Easy step to Install Graylog Server on Ubuntu 16.04
Graylog Enterprise, built on top of the Graylog open-source platform, offers additional features that enable users to deploy Graylog at an enterprise scale and apply Graylog to processes and workflows across the whole organization.
With Graylog, you can centrally collect your complete infrastructure’s Syslog and EventLog messages, spot problems early, and resolve issues faster—no more logging into multiple devices to parse plain text log files.
You will need one VPS Server with Ubuntu 16.04 OS installed on it.
First, log in with root access to your server and update the server system.apt-get update
apt-get upgrade
After updating, install Java which is required:
apt-get install openjdk-7-jre
Now, add the MongoDB repository :
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10
echo "deb http://repo.mongodb.org/apt/debian wheezy/mongodb-org/3.0 main" > /etc/apt/sources.list.d/mongodb-org-3.0.list
apt-get update
After adding, run this command to install it:
apt-get install mongodb-org
Enable it on boot:
systemctl start mongod
systemctl enable mongod
After installing, you will need to install Elasticsearch.
You can do it by following these steps.
First, add the GPG key:
wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
And add the repository:
apt-get install apt-transport-https
echo "deb https://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch-2.x.list
After, update packages and install Elasticsearch:
apt-get update && apt-get install elasticsearch
Now modify the configuration file by running this command:
cluster.name: graylog
After, start and enable it:
systemctl start elasticsearch
systemctl enable elasticsearch
You have successfully installed the requirements for Graylog.
Install Graylog
Now it’s time to install Graylog.
First, download the Graylog repository:wget https://packages.graylog2.org/repo/packages/graylog-2.3-repository_latest.deb
And install it:dpkg -i graylog-2.3-repository_latest.deb
After, update the packages list:apt-get update
And install the Graylog server.apt-get install graylog-server
After installing, now run this command to set a password for your Graylog server.echo -n PASSWORD | sha256sum
0be64ae89ddd24e225434de95d501711339baeee18f009ba9b4369af27d30d60 -
Note: Change the PASSWORD in your command with your root password.
Now create a secret key:apt-get install pwgen
pwgen -s 80 1
I2UqBbXDXcWkYTs2x7wCAPs7GDmLG4iB82AuAhhtB0ayegd5SAjlMxh1Il848Vyq5DP5Q5ZN8wJmWK4m
And paste it to the server.conf file:vi /etc/graylog/server/server.conf
root_password_sha2 = 0be64ae89ddd24e225434de95d501711339baeee18f009ba9b4369af27d30d60
password_secret = I2UqBbXDXcWkYTs2x7wCAPs7GDmLG4iB82AuAhhtB0ayegd5SAjlMxh1Il848Vyq5DP5Q5ZN8wJmWK4m
Without saving these changes, find the following lines and change IP_ADDRESS with your server IP.rest_listen_uri = http://IP_ADDRESS:9000/api/
web_listen_uri = http://IP_ADDRESS:9000/
Restart Graylog:systemctl restart graylog-server
And check if everything is OK.systemctl status graylog-server
You will get this if everything is OK.
To log in to your Graylog Server, open this URL http://IP_ADDRESS:9000 with your favorite browser.
The default user is admin, and the password is how we created root_password_sha2.
You have successfully installed and configured the Graylog server.
Enjoy!
Graylog Server is an open-source log management tool that allows you to collect, index, and analyze logs from various sources. It provides a web-based interface for managing and analyzing records in real time.
The minimum system requirements for Graylog Server are:
- 4 GB RAM
- 2 CPU cores
- 500 GB disk space
You can add inputs to Graylog Server by following these steps:
- Log in to the Graylog Server web interface.
- Click on the “System” dropdown menu and select “Inputs”.
- Click on the “Select Input” dropdown menu and choose the type of input you want to add (e.g. “Syslog UDP”, “GELF UDP”, etc.).
- Configure the input settings, including the port number and protocol.
- Click on the “Launch” button to start the input.
You can search for logs in Graylog Server by following these steps:
- Log in to the Graylog Server web interface.
- Click on the “Search” dropdown menu and select “Search”.
- Enter your search query in the search bar.
- Filter your search results by choosing the desired time range, source, or other criteria.
- Click on the “Search” button to display the search results.
- Click