Search
Close this search box.

How to Install and Configure Graylog Server on Ubuntu 16.04

Table of Contents

Easy step to Install Graylog Server on Ubuntu 16.04

 

Graylog Enterprise, built on top of the Graylog open-source platform, offers additional features that enable users to deploy Graylog at an enterprise scale and apply Graylog to processes and workflows across the whole organization.

 

With Graylog, you can centrally collect your complete infrastructure’s Syslog and EventLog messages, spot problems early, and resolve issues faster—no more logging into multiple devices to parse plain text log files.

 

You will need one VPS Server with Ubuntu 16.04 OS installed on it.

 

First, log in with root access to your server and update the server system.
apt-get update
apt-get upgrade

After updating, install Java which is required:

apt-get install openjdk-7-jre

Now, add the MongoDB repository :

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10
echo "deb http://repo.mongodb.org/apt/debian wheezy/mongodb-org/3.0 main" > /etc/apt/sources.list.d/mongodb-org-3.0.list
apt-get update

After adding, run this command to install it:

apt-get install mongodb-org

Enable it on boot:

systemctl start mongod
systemctl enable mongod

After installing, you will need to install Elasticsearch.
You can do it by following these steps.
First, add the GPG key:

wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

And add the repository:

apt-get install apt-transport-https
echo "deb https://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch-2.x.list

After, update packages and install Elasticsearch:

apt-get update && apt-get install elasticsearch

Now modify the configuration file by running this command:

cluster.name: graylog

After, start and enable it:

systemctl start elasticsearch
systemctl enable elasticsearch

You have successfully installed the requirements for Graylog.

Install Graylog

Now it’s time to install Graylog.
First, download the Graylog repository:
wget https://packages.graylog2.org/repo/packages/graylog-2.3-repository_latest.deb
And install it:
dpkg -i graylog-2.3-repository_latest.deb

After, update the packages list:
apt-get update

And install the Graylog server.
apt-get install graylog-server

After installing, now run this command to set a password for your Graylog server.
echo -n PASSWORD | sha256sum
0be64ae89ddd24e225434de95d501711339baeee18f009ba9b4369af27d30d60 -

Note: Change the PASSWORD in your command with your root password.

Now create a secret key:
apt-get install pwgen
pwgen -s 80 1
I2UqBbXDXcWkYTs2x7wCAPs7GDmLG4iB82AuAhhtB0ayegd5SAjlMxh1Il848Vyq5DP5Q5ZN8wJmWK4m

And paste it to the server.conf file:
vi /etc/graylog/server/server.conf

root_password_sha2 = 0be64ae89ddd24e225434de95d501711339baeee18f009ba9b4369af27d30d60
password_secret = I2UqBbXDXcWkYTs2x7wCAPs7GDmLG4iB82AuAhhtB0ayegd5SAjlMxh1Il848Vyq5DP5Q5ZN8wJmWK4m

Without saving these changes, find the following lines and change IP_ADDRESS with your server IP.
rest_listen_uri = http://IP_ADDRESS:9000/api/
web_listen_uri = http://IP_ADDRESS:9000/

Restart Graylog:
systemctl restart graylog-server

And check if everything is OK.
systemctl status graylog-server

You will get this if everything is OK.
Graylog status

To log in to your Graylog Server, open this URL http://IP_ADDRESS:9000 with your favorite browser.
The default user is admin, and the password is how we created root_password_sha2.

You have successfully installed and configured the Graylog server.

Enjoy!

how-to-install-fkill-on-Linux-systems

Graylog Server is an open-source log management tool that allows you to collect, index, and analyze logs from various sources. It provides a web-based interface for managing and analyzing records in real time.

The minimum system requirements for Graylog Server are:

  • 4 GB RAM
  • 2 CPU cores
  • 500 GB disk space

 You can add inputs to Graylog Server by following these steps:

  1. Log in to the Graylog Server web interface.
  2. Click on the “System” dropdown menu and select “Inputs”.
  3. Click on the “Select Input” dropdown menu and choose the type of input you want to add (e.g. “Syslog UDP”, “GELF UDP”, etc.).
  4. Configure the input settings, including the port number and protocol.
  5. Click on the “Launch” button to start the input.

You can search for logs in Graylog Server by following these steps:

  1. Log in to the Graylog Server web interface.
  2. Click on the “Search” dropdown menu and select “Search”.
  3. Enter your search query in the search bar.
  4. Filter your search results by choosing the desired time range, source, or other criteria.
  5. Click on the “Search” button to display the search results.
  6. Click

 

Make a Comment
Share on
Facebook
Twitter
LinkedIn
Print
VPSie Cloud service

Fast and Secure Cloud VPS Service

Try FREE
For a month

The First 1 orders gets free discount today! Try Sign up on VPSie to get a chance to get the discount.