Graylog is a free and open-source log management software that allows you to collect, index, and analyze any machine-generated data. In this tutorial, we will show you how to install Graylog on Elementary OS Latest.
Before you begin with this tutorial, ensure that you have the following:
Graylog requires Java 8 or later to be installed on your system. To install Java in Elementary OS, run the following command in your terminal:
sudo apt-get update
sudo apt-get install default-jre -y
Verify the installation by checking the Java version:
java -version
Graylog requires MongoDB to store its metadata and configurations. Run the following command to install MongoDB:
sudo apt-get install mongodb-server -y
After MongoDB has been installed, start the service and enable it to start on system boot:
sudo systemctl start mongodb
sudo systemctl enable mongodb
To verify that MongoDB is running, enter the following command:
sudo systemctl status mongodb
Graylog requires Elasticsearch for searching and indexing logs. Run the following command to install Elasticsearch:
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/oss-6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list
sudo apt-get update
sudo apt-get install elasticsearch-oss -y
After Elasticsearch has been installed, start the service and enable it to start on system boot:
sudo systemctl start elasticsearch
sudo systemctl enable elasticsearch
To verify that Elasticsearch is running, enter the following command:
sudo systemctl status elasticsearch
Now that Elasticsearch, MongoDB, and Java are installed and running on the system, we can proceed to install Graylog. Run the following commands to install Graylog:
wget https://packages.graylog2.org/repo/packages/graylog-3.3-repository_latest.deb
sudo dpkg -i graylog-3.3-repository_latest.deb
sudo apt-get update
sudo apt-get install graylog-server -y
After installing Graylog, we need to configure it to run correctly. Open the Graylog configuration file with your favorite text editor:
sudo nano /etc/graylog/server/server.conf
Change the following settings:
password_secret line and replace the generated random string with your own secret value.root_password_sha2 line and replace the generated random string with the SHA-256 hash of your desired password. You can generate the hash using the following command:echo -n yourpassword | sha256sum
elasticsearch_hosts parameter to http://127.0.0.1:9200.mongodb_uri parameter to mongodb://127.0.0.1/graylog.Save the file and exit.
After you have configured Graylog, start the Graylog service and enable it to start on system boot:
sudo systemctl start graylog-server
sudo systemctl enable graylog-server
To verify that Graylog is running, enter the following command:
sudo systemctl status graylog-server
If everything is working correctly, you should see a green status message in the terminal.
Now that everything is set up, you can access the Graylog web interface by opening a web browser and entering the following URL:
http://your_server_ip:9000
Replace your_server_ip with the IP address or hostname of your server.
You have successfully installed Graylog on Elementary OS and configured it to run properly. You can now start creating your inputs and streams to begin collecting and analyzing your logs.
If you want to self-host in an easy, hands free way, need an external IP address, or simply want your data in your own hands, give IPv6.rs a try!
Alternatively, for the best virtual desktop, try Shells!
