DebianDebian Based

How To Install Graylog on Debian 12

Install Graylog on Debian 12

In this tutorial, we will show you how to install Graylog on Debian 12. Log management and analysis are paramount in today’s data-driven world. Managing logs efficiently helps organizations gain valuable insights and improve security. Graylog, a powerful open-source log management platform, provides an ideal solution for aggregating, processing and visualizing log data.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Graylog on a Debian 12 (Bookworm).


  • A server running one of the following operating systems: Debian 12 (Bookworm).
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • SSH access to the server (or just open Terminal if you’re on a desktop).
  • Make sure your Debian 12 system is connected to the internet. An active connection is essential for downloading the required packages and updates during the installation.
  • A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install Graylog on Debian 12 Bookworm

Step 1. Begin by ensuring you have the latest version of Graylog. To do this, update your package list with the following command:

sudo apt update
sudo apt upgrade

This command updates the list of available packages, ensuring that you have the latest information about software packages and their versions.

Step 2. Installing Necessary Packages and Dependencies.

Graylog relies on specific packages and dependencies that need to be installed. Execute the following commands to install them:

sudo apt install apt-transport-https openjdk-11-jre-headless uuid-runtime pwgen

Step 3. Installing Elasticsearch.

To ensure the authenticity of the Elasticsearch packages, add their GPG key to your system:

wget -qO - | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg

Integrate the Elasticsearch APT repository into your package manager:

echo "deb stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list

Now, install Elasticsearch:

sudo apt update
sudo apt install elasticsearch=7.10.2

Configure Elasticsearch to start automatically on boot and start the service:

sudo systemctl enable elasticsearch
sudo systemctl start elasticsearch

Step 4. Installing MongoDB.

Similar to Elasticsearch, we need to add the MongoDB APT repository:

wget -qO - | sudo apt-key add -
echo "deb bullseye/mongodb-org/6.0 main" | sudo tee /etc/apt/sources.list.d/mongodb-org-6.0.list

Install MongoDB with the following command:

sudo apt update
sudo apt install mongodb-org

Start and enable MongoDB to ensure it runs on system boot:

sudo systemctl enable mongod
sudo systemctl start mongod

You need to create a user for Graylog in MongoDB to allow Graylog to access the database. Execute the following commands:


This will open the MongoDB shell. Inside the shell, create a user and database for Graylog:

use graylog
user: "graylog",
pwd: "your-strong-password",
roles: [ "readWrite", "dbAdmin" ]

Replace "your-strong-password" with a secure password of your choice.

Step 5. Installing Graylog on Debian 12.

Now, add the Graylog APT repository to your system:

sudo dpkg -i graylog-5.1-repository_latest.deb
sudo apt update

Install the Graylog server:

sudo apt install graylog-server

Next, edit the Graylog configuration file to set the password secret:

sudo nano /etc/graylog/server/server.conf

Locate the following line:

password_secret = your-secret-password

Replace "your-secret-password" with a strong, random password. Save the file.

After that, generate a secret key for securing user sessions:

pwgen -N 1 -s 96

Copy the generated key and add it to the configuration file:

sudo nano /etc/graylog/server/server.conf

Find the line:

secret_key = your-secret-key

Copy the generated key; you’ll need it in the Graylog web interface.

Now that Graylog is installed and configured, let’s start the services.

sudo systemctl enable graylog-server
sudo systemctl start graylog-server

Step 6. Accessing the Graylog Web Interface.

Open a web browser and navigate to your server’s IP address or domain name on port 9000:


Log in with the default credentials:

  • Username: admin
  • Password: The password you set during Graylog installation.

Upon successful login, Graylog will prompt you to change the password for the admin user for security reasons. Follow the prompts to set a new password.

Congratulations! You have successfully installed Graylog. Thanks for using this tutorial to install the latest version of Graylog on Debian 12 Bookworm. For additional help or useful information, we recommend you check the official Graylog website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!


r00t is a seasoned Linux system administrator with a wealth of experience in the field. Known for his contributions to, r00t has authored numerous tutorials and guides, helping users navigate the complexities of Linux systems. His expertise spans across various Linux distributions, including Ubuntu, CentOS, and Debian. r00t's work is characterized by his ability to simplify complex concepts, making Linux more accessible to users of all skill levels. His dedication to the Linux community and his commitment to sharing knowledge makes him a respected figure in the field.
Back to top button