How to Install Graylog on Ubuntu 20.04

Install Graylog on Ubuntu 20.04

In this article, we will have explained the necessary steps to install and configure Graylog on Ubuntu 20.04 LTS. Before continuing with this tutorial, make sure you are logged in as a user with sudo privileges. All the commands in this tutorial should be run as a non-root user.

Graylog is an open-source log management tool that helps you to store and analyze any machine logs centrally. It contains three parts as Graylog server, Elasticsearch, and MongoDB.

Install Graylog on Ubuntu 20.04

Step 1. First, before you start installing any package on your Ubuntu server, we always recommend making sure that all system packages are updated.

sudo apt update
sudo apt upgrade

Step 2. Install Java on Ubuntu system.

  • Installing OpenJDK 14:

Run the following commands to install the OpenJDK 11 JDK package:

sudo apt install openjdk-14-jdk

Once the installation is complete, you can verify it by checking the Java version:

java -version
  • Installing OpenJDK 8:

Run the following commands to install the OpenJDK 8 JDK package:

sudo apt install openjdk-8-jdk

Verify the installation:

java -version

Step 3. Install Elasticsearch on Ubuntu system.

Now we add Elasticsearch GPG key:

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

After importing its GPG key, run the commands below to add its package repository:

sudo sh -c 'echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list

Once the repository is enabled, update the apt package list and install the Elasticsearch engine by typing:

sudo apt update
sudo apt install elasticsearch

Next, edit the Elasticsearch configuration file to set the cluster name for Graylog set up:

sudo nano /etc/elasticsearch/elasticsearch.yml

Set the cluster name as graylog, as shown below:

cluster.name: graylog
action.auto_create_index: false

After done, you can use the commands below to make sure it automatically starts up when the server boots up and start it:

sudo systemctl start elasticsearch.service
sudo systemctl enable elasticsearch.service

Elasticsearch listen to the port 9200. You can use the curl command to verify it:

curl -X GET http://localhost:9200

Step 4. Install MongoDB on Ubuntu system.

Import the repository’s GPG key and add the MongoDB repository with:

wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -
sudo add-apt-repository 'deb [arch=amd64] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse'

After that the repository is enabled, install the MongoDB using the apt command:

sudo apt install mongodb-org

Once the installation is completed, start the MongoDB daemon and enable it to start on boot by typing:

sudo systemctl start mongod
sudo systemctl enable mongod

Confirm the version of the MongoDB server:

mongod --version

Step 5. Install Graylog on Ubuntu system.

Run the following commands to add the repository of graylog and install it in Ubuntu 20.04:

wget https://packages.graylog2.org/repo/packages/graylog-3.3-repository_latest.deb
sudo dpkg -i graylog-3.3-repository_latest.deb
sudo apt update
sudo apt install graylog-server

You must set a secret to secure the user passwords. Use the pwgen command to generate the secret:

pwgen -N 1 -s 96

Output:

HRy1WNsMQIWF228SsbdQCnCsTmeilanamaria28UsZXI8PXqStx5DQe3PAmtpm8PNm6g8K44fVFNo4rantyratnaOyxGiSXvdhOXl8w

Then, Edit the server.conf file:

sudo nano /etc/graylog/server/server.conf

Paste the hash password generated above:

password_secret = HRy1WNsMQIWF228SsbdQCnCsTmeilanamaria28UsZXI8PXqStx5DQe3PAmtpm8PNm6g8K44fVFNo4rantyratnaOyxGiSXvdhOXl8w

Next step, generate a hash password for the admin user of graylog that can be used to log in to web interface:

echo -n password | sha256sum

Output:

5e884898da28pengen0e56f8dc6292773603d0d6aabbdd62a1kimpoid1542d8

Then, Edit the server.conf file:

sudo nano /etc/graylog/server/server.conf

Paste the hash password generated above:

root_password_sha2 = 5e884898da28pengen0e56f8dc6292773603d0d6aabbdd62a1kimpoid1542d8

Step 6. Setup Graylog Web Interface.

Now we enable the Graylog web interface by editing the server.conf file:

sudo nano /etc/graylog/server/server.conf

And replace the below line with your system IP:

http_bind_address = 192.168.0.10:9000

Finally start the graylog services by running below commands:

sudo systemctl daemon-reload
sudo systemctl start graylog-server
sudo systemctl enable graylog-server

Step 7. Accessing Graylog on Ubuntu 20.04.

Access the web interface at the http_bind_address with the username admin, and the password used to generate the hash for root_password_sha2.

Install Graylog on Ubuntu 20.04

That’s all you need to do to install Graylog on Ubuntu 20.04 LTS Focal Fossa. I hope you find this quick tip helpful. For further reading on Graylog, please refer to their official knowledge base. If you have questions or suggestions, feel free to leave a comment below.