Graylog2

Server deployment
# java
yum install java-1.8.0-openjdk-headless -y

# mongodb
cat << EOF >> /etc/yum.repos.d/mongodb-org-3.4.repo
[mongodb-org-3.4]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.4/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.4.asc
EOF

yum install mongodb-org -y
systemctl daemon-reload
systemctl enable mongod.service
systemctl start mongod.service

# elasticsearch 2
rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch

cat << EOF >> /etc/yum.repos.d/elasticsearch.repo
[elasticsearch-2.x]
name=Elasticsearch repository for 2.x packages
baseurl=https://packages.elastic.co/elasticsearch/2.x/centos
gpgcheck=1
gpgkey=https://packages.elastic.co/GPG-KEY-elasticsearch
enabled=1
EOF

yum install elasticsearch -y

echo cluster.name: graylog >> /etc/elasticsearch/elasticsearch.yml
systemctl daemon-reload
systemctl enable elasticsearch.service
systemctl restart elasticsearch.service

# graylog 
rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-2.2-repository_latest.rpm
yum install graylog-server pwgen -y

vi /etc/graylog/server/server.conf
# password_secret = pwgen -N 1 -s 96
# root_password_sha2 = echo -n yourpassword | sha256sum
# edit rest_listen_uri = http://127.0.0.1:9000/api/
# edit web_listen_uri

systemctl daemon-reload
systemctl enable graylog-server.service
systemctl start graylog-server.service

or Docker deployment
docker run --name mongo -d mongo:3
docker run --name elasticsearch -d elasticsearch:2 elasticsearch -Des.cluster.name="graylog"
docker run --name graylog --link mongo:mongo --link elasticsearch:elasticsearch -p 9000:9000 -p 12201:12201/udp -p 1514:1514/udp -e GRAYLOG_WEB_ENDPOINT_URI="https://graylog.host/api" -d graylog2/server
apache connection
# https://github.com/Graylog2/apache-mod_log_gelf

wget https://github.com/Graylog2/apache-mod_log_gelf/releases/download/0.2.0/libapache2-mod-gelf-0.2.0-1.x86_64.rpm
rpm -ivh libapache2-mod-gelf-0.2.0-1.x86_64.rpm

cat << EOF >> /etc/httpd/conf.modules.d/02-gelf.conf
 LoadModule log_gelf_module /usr/lib64/httpd/modules/mod_log_gelf.so
 GelfEnabled On
 GelfUrl "udp://graylog2-host:12201"
 GelfSource "app-httpd"
 GelfHeader "HTTP_CF_CONNECTING_IP"
 GelfFacility "apache-gelf"
 GelfCookie "tracking"
 GelfFields "ABDXhmsvRti"
EOF
syslog connection
echo *.* @graylog.host:1514 >> /etc/rsyslog.conf