Install Graylog on ubuntu 20.04
Graylog is a free and open-source powerful centralized log management tool based on Elasticsearch and MongoDB.It helps you monitor, search and analyze the vast amount of data,into a simple format that you can easily read and digest. it helps you to collect, index and analyze any machine logs centrally.
Step 1: update packages and install Java
First we will update your system packages with following commands.
sudo apt update
sudo apt install apt-transport-https pwgen
sudo apt install openjdk-11-jre-headlessonce java is installed check version
root@ubuntu20:~# java -version
sample output:
openjdk version "11.0.8" 2020-07-14
OpenJDK Runtime Environment (build 11.0.8+10-post-Ubuntu-0ubuntu120.04)
OpenJDK 64-Bit Server VM (build 11.0.8+10-post-Ubuntu-0ubuntu120.04, mixed mode, sharing)Step 2: Install Elasticsearch
To import the repository’s GPG key, run below command.
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -next, add the Elasticsearch repository to the system
sh -c 'echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" > /etc/apt/sources.list.d/elastic-7.x.list'Now update the repository using apt and install elasticsearch
apt update
apt install elasticsearchTo start service and enable the service to start on boot, run below commands.
systemctl daemon-reload
systemctl start elasticsearch.service
systemctl enable elasticsearch.service
Edit the Elasticsearch configuration file to set the cluster name for Graylog
nano /etc/elasticsearch/elasticsearch.ymlchange below settings.
cluster.name: graylog
network.host: 127.0.0.1save the file and exit. Now restart the service as shown below.
systemctl restart elasticsearch.service
systemctl status elasticsearch.serviceTo verify that Elasticsearch is running, run below command by using curl
curl -X GET "localhost:9200/"Step 3: Install Mongodb
Mongodb is database to store graylog configuration. you can install it with apt repo as shown below.
apt update
apt install mongodb-serveronce mongodb is installed,start MongoDB service and enable it to start on boot.
systemctl start mongod
systemctl enable mongod
systemctl status mongodStep 4: Install graylog server
Graylog is not available in default repository,you need to download and install the repository and then install graylog.
wget https://packages.graylog2.org/repo/packages/graylog-3.3-repository_latest.deb
dpkg -i graylog-3.3-repository_latest.debonce repository is installed, update repo cache and install graylog
apt update
apt install graylog-serveronce graylog was installed, you have to generate a secret key for Graylog
pwgen -N 1 -s 96sample output:
root@ubuntu20:~# pwgen -N 1 -s 96
SJTXJBRH0LPKKSqgIz5gVONluMSA10I7e5qHerFYUAkYUeI7w6zqnF1cCI6QlNApFyP2MSFYbGc8i8EP8FzfPSreAAZjUMUfNow, generate a hash (sha256) password for the root user(graylog admin password) as shown below.
echo -n Password | sha256sumReplace Password with your own admin password.
sample output:
root@ubuntu20:~# echo -n Password | sha256sum
e7cf3ef4f17c3999a94f2c6f612e8a888e5b1026878e4e19398b23bd38ec221a
Next,edit the server.conf file
nano /etc/graylog/server/server.confthen place secret key and hash password in conf file as shown below
password_secret = SJTXJBRH0LPKKSqgIz5gVONluMSA10I7e5qHerFYUAkYUeI7w6zqnF1cCI6QlNApFyP2MSFYbGc8i8EP8FzfPSreAAZjUMUf
root_password_sha2 = e7cf3ef4f17c3999a94f2c6f612e8a888e5b1026878e4e19398b23bd38ec221a
and edit http_bind_address line also to access webinterface.
http_bind_address = 192.168.0.123:9000replace ip with your server ip address in above line.
If you want to access graylog server using public ip, then you edit below line.
http_external_uri = http://public_ip:9000save file and exit. Now start andenable graylog service for auto start on reboot.
root@ubuntu20:~# systemctl daemon-reload
root@ubuntu20:~# systemctl start graylog-server
root@ubuntu20:~# systemctl enable graylog-serverStep 5: Access webinterface
graylg webinterface will listen on port 9000 default.open your favourite browser and navigate to http://ip_address:9000
