Graylog is a free and open-source log management platform used to collect, index, and analyze logs from various sources. In this tutorial, we will guide you through the installation and configuration of Graylog on Ubuntu Server Latest.
Before starting the installation process, you need to ensure that your server meets the following requirements:
Before starting the installation process, you need to ensure that your server is up to date.
sudo apt update
sudo apt upgrade
Graylog requires Java as a dependency to run. We will install Java OpenJDK 11 using the following command.
sudo apt install -y openjdk-11-jre-headless
Once the installation is complete, verify the installation using the following command.
java -version
The output should show the version of Java installed, e.g., openjdk version "11.0.12" 2021-07-20.
Graylog requires a MongoDB database to store its data. We will install MongoDB using the following command.
sudo apt install -y mongodb
To start the MongoDB service, use the following command.
sudo systemctl start mongodb
Graylog requires Elasticsearch to execute searches and indexing. We will install Elasticsearch using the following commands.
First, install the GPG key and add the Elasticsearch repository.
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
Next, install Elasticsearch using the following command.
sudo apt install -y elasticsearch
To start the Elasticsearch service, use the following command.
sudo systemctl start elasticsearch
We will install the Graylog repository and its dependencies.
First, install the GPG key and add the Graylog repository.
wget -qO - https://packages.graylog2.org/repo/packages.graylog.io/app/signing-key/pubkey.gpg | sudo apt-key add -
echo 'deb https://packages.graylog2.org/repo/debian graylog-4.2 stable' | sudo tee -a /etc/apt/sources.list.d/graylog-4.2.list
Next, update the repository list and install Graylog using the following commands.
sudo apt update
sudo apt install -y graylog-server
We will configure Graylog to start at boot and change the default password.
Edit the Graylog service file.
sudo nano /lib/systemd/system/graylog-server.service
Add the following line at the end of the [Service] section.
Environment=GRAYLOG_PASSWORD_SECRET=your_password_secret
Replace your_password_secret with any secret string.
To start Graylog at boot, reload the systemctl daemon and start the service.
sudo systemctl daemon-reload
sudo systemctl enable graylog-server
sudo systemctl start graylog-server
You can access Graylog by opening your preferred web browser and go to http://your_server_ip:9000. You should see the Graylog login page.
The default username and password are admin and admin.
Congratulations, you have successfully installed Graylog on Ubuntu Server Latest. You can now manage your logs from various sources effectively.
If you want to self-host in an easy, hands free way, need an external IP address, or simply want your data in your own hands, give IPv6.rs a try!
