In this article, we will have explained the necessary steps to install and configure Graylog on Ubuntu 20.04 LTS. Before continuing with this tutorial, make sure you are logged in as a user with sudo privileges. All the commands in this tutorial should be run as a non-root user.
Graylog is an open-source log management tool that helps you to store and analyze any machine logs centrally. It contains three parts as Graylog server, Elasticsearch, and MongoDB.
Install Graylog on Ubuntu 20.04
Step 1. First, before you start installing any package on your Ubuntu server, we always recommend making sure that all system packages are updated.
sudo apt update sudo apt upgrade
Step 2. Install Java on Ubuntu system.
- Installing OpenJDK 14:
Run the following commands to install the OpenJDK 11 JDK package:
sudo apt install openjdk-14-jdk
Once the installation is complete, you can verify it by checking the Java version:
java -version
- Installing OpenJDK 8:
Run the following commands to install the OpenJDK 8 JDK package:
sudo apt install openjdk-8-jdk
Verify the installation:
java -version
Step 3. Install Elasticsearch on Ubuntu system.
Now we add Elasticsearch GPG key:
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
After importing its GPG key, run the commands below to add its package repository:
sudo sh -c 'echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
Once the repository is enabled, update the apt package list and install the Elasticsearch engine by typing:
sudo apt update sudo apt install elasticsearch
Next, edit the Elasticsearch configuration file to set the cluster name for Graylog set up:
sudo nano /etc/elasticsearch/elasticsearch.yml
Set the cluster name as graylog, as shown below:
cluster.name: graylog action.auto_create_index: false
After done, you can use the commands below to make sure it automatically starts up when the server boots up and start it:
sudo systemctl start elasticsearch.service sudo systemctl enable elasticsearch.service
Elasticsearch listen to the port 9200. You can use the curl command to verify it:
curl -X GET http://localhost:9200
Step 4. Install MongoDB on Ubuntu system.
Import the repository’s GPG key and add the MongoDB repository with:
wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add - sudo add-apt-repository 'deb [arch=amd64] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse'
After that the repository is enabled, install the MongoDB using the apt command:
sudo apt install mongodb-org
Once the installation is completed, start the MongoDB daemon and enable it to start on boot by typing:
sudo systemctl start mongod sudo systemctl enable mongod
Confirm the version of the MongoDB server:
mongod --version
Step 5. Install Graylog on Ubuntu system.
Run the following commands to add the repository of graylog and install it in Ubuntu 20.04:
wget https://packages.graylog2.org/repo/packages/graylog-3.3-repository_latest.deb sudo dpkg -i graylog-3.3-repository_latest.deb sudo apt update sudo apt install graylog-server
You must set a secret to secure the user passwords. Use the pwgen command to generate the secret:
pwgen -N 1 -s 96
Output:
HRy1WNsMQIWF228SsbdQCnCsTmeilanamaria28UsZXI8PXqStx5DQe3PAmtpm8PNm6g8K44fVFNo4rantyratnaOyxGiSXvdhOXl8w
Then, Edit the server.conf file:
sudo nano /etc/graylog/server/server.conf
Paste the hash password generated above:
password_secret = HRy1WNsMQIWF228SsbdQCnCsTmeilanamaria28UsZXI8PXqStx5DQe3PAmtpm8PNm6g8K44fVFNo4rantyratnaOyxGiSXvdhOXl8w
Next step, generate a hash password for the admin user of graylog that can be used to log in to web interface:
echo -n password | sha256sum
Output:
5e884898da28pengen0e56f8dc6292773603d0d6aabbdd62a1kimpoid1542d8
Then, Edit the server.conf file:
sudo nano /etc/graylog/server/server.conf
Paste the hash password generated above:
root_password_sha2 = 5e884898da28pengen0e56f8dc6292773603d0d6aabbdd62a1kimpoid1542d8
Step 6. Setup Graylog Web Interface.
Now we enable the Graylog web interface by editing the server.conf file:
sudo nano /etc/graylog/server/server.conf
And replace the below line with your system IP:
http_bind_address = 192.168.0.10:9000
Finally start the graylog services by running below commands:
sudo systemctl daemon-reload sudo systemctl start graylog-server sudo systemctl enable graylog-server
Step 7. Accessing Graylog on Ubuntu 20.04.
Access the web interface at the http_bind_address with the username admin, and the password used to generate the hash for root_password_sha2.
That’s all you need to do to install Graylog on Ubuntu 20.04 LTS Focal Fossa. I hope you find this quick tip helpful. For further reading on Graylog, please refer to their official knowledge base. If you have questions or suggestions, feel free to leave a comment below.
