Hamsa K
Editor
7 min read | 1 month ago

How to Install Graylog on Ubuntu 20 04

Install Graylog on ubuntu 20.04

Graylog is a free and open-source powerful centralized log management tool based on Elasticsearch and MongoDB.It helps you monitor, search and analyze the vast amount of data,into a simple format that you can easily read and digest. it helps you to collect, index and analyze any machine logs centrally.

Step 1: update packages and install Java

First we will update your system packages with following commands.

sudo apt update
sudo apt install apt-transport-https pwgen
sudo apt install openjdk-11-jre-headless

once java is installed check version

root@ubuntu20:~# java -version

sample output:

openjdk version "11.0.8" 2020-07-14
OpenJDK Runtime Environment (build 11.0.8+10-post-Ubuntu-0ubuntu120.04)
OpenJDK 64-Bit Server VM (build 11.0.8+10-post-Ubuntu-0ubuntu120.04, mixed mode, sharing)

Step 2: Install Elasticsearch

To import the repository’s GPG key, run below command.

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

next, add the Elasticsearch repository to the system

sh -c 'echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" > /etc/apt/sources.list.d/elastic-7.x.list'

Now update the repository using apt and install elasticsearch 

apt update
apt install elasticsearch

To start service and enable the service to start on boot, run below commands.

systemctl daemon-reload
systemctl start elasticsearch.service
systemctl enable elasticsearch.service

Edit the Elasticsearch configuration file to set the cluster name for Graylog

nano /etc/elasticsearch/elasticsearch.yml

change below settings.

cluster.name: graylog
network.host: 127.0.0.1

save the file and exit. Now restart the service as shown below.

systemctl restart elasticsearch.service
systemctl status elasticsearch.service

To verify that Elasticsearch is running, run below command by using curl

curl -X GET "localhost:9200/"

Step 3: Install Mongodb

Mongodb is database to store graylog configuration. you can install it with apt repo as shown below.

apt update 
apt install mongodb-server

once mongodb is installed,start MongoDB service and enable it to start on boot.

systemctl start mongod
systemctl enable mongod
systemctl status mongod

Step 4: Install graylog server

Graylog is not available in default repository,you need to download and install the repository and then install graylog.

wget https://packages.graylog2.org/repo/packages/graylog-3.3-repository_latest.deb
dpkg -i graylog-3.3-repository_latest.deb

once repository is installed, update repo cache and install graylog

apt update
apt install graylog-server

once graylog was installed, you have to generate a secret key for Graylog 

pwgen -N 1 -s 96

sample output:

root@ubuntu20:~# pwgen -N 1 -s 96
SJTXJBRH0LPKKSqgIz5gVONluMSA10I7e5qHerFYUAkYUeI7w6zqnF1cCI6QlNApFyP2MSFYbGc8i8EP8FzfPSreAAZjUMUf

Now, generate a hash (sha256) password for the root user(graylog admin password) as shown below.

echo -n Password | sha256sum

Replace Password with your own admin password.

sample output:

root@ubuntu20:~# echo -n Password | sha256sum
e7cf3ef4f17c3999a94f2c6f612e8a888e5b1026878e4e19398b23bd38ec221a  

Next,edit the server.conf file

nano /etc/graylog/server/server.conf

then place secret key and hash password in conf file as shown below

password_secret = SJTXJBRH0LPKKSqgIz5gVONluMSA10I7e5qHerFYUAkYUeI7w6zqnF1cCI6QlNApFyP2MSFYbGc8i8EP8FzfPSreAAZjUMUf
root_password_sha2 = e7cf3ef4f17c3999a94f2c6f612e8a888e5b1026878e4e19398b23bd38ec221a

and edit http_bind_address line also to access webinterface.

http_bind_address = 192.168.0.123:9000

replace ip with your server ip address in above line.

If you want to access graylog server using public ip, then you edit below line.

http_external_uri = http://public_ip:9000

save file and exit. Now start andenable graylog service for auto start on reboot.

root@ubuntu20:~# systemctl daemon-reload
root@ubuntu20:~# systemctl start graylog-server
root@ubuntu20:~# systemctl enable graylog-server

Step 5: Access webinterface

graylg webinterface will listen on port 9000 default.open your favourite browser and navigate to http://ip_address:9000 



Warning! This site uses cookies
By continuing to browse the site, you are agreeing to our use of cookies. Read our terms and privacy policy