In this tutorial, we will show you how to install Graylog on Debian 10. For those of you who didn’t know, Graylog is a free and open-source powerful centralized log management tool based on Elasticsearch and MongoDB. Graylog helps you to collect, index, and analyze any machine logs centrally.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of Graylog on a Debian 10 (Buster).
Prerequisites
- A server running one of the following operating systems: Debian 10 (Buster).
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- A
non-root sudo useror access to theroot user. We recommend acting as anon-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.
Install Graylog on Debian 10 Buster
Step 1. Before we install any software, it’s important to make sure your system is up to date by running the following apt commands in the terminal:
sudo apt update sudo apt upgrade
Step 2. Installing Java.
Graylog and Elasticsearch is a Java-based application. Run the following command to install Java:
sudo apt install apt-transport-https openjdk-8-jre-headless
Verify installed Java version:
java -version
Step 3. Installing MongoDB.
Before installing MongoDB, you have to prepare for install dependency:
sudo apt install dirmngr gnupg apt-transport-https software-properties-common ca-certificates curl
Next, Add the MongoDB GPG key to your system:
curl -fsSL https://www.mongodb.org/static/pgp/server-4.2.asc | sudo apt-key add -
Then, enable the MongoDB repository:
sudo add-apt-repository 'deb https://repo.mongodb.org/apt/debian buster/mongodb-org/4.2 main'
Once done, install the MongoDB packages using the apt command:
sudo apt update sudo apt install mongodb-org
Start the MongoDB service and enable it to start on boot with the following command:
sudo systemctl enable mongod.service sudo systemctl start mongod.service
Step 4. Installing Elasticsearch.
First, add the Elasticsearch repository:
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add -
Next, add the Elasticsearch repository to the system by issuing:
echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | tee -a /etc/apt/sources.list.d/elastic-6.x.list
Now run apt update then install Elasticsearch package on your Debian system:
sudo apt update sudo apt install elasticsearch
When the installation process is complete, start, and enable the service using the following commands:
sudo systemctl enable elasticsearch.service sudo systemctl start elasticsearch.service
Once done, make sure to modify the Elasticsearch configuration file (/etc/elasticsearch/elasticsearch.yml) and set the cluster name to Graylog additionally you need to uncomment:
nano /etc/elasticsearch/elasticsearch.yml
Make the following changes:
cluster.name: graylog action.auto_create_index: false
After you have modified the configuration, you can start Elasticsearch:
sudo systemctl restart elasticsearch.service
Step 5. Installing Graylog on Debian 10.
Download and Install the Graylog repository package:
wget https://packages.graylog2.org/repo/packages/graylog-3.0-repository_latest.deb sudo dpkg -i graylog-3.0-repository_latest.deb sudo apt update sudo apt install graylog-server
Once successfully installed, follow the instructions in your /etc/graylog/server/server.conf and add password_secret and root_password_sha2. These settings are mandatory and without them, Graylog will not start.
You need to use the following command to create your root_password_sha2:
echo -n "Enter Your Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
To be able to connect to Graylog you should set http_bind_address to the public hostname or a public IP address of the machine you can connect to. More information about these settings can be found in Configuring the web interface.
Finally, enable and restart Graylog services:
sudo systemctl enable graylog-server.service sudo systemctl start graylog-server.service
Step 6. Accessing Graylog.
Graylog will be available on HTTP port 8080 by default. Open your favorite browser and navigate to http://your-domain.com:9000 or http://server-ip-address:9000 and complete the required steps to finish the installation.
Congratulations! You have successfully installed Graylog. Thanks for using this tutorial for installing Graylog on Debian 10 Buster system. For additional help or useful information, we recommend you check the official Graylog website.
