DebianDebian Based

How To Install Graylog on Debian 12

Install Graylog on Debian 12

In this tutorial, we will show you how to install Graylog on Debian 12. Log management and analysis are paramount in today’s data-driven world. Managing logs efficiently helps organizations gain valuable insights and improve security. Graylog, a powerful open-source log management platform, provides an ideal solution for aggregating, processing and visualizing log data.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Graylog on a Debian 12 (Bookworm).

Prerequisites

  • A server running one of the following operating systems: Debian 12 (Bookworm).
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • SSH access to the server (or just open Terminal if you’re on a desktop).
  • Make sure your Debian 12 system is connected to the internet. An active connection is essential for downloading the required packages and updates during the installation.
  • A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install Graylog on Debian 12 Bookworm

Step 1. Begin by ensuring you have the latest version of Graylog. To do this, update your package list with the following command:

sudo apt update
sudo apt upgrade

This command updates the list of available packages, ensuring that you have the latest information about software packages and their versions.

Step 2. Installing Necessary Packages and Dependencies.

Graylog relies on specific packages and dependencies that need to be installed. Execute the following commands to install them:

sudo apt install apt-transport-https openjdk-11-jre-headless uuid-runtime pwgen

Step 3. Installing Elasticsearch.

To ensure the authenticity of the Elasticsearch packages, add their GPG key to your system:

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg

Integrate the Elasticsearch APT repository into your package manager:

echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list

Now, install Elasticsearch:

sudo apt update
sudo apt install elasticsearch=7.10.2

Configure Elasticsearch to start automatically on boot and start the service:

sudo systemctl enable elasticsearch
sudo systemctl start elasticsearch

Step 4. Installing MongoDB.

Similar to Elasticsearch, we need to add the MongoDB APT repository:

wget -qO - https://www.mongodb.org/static/pgp/server-6.0.asc | sudo apt-key add -
echo "deb http://repo.mongodb.org/apt/debian bullseye/mongodb-org/6.0 main" | sudo tee /etc/apt/sources.list.d/mongodb-org-6.0.list

Install MongoDB with the following command:

sudo apt update
sudo apt install mongodb-org

Start and enable MongoDB to ensure it runs on system boot:

sudo systemctl enable mongod
sudo systemctl start mongod

You need to create a user for Graylog in MongoDB to allow Graylog to access the database. Execute the following commands:

mongo

This will open the MongoDB shell. Inside the shell, create a user and database for Graylog:

use graylog
db.createUser(
{
user: "graylog",
pwd: "your-strong-password",
roles: [ "readWrite", "dbAdmin" ]
}
)

Replace "your-strong-password" with a secure password of your choice.

Step 5. Installing Graylog on Debian 12.

Now, add the Graylog APT repository to your system:

wget https://packages.graylog2.org/repo/packages/graylog-5.1-repository_latest.deb
sudo dpkg -i graylog-5.1-repository_latest.deb
sudo apt update

Install the Graylog server:

sudo apt install graylog-server

Next, edit the Graylog configuration file to set the password secret:

sudo nano /etc/graylog/server/server.conf

Locate the following line:

password_secret = your-secret-password

Replace "your-secret-password" with a strong, random password. Save the file.

After that, generate a secret key for securing user sessions:

pwgen -N 1 -s 96

Copy the generated key and add it to the configuration file:

sudo nano /etc/graylog/server/server.conf

Find the line:

secret_key = your-secret-key

Copy the generated key; you’ll need it in the Graylog web interface.

Now that Graylog is installed and configured, let’s start the services.

sudo systemctl enable graylog-server
sudo systemctl start graylog-server

Step 6. Accessing the Graylog Web Interface.

Open a web browser and navigate to your server’s IP address or domain name on port 9000:

http://your-server-ip:9000

Log in with the default credentials:

  • Username: admin
  • Password: The password you set during Graylog installation.

Upon successful login, Graylog will prompt you to change the password for the admin user for security reasons. Follow the prompts to set a new password.

Congratulations! You have successfully installed Graylog. Thanks for using this tutorial to install the latest version of Graylog on Debian 12 Bookworm. For additional help or useful information, we recommend you check the official Graylog website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Back to top button