProtocol123Format