In this tutorial we will show you how to install Graylog on Ubuntu 18.04 LTS. For those of you who didn’t know, Graylog is a free and open source powerful centralized log management tool based on Elasticsearch and MongoDB. Graylog helps you to collect, index and analyze any machine logs centrally.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo’ to the commands to get root privileges. I will show you through the step by step installation Graylog on an Ubuntu 18.04 (Bionic Beaver) server.
Install Graylog on Ubuntu 18.04 LTS Bionic Beaver
Step 1. First, make sure that all your system packages are up-to-date by running these following apt-get commands in the terminal.
1 2 | sudoaptupdate sudoaptupgrade |
Graylog is built using java, so it can technically run anywhere, however this may require you to install the Java Development Kit which contains the Runtime Environment too:
1 | sudoaptinstallapt-transport-httpsuuid-runtimepwgenopenjdk-8-jre-headless |
Now check the java version:
1 | java-version |
A stable version of MongoDB packages are already in the default Ubuntu repository. However, the version in Ubuntu’s repository isn’t the latest. If you want to install the latest version you must add a third-party repository to your system and install it from there:
1 | sudoapt-keyadv--keyserverhkp://keyserver.ubuntu.com:80 --recv 0C49F3730359A14518585931BC711F9BA15703C6 |
After adding the repository key to Ubuntu, run the commands below to add MongoDB repository to your system:
1 | echo"deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.4 multiverse"|sudotee/etc/apt/sources.list.d/mongodb-org-3.4.list |
After that, update your system and refresh existing repositories by running the commands below:
1 | aptupdate |
And now install the latest stable version of MongoDB:
1 | aptinstall-ymongodb-org |
First, install Elasticsearch using the apt package manager from the official Elastic repository:
1 2 3 | wget-qO-https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - echo"deb http://packages.elastic.co/elasticsearch/2.x/debian stable main"|sudotee-a/etc/apt/sources.list.d/elasticsearch-2.x.list apt-getupdate |
Then, install Elasticsearch with apt using the following command:
1 | apt-get-yinstallelasticsearch |
Start the Elasticsearch service and set it to automatically start on boot:
1 2 | systemctlrestartelasticsearch systemctlenableelasticsearch |
Once Elasticsearch is installed, you will need to modify the Elasticsearch main configuration file:
1 | nano/etc/elasticsearch/elasticsearch.yml |
Make the following changes:
1 2 3 4 5 6 7 8 | cluster.name:graylog network.host:127.0.0.1 discovery.zen.ping.timeout:10s discovery.zen.ping.multicast.enabled:false discovery.zen.ping.unicast.hosts:["127.0.0.1:9300"] script.inline:false script.indexed:false script.file:false |
After a few seconds, run the following to test that Elasticsearch is running properly:
1 | curl-XGEThttp://localhost:9200 |
Graylog is not available in the Ubuntu 18.04 default repository, you need to download and install the Graylog repository to your system:
1 2 | wgethttps://packages.graylog2.org/repo/packages/graylog-2.4-repository_latest.deb dpkg-igraylog-2.4-repository_latest.deb |
Update the package lists and install Graylog:
1 2 | apt-getupdate-y apt-getinstallgraylog-server-y |
After you have installed the Graylog Server, you have to generate secret key for Graylog using the following command:
1 2 | ### pwgen -N 1 -s 96 MTtPFSMZxAvoLsUiXXauggyJ761hwkGn1ZTN2ovb8wN2tO1LzyeNbaatOrpLukp96p0MxwHQosmMGPbmw46ojnnSORVvr2 |
Now create a hash password for the root user that can be used to log in to the Graylog web server using the following command:
1 2 | ### echo -n Password | sha256sum e7cf3ef4f17c3999a94f2c6f612e8bmwe46b1026878e4e19398b23cehedelicsec221a |
Edit the server.conf file:
1 | nano/etc/graylog/server/server.conf |
Make changes to the file as shown below:
1 2 3 4 5 6 7 8 9 | password_secret=MTtPFSMZxAvoLsUiXXauggyJ761hwkGn1ZTN2ovb8wN2tO1LzyeNbaatOrpLukp96p0MxwHQosmMGPborm1YRojnnSORVvr2 root_password_sha2=e7cf3ef4f17c3999a94f2c6f612e8bmwe46b1026878e4e19398b23cehedelicsec221a root_email=godet@idroot.us root_timezone=UTC elasticsearch_discovery_zen_ping_unicast_hosts=ipaddress:9300 elasticsearch_shards=1 script.inline:false script.indexed:false script.file:false |
To enable the Graylog web interface, make changes to the file as shown below:
1 2 | rest_listen_uri=http://your-server-ip:12900/ web_listen_uri=http://your-server-ip:9000/ |
After you have modified the configuration file, you can start Graylog Service using the following commands:
1 2 | systemctlenablegraylog-server systemctlrestartgraylog-server |
Graylog will be available on HTTP port 8080 by default. Open your favorite browser and navigate to http://yourdomain.com:9000 or http://server-ip:9000 and complete the required the steps to finish the installation.
Congratulation’s! You have successfully installed Graylog. Thanks for using this tutorial for installing Graylog on Ubuntu 18.04 LTS system. For additional help or useful information, we recommend you to check the official Graylog web site.