Skip to content
No description, website, or topics provided.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md
asa-pipeline
asa-pipeline2
maltrail.pipeline
sagan.pipeline

README.md

graylog

Creating SSL certificate for graylog 2

#Step 1 change the default password for Java CAcert store. Default password is changeit

If you have oracle java installed use the second line. If you have openjdk then use the first.

open java cacert store

sudo keytool -storepasswd -keystore /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/cacerts

oracle java cacert store

sudo keytool -storepasswd -keystore /usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts

#Step 2 Generate Certs for Graylog

keytool -genkey -alias dns.name.of.server -keyalg RSA -validity 365 -keystore keystore.jks

openssl req -x509 -days 365 -nodes -newkey rsa:2048 -keyout pkcs5-plain.pem -out cert.pem

openssl pkcs8 -in pkcs5-plain.pem -topk8 -nocrypt -out pkcs8-plain.pem

openssl pkcs8 -in pkcs5-plain.pem -topk8 -v2 des3 -out pkcs8-encrypted.pem -passout pass:'password'

keytool -list -v -keystore keystore.jks -alias dns.name.of.server

keytool -importkeystore -srckeystore keystore.jks -destkeystore keystore.p12 -deststoretype PKCS12

openssl pkcs12 -in keystore.p12 -nokeys -out graylog-certificate.pem

openssl pkcs12 -in keystore.p12 -nocerts -out graylog-pkcs5.pem

openssl pkcs8 -in graylog-pkcs5.pem -topk8 -out graylog-key.pem

If you have oracle java use this line. The password it requests is the password you changed in step 1.

keytool -import -trustcacerts -file graylog-certificate.pem -alias dns.name.of.server -keystore /usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts

If you have openjdk use this line. The password it requests is the password you changed in step 1.

keytool -import -trustcacerts -file graylog-certificate.pem -alias dns.name.of.server -keystore /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/security/cacerts

#Step 3 Setup graylog server.conf and move certificates to graylog folder

move all *.pem, *.p12, and *.jks files to /etc/graylog and chown graylog:graylog -R /etc/graylog so that the graylog user has access to them.

edit /etc/graylog/server.conf

change rest_listen_uri = http://dns.name.of.server:9000/api/

rest_enable_tls = true

rest_tls_cert_file = /etc/graylog/graylog-certificate.pem

rest_tls_key_file = /etc/graylog/graylog-key.pem

rest_tls_key_password = password (this is the password you assigned your cert from step 2. -passout pass:)

web_enable_tls = true

web_listen_uri = http://dns.name.of.server:9000/

web_tls_cert_file = /etc/graylog/graylog-certificate.pem

web_tls_key_file = /etc/graylog/graylog-key.pem

web_tls_key_password = password (Same as rest_tls_key_password.)

#Step 4 restart graylog and tail -f /var/log/graylog/server.log

If all goes well open chrome and go to https://dns.name.of.server:9000 and you should be able to log in.

#Sagan.pipeline This is the pipeline rule regex for handling Sagan alerts coming into graylog.

#Maltrail.pipeline This is the pipeline rule regex for handling Maltrail alerts coming into graylog.

You can’t perform that action at this time.