Oct 7, 2017

How to Install and Configure Graylog Server on Ubuntu 16.04

How to Install and Configure Graylog Server on Ubuntu 16.04.

Graylog Enterprise, built on top of the Graylog open source platform, offers additional features that enable users to deploy Graylog at enterprise scale and apply Graylog to processes and workflows across the whole organization.With Graylog you can centrally collect the Syslog and EventLog messages of your complete infrastructure, spot problems early and resolve issues faster. No more logging into multiple devices to parse plain text log files. You will need one VPS Server with Ubuntu 16.04 OS installed on it. First login with root access to your server and update server system. apt-get update apt-get upgrade After updating, install Java which is required: apt-get install openjdk-7-jre Now, add MongoDB repository : sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10 echo "deb http://repo.mongodb.org/apt/debian wheezy/mongodb-org/3.0 main" > /etc/apt/sources.list.d/mongodb-org-3.0.list apt-get update After adding, run this command to install it: apt-get install mongodb-org Enable it on boot: systemctl start mongod systemctl enable mongod After installing, you will need to install Elasticsearch. You can do it by following these steps. First, add the GPG key: wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - And add the repository: apt-get install apt-transport-https echo "deb https://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch-2.x.list After, update packages and install the Elasticsearch: apt-get update && apt-get install elasticsearch Now modify the configuration file by running this command: cluster.name: graylog After, start and enable it: systemctl start elasticsearch systemctl enable elasticsearch You have successfully installed the requires for Graylog.

Install Graylog

Now it’s time to install Graylog. First, download Graylog repository: wget https://packages.graylog2.org/repo/packages/graylog-2.3-repository_latest.deb And install it: dpkg -i graylog-2.3-repository_latest.deb After, update the packages list: apt-get update And install Graylog server. apt-get install graylog-server After installing, now run this command to set password for your Graylog server. echo -n PASSWORD | sha256sum 0be64ae89ddd24e225434de95d501711339baeee18f009ba9b4369af27d30d60 - Note: Change PASSWORD in your command with your root password. Now create a secret key: apt-get install pwgen pwgen -s 80 1 I2UqBbXDXcWkYTs2x7wCAPs7GDmLG4iB82AuAhhtB0ayegd5SAjlMxh1Il848Vyq5DP5Q5ZN8wJmWK4m And paste it to server.conf file: vi /etc/graylog/server/server.conf root_password_sha2 = 0be64ae89ddd24e225434de95d501711339baeee18f009ba9b4369af27d30d60 password_secret = I2UqBbXDXcWkYTs2x7wCAPs7GDmLG4iB82AuAhhtB0ayegd5SAjlMxh1Il848Vyq5DP5Q5ZN8wJmWK4m Without saving these changes, find the following lines and change IP_ADDRESS with your server IP. rest_listen_uri = http://IP_ADDRESS:9000/api/ web_listen_uri = http://IP_ADDRESS:9000/ Restart Graylog: systemctl restart graylog-server And check if everything is OK. systemctl status graylog-server You will get this if everything is OK. Graylog status To login to your Graylog Server open this URL http://IP_ADDRESS:9000 with your favorite browser. The default user is admin and password is how we created as root_password_sha2. You have successfully installed and configured Graylog server. Enjoy! Register for free account now.