How To Install Graylog on Ubuntu 18.04 LTS

Install Graylog on Ubuntu 18.04 LTS

In this tutorial, we will show you how to install Graylog on Ubuntu 18.04 LTS. For those of you who didn’t know, Graylog is a free and open-source powerful centralized log management tool based on Elasticsearch and MongoDB. Graylog helps you to collect, index, and analyze any machine logs centrally.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of Graylog on an Ubuntu 18.04 (Bionic Beaver) server.


  • A server running one of the following operating systems: Ubuntu 18.04 (Bionic Beaver).
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • SSH access to the server (or just open Terminal if you’re on a desktop).
  • A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install Graylog on Ubuntu 18.04 LTS Bionic Beaver

Step 1. First, make sure that all your system packages are up-to-date by running the following apt-get commands in the terminal.

sudo apt update
sudo apt upgrade

Step 2. Installing Java.

Graylog is built using Java, so it can technically run anywhere, however, this may require you to install the Java Development Kit which contains the Runtime Environment too:

sudo apt install apt-transport-https uuid-runtime pwgen openjdk-8-jre-headless

Now check the java version:

java -version

Step 3. Installing MongoDB.

A stable version of MongoDB packages is already in the default Ubuntu repository. However, the version in Ubuntu’s repository isn’t the latest. If you want to install the latest version you must add a third-party repository to your system and install it from there:

sudo apt-key adv --keyserver hkp:// --recv 0C49F3730359A14518585931BC711F9BA15703C6

After adding the repository key to Ubuntu, run the commands below to add the MongoDB repository to your system:

echo "deb trusty/mongodb-org/3.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.4.list

After that, update your system and refresh existing repositories by running the commands below:

apt update

And now install the latest stable version of MongoDB:

apt install -y mongodb-org

Step 4. Installing Elasticsearch.

First, install Elasticsearch using the apt package manager from the official Elastic repository:

wget -qO - | sudo apt-key add -
echo "deb stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch-2.x.list
apt-get update

Then, install Elasticsearch with apt using the following command:

apt-get -y install elasticsearch

Start the Elasticsearch service and set it to automatically start on boot:

systemctl restart elasticsearch
systemctl enable elasticsearch

Once Elasticsearch is installed, you will need to modify the Elasticsearch main configuration file:

nano /etc/elasticsearch/elasticsearch.yml

Make the following changes: graylog 10s false [""]
script.inline: false
script.indexed: false
script.file: false

After a few seconds, run the following to test that Elasticsearch is running properly:

curl -X GET http://localhost:9200

Step 5. Installing Graylog.

Graylog is not available in the Ubuntu 18.04 default repository, you need to download and install the Graylog repository to your system:

dpkg -i graylog-2.4-repository_latest.deb

Update the package lists and install Graylog:

apt-get update -y
apt-get install graylog-server -y

After you have installed the Graylog Server, you have to generate a secret key for Graylog using the following command:

### pwgen -N 1 -s 96 

Now create a hash password for the root user that can be used to log in to the Graylog web server using the following command:

### echo -n Password | sha256sum

Edit the server.conf file:

nano /etc/graylog/server/server.conf

Make changes to the file as shown below:

password_secret= MTtPFSMZxAvoLsUiXXauggyJ761hwkGn1ZTN2ovb8wN2tO1LzyeNbaatOrpLukp96p0MxwHQosmMGPborm1YRojnnSORVvr2
root_password_sha2= e7cf3ef4f17c3999a94f2c6f612e8bmwe46b1026878e4e19398b23cehedelicsec221a
elasticsearch_discovery_zen_ping_unicast_hosts = ipaddress:9300
script.inline: false
script.indexed: false
script.file: false

To enable the Graylog web interface, make changes to the file as shown below:

rest_listen_uri = http://your-server-ip:12900/
web_listen_uri = http://your-server-ip:9000/

After you have modified the configuration file, you can start Graylog Service using the following commands:

systemctl enable graylog-server
systemctl restart graylog-server

Step 6. Accessing Graylog.

Graylog will be available on HTTP port 8080 by default. Open your favorite browser and navigate to or http://server-ip:9000 and complete the required steps to finish the installation.

Install Graylog on Ubuntu 18.04 LTS

Congratulations! You have successfully installed Graylog. Thanks for using this tutorial for installing Graylog on Ubuntu 18.04 LTS system. For additional help or useful information, we recommend you check the official Graylog website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!


r00t is a seasoned Linux system administrator with a wealth of experience in the field. Known for his contributions to, r00t has authored numerous tutorials and guides, helping users navigate the complexities of Linux systems. His expertise spans across various Linux distributions, including Ubuntu, CentOS, and Debian. r00t's work is characterized by his ability to simplify complex concepts, making Linux more accessible to users of all skill levels. His dedication to the Linux community and his commitment to sharing knowledge makes him a respected figure in the field.
Back to top button