On Debian 13:
sudo apt update
sudo apt install -y openjdk-17-jdk
On RHEL 10:
sudo dnf install -y java-17-openjdk
Verify installation:
java -version
cd /opt
wget https://github.com/riemann/riemann/releases/download/0.15.2/riemann_0.15.2_all.deb # Debian
# or
wget https://github.com/riemann/riemann/releases/download/0.15.2/riemann-0.15.2.tar.gz # Universal
sudo dpkg -i riemann_0.15.2_all.deb
cd /opt
tar -xzf riemann-0.15.2.tar.gz
sudo mv riemann-0.15.2 /opt/riemann
sudo ln -s /opt/riemann/bin/riemann /usr/local/bin/riemann
Create configuration directory:
sudo mkdir -p /etc/riemann
Create configuration file:
sudo tee /etc/riemann/riemann.config >/dev/null <<'EOF'
(let [host "0.0.0.0"]
(tcp-server {:host host})
(udp-server {:host host})
(ws-server {:host host})
(streams
(with :ttl 60
(index))
(where (service #"^cpu")
(email "admin@example.com"))
(where (and (service "disk")
(metric-float-gt 0.9))
(email "admin@example.com" :subject "Disk space critical"))
(where (state "critical")
(slack :channel "#alerts"
:username "Riemann"
:icon ":warning:"
:webhook-url "https://hooks.slack.com/services/YOUR/WEBHOOK/URL"))))
EOF
sudo tee /etc/systemd/system/riemann.service >/dev/null <<'EOF'
[Unit]
Description=Riemann Event Stream Processor
After=network.target
[Service]
Type=simple
User=root
Group=root
Environment="RIEMANN_CONFIG=/etc/riemann/riemann.config"
Environment="JAVA_OPTS=-Xmx512m -Xms256m"
ExecStart=/opt/riemann/bin/riemann start
ExecStop=/opt/riemann/bin/riemann stop
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
Enable and start:
sudo systemctl daemon-reload
sudo systemctl enable --now riemann
On UFW:
sudo ufw allow 5555/tcp
sudo ufw allow 5555/udp
sudo ufw allow 5556/tcp
On firewalld:
sudo firewall-cmd --permanent --add-port=5555/tcp
sudo firewall-cmd --permanent --add-port=5555/udp
sudo firewall-cmd --permanent --add-port=5556/tcp
sudo firewall-cmd --reload
Check Riemann status:
sudo systemctl status riemann
Test connection:
/opt/riemann/bin/riemann query localhost 'true'
gem install riemann-client
pip install riemann-client
Using Ruby:
require 'riemann/client'
c = Riemann::Client.new
c << {
:host => "test-server",
:service => "test-service",
:state => "ok",
:metric => 1.0,
:description => "Test event"
}
Using Python:
from riemann.client import RiemannClient
client = RiemannClient('localhost', 5555)
client.event(
host='test-server',
service='test-service',
state='ok',
metric_f=1.0,
description='Test event'
)
Edit /etc/riemann/riemann.config:
(streams
; Index all events
(index)
; Alert on high CPU
(where (and (host "webserver")
(service "cpu")
(metric-float-gt 0.9))
(email "ops@example.com"))
; Log all events to file
(io/file "/var/log/riemann/events.log")
; Forward to ElasticSearch
(elastic-search {:host "localhost"
:port 9300
:index-prefix "riemann"}))
Restart Riemann:
sudo systemctl restart riemann
Use Riemann as a data source for Grafana by forwarding events to:
Example InfluxDB forwarding:
(require 'riemann.influxdb)
(streams
(riemann.influxdb/influxdb-client
{:host "localhost"
:port 8086
:db "riemann"}
(riemann.influxdb/stream)))
Riemann includes a simple dashboard:
/opt/riemann/bin/riemann dash
Or use third-party dashboards like:
See Riemann Hardening.
Need professional assistance with your monitoring infrastructure? Our team provides:
Get in touch: office@linux-server-admin.com | Contact Page
Prefer automation? See Riemann Ansible Setup for an example playbook.
Prefer containers? See Riemann Docker Setup.
See Riemann Configuration for configuration guidance.
See Riemann Security for hardening guidance.