DebianLinuxTutorials

How To Install Graylog on Debian 10

r00t

Install Graylog on Debian 10

In this tutorial, we will show you how to install Graylog on Debian 10. For those of you who didn’t know, Graylog is a free and open-source powerful centralized log management tool based on Elasticsearch and MongoDB. Graylog helps you to collect, index, and analyze any machine logs centrally.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of Graylog on a Debian 10 (Buster).

Prerequisites

  • A server running one of the following operating systems: Debian 10 (Buster).
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install Graylog on Debian 10 Buster

Step 1. Before we install any software, it’s important to make sure your system is up to date by running the following apt commands in the terminal:

sudo apt update
sudo apt upgrade

Step 2. Installing Java.

Graylog and Elasticsearch is a Java-based application. Run the following command to install Java:

sudo apt install apt-transport-https openjdk-8-jre-headless

Verify installed Java version:

java -version

Step 3. Installing MongoDB.

Before installing MongoDB, you have to prepare for install dependency:

sudo apt install dirmngr gnupg apt-transport-https software-properties-common ca-certificates curl

Next, Add the MongoDB GPG key to your system:

curl -fsSL https://www.mongodb.org/static/pgp/server-4.2.asc | sudo apt-key add -

Then, enable the MongoDB repository:

sudo add-apt-repository 'deb https://repo.mongodb.org/apt/debian buster/mongodb-org/4.2 main'

Once done, install the MongoDB packages using the apt command:

sudo apt update
sudo apt install mongodb-org

Start the MongoDB service and enable it to start on boot with the following command:

sudo systemctl enable mongod.service
sudo systemctl start mongod.service

Step 4. Installing Elasticsearch.

First, add the Elasticsearch repository:

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add -

Next, add the Elasticsearch repository to the system by issuing:

echo "deb https://artifacts.elastic.co/packages/6.x/apt stable main" | tee -a /etc/apt/sources.list.d/elastic-6.x.list

Now run apt update then install Elasticsearch package on your Debian system:

sudo apt update
sudo apt install elasticsearch

When the installation process is complete, start, and enable the service using the following commands:

sudo systemctl enable elasticsearch.service
sudo systemctl start elasticsearch.service

Once done, make sure to modify the Elasticsearch configuration file (/etc/elasticsearch/elasticsearch.yml) and set the cluster name to Graylog additionally you need to uncomment:

nano /etc/elasticsearch/elasticsearch.yml

Make the following changes:

cluster.name: graylog
action.auto_create_index: false

After you have modified the configuration, you can start Elasticsearch:

sudo systemctl restart elasticsearch.service

Step 5. Installing Graylog on Debian 10.

Download and Install the Graylog repository package:

wget https://packages.graylog2.org/repo/packages/graylog-3.0-repository_latest.deb
sudo dpkg -i graylog-3.0-repository_latest.deb
sudo apt update
sudo apt install graylog-server

Once successfully installed, follow the instructions in your /etc/graylog/server/server.conf and add password_secret and root_password_sha2. These settings are mandatory and without them, Graylog will not start.

You need to use the following command to create your root_password_sha2:

echo -n "Enter Your Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1

To be able to connect to Graylog you should set http_bind_address to the public hostname or a public IP address of the machine you can connect to. More information about these settings can be found in Configuring the web interface.

Finally, enable and restart Graylog services:

sudo systemctl enable graylog-server.service
sudo systemctl start graylog-server.service

Step 6. Accessing Graylog.

Graylog will be available on HTTP port 8080 by default. Open your favorite browser and navigate to http://your-domain.com:9000 or http://server-ip-address:9000 and complete the required steps to finish the installation.

Install Graylog on Debian 10

Congratulations! You have successfully installed Graylog. Thanks for using this tutorial for installing Graylog on Debian 10 Buster system. For additional help or useful information, we recommend you check the official Graylog website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
Photo of r00t

r00t

r00t is a seasoned Linux system administrator with a wealth of experience in the field. Known for his contributions to idroot.us, r00t has authored numerous tutorials and guides, helping users navigate the complexities of Linux systems. His expertise spans across various Linux distributions, including Ubuntu, CentOS, and Debian. r00t's work is characterized by his ability to simplify complex concepts, making Linux more accessible to users of all skill levels. His dedication to the Linux community and his commitment to sharing knowledge makes him a respected figure in the field.
Copyright © 2024 idroot.us | All Rights Reserved.
Back to top button