• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
WebSetNet

WebSetNet

Technology News

  • Technology News
    • Mobile
    • Games
  • Internet Marketing
  • System Admin
    • Windows
    • Linux
    • Mac & Apple
    • Website Scripts
      • Wordpress

How to Install and Configure Graylog Server on Ubuntu 16.04

August 5, 2020 by Martin6

 

Graylog is a free and open source, centralized log management tool based on MongoDB and Elasticsearch. Using Graylog you can easily collect and analyze your server logs.

Graylog is made up of three components Elasticsearch, MongoDB and Graylog server. Elasticsearch is used to store the logs and provide searching facilities. MongoDB stores the configuration and meta information. Graylog server collects the log messages from different inputs and provides a web interface for managing the logs.

In this tutorial we will guide you through the steps of installing Graylog on an Ubuntu 16.04 VPS

Prerequisites

Login to your VPS as user root

ssh [email protected]_ADDRESS

and update the system

apt-get update && apt-get upgrade

Install Java

We need Java installed on the server for the Graylog installation. It can be installed from the official ubuntu repo:

apt-get install openjdk-7-jre

check the version

java -version

openjdk version "1.8.0_131"
OpenJDK Runtime Environment (build 1.8.0_131-8u131-b11-2ubuntu1.16.04.3-b11)
OpenJDK 64-Bit Server VM (build 25.131-b11, mixed mode)

Install MongoDB

MongoDB cannot be installed from the Ubuntu repository, so we will have to add the MongoDB repository

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10
echo "deb http://repo.mongodb.org/apt/debian wheezy/mongodb-org/3.0 main" > /etc/apt/sources.list.d/mongodb-org-3.0.list
apt-get update

and run the following command to install MongoDB

apt-get install mongodb-org

Once installed, start MongoDB and enable it to start on boot

systemctl start mongod
systemctl enable mongod

Install Elasticsearch

Add the GPG key to the server:

wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

Now add the elasticsearch repository to sources list

apt-get install apt-transport-https
echo "deb https://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch-2.x.list

Update the package lists and install Elasticsearch

apt-get update && apt-get install elasticsearch

Once the installation is completed, modify the Elasticsearch configuration file, uncomment the ‘cluster.name’ name, and change it to ‘graylog’.

cluster.name: graylog

start Elastcisearch and enable it to start at boot time

systemctl start elasticsearch
systemctl enable elasticsearch

Install Graylog

Download and install Graylog repository

wget https://packages.graylog2.org/repo/packages/graylog-2.3-repository_latest.deb
dpkg -i graylog-2.3-repository_latest.deb

Update the package lists and install Graylog

apt-get update && apt-get install graylog-server

Next, we must specify ‘root_password_sha2’ password and secret key.

Run the following command to create your password ‘root_password_sha2’, which will be password for the ‘admin’ account

echo -n PASSWORD | sha256sum
0be64ae89ddd24e225434de95d501711339baeee18f009ba9b4369af27d30d60 -

Replace PASSWORD with an actual password

Create a sectret key using pwgen

apt-get install pwgen
pwgen -s 80 1
I2UqBbXDXcWkYTs2x7wCAPs7GDmLG4iB82AuAhhtB0ayegd5SAjlMxh1Il848Vyq5DP5Q5ZN8wJmWK4m

Edit the ‘/etc/graylog/server/server.conf’ file and insert the shasum of your desired password in the ‘root_password_sha2’ line and the secret key we created with pwgen in the ‘password_secret’ line

nano /etc/graylog/server/server.conf
root_password_sha2 = 0be64ae89ddd24e225434de95d501711339baeee18f009ba9b4369af27d30d60
password_secret = I2UqBbXDXcWkYTs2x7wCAPs7GDmLG4iB82AuAhhtB0ayegd5SAjlMxh1Il848Vyq5DP5Q5ZN8wJmWK4m

In the same ‘server.conf’ find the following lines and change ‘IP_ADDRESS’ with your server IP address

rest_listen_uri = http://IP_ADDRESS:9000/api/
web_listen_uri = http://IP_ADDRESS:9000/

Save the changes and restart Graylog

systemctl restart graylog-server

Check if Graylog is properly started

systemctl status graylog-server

If everything is OK, you will get the following output

● graylog-server.service - Graylog server
Loaded: loaded (/usr/lib/systemd/system/graylog-server.service; disabled; vendor preset: enabled)
Active: active (running) since Sat 2017-08-19 22:50:14 CDT; 54s ago
Docs: http://docs.graylog.org/
Main PID: 571 (graylog-server)
CGroup: /system.slice/graylog-server.service
├─571 /bin/sh /usr/share/graylog-server/bin/graylog-server
└─572 /usr/bin/java -Xms1g -Xmx1g -XX:NewRatio=1 -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThr

Finally, you should be able to access Graylog web interface at http://IP_ADDRESS:9000 and login with user ‘admin’ and the password we created as ‘root_password_sha2’.

Please check Graylog’s official documentation for more information on how to configure and use the application. http://docs.graylog.org/en/2.2/index.html

 

Source

Related posts:

  1. How to Monitor Log Files with Graylog2 on Debian 9
  2. How to Install Elastic Stack on CentOS 7
  3. How to Install MongoDB on Debian 9
  4. How to Install and Configure Wekan Trello-like Kanban on CentOS 7
  5. How to Install Wekan Trello-like Kanban on Ubuntu 16.04
  6. Elasticsearch and Kibana : installation and basic usage on Ubuntu 16.04
  7. How to Install NodeBB on Debian 9
  8. How to Install MongoDB on Ubuntu 16.04
  9. Rocket.Chat: How To Install The Messaging System on Debian 9
  10. How to Install and Configure the ELK Stack on Ubuntu 16.04

Filed Under: Uncategorized

Primary Sidebar

Trending

  • How to fix Windows Update Error 80244019
  • Windows 10 Update keeps failing with error 0x8007001f – 0x20006
  • How To Change Netflix Download Location In Windows 10
  • Troubleshoot Outlook “Not implemented” Unable to Send Email Error
  • How do I enable or disable Alt Gr key on Windows 10 keyboard
  • How To Install Android App APK on Samsung Tizen OS Device
  • 3 Ways To Open PST File Without Office Outlook In Windows 10
  • FIX: Windows Update error 0x800f0986
  • How to Retrieve Deleted Messages on Snapchat
  • Latest Samsung Galaxy Note 20 leak is a spec dump revealing key features
  • Install Android 7.0 Nougat ROM on Galaxy Core 2 SM-G355H
  • 192.168.1.1 Login, Admin Page, Username, Password | Wireless Router Settings
  • Websites to Watch Movies Online – 10+ Best Websites Without SignUp/Downloading
  • How to Backup SMS Messages on Your Android Smartphone
  • How to delete a blank page at the end of a Microsoft Word document
  • Fix: The Disc Image File Is Corrupted Error In Windows 10
  • Android 11 Custom ROM List – Unofficially Update Your Android Phone!
  • Samsung Galaxy Z Fold 3 could be scheduled for June 2021, with S Pen support

Footer

Tags

Amazon amazon prime amazon prime video Apple Application software epic games Galaxy Note 20 Galaxy S22 Plus Galaxy S22 Ultra Google Sheets headphones Huawei icloud Instagram instant gaming ip address iPhone iphone 12 iphone 13 iphone 13 pro max macOS Microsoft Microsoft Edge Mobile app office 365 outlook Pixel 6 Samsung Galaxy Samsung Galaxy Book 2 Pro 360 Samsung Galaxy Tab S8 Smartphone speedtest speed test teams tiktok Twitter vpn WhatsApp whatsapp web Windows 10 Windows 11 Changes Windows 11 Release Windows 11 Update Windows Subsystem For Android Windows 11 Xiaomi

Archives

  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org