How to Install Graylog on Ubuntu 18.04

Graylog is a powerful log management and analysis tool used for monitoring and analyzing log data. It provides a centralized platform for collecting, processing, and visualizing logs from various sources. Graylog is built on top of Elasticsearch, MongoDB, and Apache Kafka, and it offers powerful search capabilities and real-time data analysis.

Step 1: Update System Packages

To begin the installation of Graylog, it is recommended to update your Ubuntu system with the latest package versions. Open the terminal and run the following command:

sudo apt update

Step 2: Install Java

Graylog requires Java to run, so you’ll need to install it. Execute the following command to install OpenJDK 8:

sudo apt install -y openjdk-8-jdk

Step 3: Install Elasticsearch

Graylog uses Elasticsearch as its search engine, so we need to install it. Perform the following commands:

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
sudo apt install -y apt-transport-https
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list
sudo apt update
sudo apt install -y elasticsearch
sudo systemctl enable elasticsearch
sudo systemctl start elasticsearch

Step 4: Install MongoDB

Graylog requires MongoDB as its database backend. Install it using the following commands:

sudo apt install -y mongodb-server
sudo systemctl enable mongodb
sudo systemctl start mongodb

Step 5: Install Graylog

Now, it's time to install Graylog. Execute the commands below:

wget https://packages.graylog2.org/repo/packages/graylog-4.2-repository_latest.deb
sudo dpkg -i graylog-4.2-repository_latest.deb
sudo apt update
sudo apt install -y graylog-server

Step 6: Configure Graylog

After the installation, you need to configure Graylog. Open the Graylog configuration file in a text editor:

sudo nano /etc/graylog/server/server.conf

Modify the following settings in the configuration file:

• password_secret: Replace the placeholder with a secret passphrase.
• root_password_sha2: Set the hash of your desired password. You can generate the hash using the following command:

  echo -n yourpassword | shasum -a 256

• http_bind_address: Set the IP address or hostname of your Graylog server.

Save the changes and exit the editor.

Step 7: Start Graylog

Finally, start the Graylog service using the following command:

sudo systemctl enable graylog-server
sudo systemctl start graylog-server

You have successfully installed Graylog on Ubuntu 18.04. You can access the Graylog web interface using the IP address or hostname of your server on port 9000 (e.g., http://your_server_ip:9000). Login with the username "admin" and the password you configured in the Graylog configuration file.