In this tutorial, we will show you how to install Graylog on your Debian 9 server. For those of you who didn’t know, Graylog is a free and open-source powerful centralized log management tool based on Elasticsearch and MongoDB. Graylog helps you to collect, index, and analyze any machine logs centrally.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of Graylog on a Debian 9 (Stretch) server.
Prerequisites
- A server running one of the following operating systems: Debian 9 (Stretch).
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- SSH access to the server (or just open Terminal if you’re on a desktop).
- A
non-root sudo useror access to theroot user. We recommend acting as anon-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.
Install Graylog on Debian 9
Step 1. Before we install any software, it’s important to make sure your system is up to date by running the following apt-get commands in the terminal:
apt-get update apt-get upgrade
Step 2. Installing Dependency.
Not all required dependencies are available in Debian 9 standard repository, so you will need to add Debian Backports to the list of package sources:
echo "deb http://ftp.debian.org/debian jessie-backports main" > /etc/apt/sour0es.list.d/backports.list
Save the file when you are finished, then update your system with the following command:
apt-get update -y apt-get upgrade -y
Step 3. Installing Java.
Both Graylog and Elasticsearch are Java-based, so you will need to install the latest version of Java on your system:
apt-get install openjdk-8-jre-headless -y
Now check the java version:
java -version
Step 4. Installing MongoDB.
Graylog uses MongoDB to store its configuration and meta information. It can be installed directly through the MongoDB repository:
apt-get install mongodb-server -y
Start the MongoDB service and enable it to start on boot with the following command:
systemctl start mongod systemctl enable mongod
Step 5. Installing Elasticsearch.
Elasticsearch is one of the main components which requires Graylog to run, Let’s install Elasticsearch. First, download and install the GPG signing key:
wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | apt-key add -
Add the Elasticsearch repository to apt:
echo "deb https://packages.elastic.co/elasticsearch/2.x/debian stable main" | tee -a /etc/apt/sources.list.d/elasticsearch-2.x.list
After the system finishes updating, install Elasticsearch:
apt-get update -y apt-get install elasticsearch -y
Start the Elasticsearch service and enable it to start on boot time with the following command:
systemctl start elasticsearch systemctl enable elasticsearch
Once Elasticsearch is installed, you will need to modify the Elasticsearch main configuration file:
nano /etc/elasticsearch/elasticsearch.yml
Make the following changes:
cluster.name: graylog network.host: 127.0.0.1 discovery.zen.ping.timeout: 10s discovery.zen.ping.multicast.enabled: false discovery.zen.ping.unicast.hosts: ["127.0.0.1:9300"] script.inline: false script.indexed: false script.file: false
After a few seconds, run the following to test that Elasticsearch is running properly:
curl -X GET http://localhost:9200
Step 6. Installing Graylog.
Graylog is not available in the Debian 9 default repository, you need to download and install the Graylog repository to your system:
wget https://packages.graylog2.org/repo/packages/graylog-2.2-repository_latest.deb dpkg -i graylog-2.2-repository_latest.deb
Update the package lists and install Graylog:
apt-get update -y apt-get install graylog-server -y
After you have installed the Graylog Server, you have to generate a secret key for Graylog using the following command:
### pwgen -N 1 -s 96 MTtPFSMZxAvoLsUiXXauggyJ761hwkGn1ZTN2ovb8wN2tO1LzyeNbaatOrpLukp96p0MxwHQosmMGPbmw46ojnnSORVvr2
Now create a hash password for the root user that can be used to log in to the Graylog web server using the following command:
### echo -n Password | sha256sum e7cf3ef4f17c3999a94f2c6f612e8bmwe46b1026878e4e19398b23cehedelicsec221a
Edit the server.conf file:
nano /etc/graylog/server/server.conf
Make changes to the file as shown below:
password_secret= MTtPFSMZxAvoLsUiXXauggyJ761hwkGn1ZTN2ovb8wN2tO1LzyeNbaatOrpLukp96p0MxwHQosmMGPborm1YRojnnSORVvr2 root_password_sha2= e7cf3ef4f17c3999a94f2c6f612e8bmwe46b1026878e4e19398b23cehedelicsec221a root_email=godet@idroot.us root_timezone=UTC elasticsearch_discovery_zen_ping_unicast_hosts = ipaddress:9300 elasticsearch_shards=1 script.inline: false script.indexed: false script.file: false
To enable the Graylog web interface, make changes to the file as shown below:
rest_listen_uri = http://your-server-ip:12900/ web_listen_uri = http://your-server-ip:9000/
After you have modified the configuration file, you can start Graylog Service using the following commands:
systemctl enable graylog-server systemctl restart graylog-server
Step 6. Accessing Graylog.
Graylog will be available on HTTP port 8080 by default. Open your favorite browser and navigate to http://your-domain.com:9000 or http://your-server-ip:9000 and complete the required steps to finish the installation.
Congratulations! You have successfully installed Graylog. Thanks for using this tutorial for installing Graylog on Debian 9 Stretch system. For additional help or useful information, we recommend you check the official Graylog website.
