How To Install Graylog on Debian 12
In this tutorial, we will show you how to install Graylog on Debian 12. Log management and analysis are paramount in today’s data-driven world. Managing logs efficiently helps organizations gain valuable insights and improve security. Graylog, a powerful open-source log management platform, provides an ideal solution for aggregating, processing and visualizing log data.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo
‘ to the commands to get root privileges. I will show you the step-by-step installation of the Graylog on a Debian 12 (Bookworm).
Prerequisites
- A server running one of the following operating systems: Debian 12 (Bookworm).
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- SSH access to the server (or just open Terminal if you’re on a desktop).
- Make sure your Debian 12 system is connected to the internet. An active connection is essential for downloading the required packages and updates during the installation.
- A
non-root sudo user
or access to theroot user
. We recommend acting as anon-root sudo user
, however, as you can harm your system if you’re not careful when acting as the root.
Install Graylog on Debian 12 Bookworm
Step 1. Begin by ensuring you have the latest version of Graylog. To do this, update your package list with the following command:
sudo apt update sudo apt upgrade
This command updates the list of available packages, ensuring that you have the latest information about software packages and their versions.
Step 2. Installing Necessary Packages and Dependencies.
Graylog relies on specific packages and dependencies that need to be installed. Execute the following commands to install them:
sudo apt install apt-transport-https openjdk-11-jre-headless uuid-runtime pwgen
Step 3. Installing Elasticsearch.
To ensure the authenticity of the Elasticsearch packages, add their GPG key to your system:
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg
Integrate the Elasticsearch APT repository into your package manager:
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list
Now, install Elasticsearch:
sudo apt update sudo apt install elasticsearch=7.10.2
Configure Elasticsearch to start automatically on boot and start the service:
sudo systemctl enable elasticsearch sudo systemctl start elasticsearch
Step 4. Installing MongoDB.
Similar to Elasticsearch, we need to add the MongoDB APT repository:
wget -qO - https://www.mongodb.org/static/pgp/server-6.0.asc | sudo apt-key add - echo "deb http://repo.mongodb.org/apt/debian bullseye/mongodb-org/6.0 main" | sudo tee /etc/apt/sources.list.d/mongodb-org-6.0.list
Install MongoDB with the following command:
sudo apt update sudo apt install mongodb-org
Start and enable MongoDB to ensure it runs on system boot:
sudo systemctl enable mongod sudo systemctl start mongod
You need to create a user for Graylog in MongoDB to allow Graylog to access the database. Execute the following commands:
mongo
This will open the MongoDB shell. Inside the shell, create a user and database for Graylog:
use graylog db.createUser( { user: "graylog", pwd: "your-strong-password", roles: [ "readWrite", "dbAdmin" ] } )
Replace "your-strong-password"
with a secure password of your choice.
Step 5. Installing Graylog on Debian 12.
Now, add the Graylog APT repository to your system:
wget https://packages.graylog2.org/repo/packages/graylog-5.1-repository_latest.deb sudo dpkg -i graylog-5.1-repository_latest.deb sudo apt update
Install the Graylog server:
sudo apt install graylog-server
Next, edit the Graylog configuration file to set the password secret:
sudo nano /etc/graylog/server/server.conf
Locate the following line:
password_secret = your-secret-password
Replace "your-secret-password"
with a strong, random password. Save the file.
After that, generate a secret key for securing user sessions:
pwgen -N 1 -s 96
Copy the generated key and add it to the configuration file:
sudo nano /etc/graylog/server/server.conf
Find the line:
secret_key = your-secret-key
Copy the generated key; you’ll need it in the Graylog web interface.
Now that Graylog is installed and configured, let’s start the services.
sudo systemctl enable graylog-server sudo systemctl start graylog-server
Step 6. Accessing the Graylog Web Interface.
Open a web browser and navigate to your server’s IP address or domain name on port 9000:
http://your-server-ip:9000
Log in with the default credentials:
- Username:
admin
- Password: The password you set during Graylog installation.
Upon successful login, Graylog will prompt you to change the password for the admin
user for security reasons. Follow the prompts to set a new password.
Congratulations! You have successfully installed Graylog. Thanks for using this tutorial to install the latest version of Graylog on Debian 12 Bookworm. For additional help or useful information, we recommend you check the official Graylog website.