How to Install and Configure Graylog Server on Ubuntu 16.04

How to Install and Configure Graylog Server on Ubuntu 16.04.

Graylog Enterprise, built on top of the Graylog open source platform, offers additional features that enable users to deploy Graylog at enterprise scale and apply Graylog to processes and workflows across the whole organization.With Graylog you can centrally collect the Syslog and EventLog messages of your complete infrastructure, spot problems early and resolve issues faster. No more logging into multiple devices to parse plain text log files.

You will need one VPS Server with Ubuntu 16.04 OS installed on it.

First login with root access to your server and update server system.
apt-get update
apt-get upgrade

After updating, install Java which is required:

apt-get install openjdk-7-jre

Now, add MongoDB repository :

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10
echo "deb http://repo.mongodb.org/apt/debian wheezy/mongodb-org/3.0 main" > /etc/apt/sources.list.d/mongodb-org-3.0.list
apt-get update

After adding, run this command to install it:

apt-get install mongodb-org

Enable it on boot:

systemctl start mongod
systemctl enable mongod

After installing, you will need to install Elasticsearch.
You can do it by following these steps.
First, add the GPG key:

wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

And add the repository:

apt-get install apt-transport-https
echo "deb https://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch-2.x.list

After, update packages and install the Elasticsearch:

apt-get update && apt-get install elasticsearch

Now modify the configuration file by running this command:

cluster.name: graylog

After, start and enable it:

systemctl start elasticsearch
systemctl enable elasticsearch

You have successfully installed the requires for Graylog.

Install Graylog

Now it’s time to install Graylog.
First, download Graylog repository:
wget https://packages.graylog2.org/repo/packages/graylog-2.3-repository_latest.deb
And install it:
dpkg -i graylog-2.3-repository_latest.deb

After, update the packages list:
apt-get update

And install Graylog server.
apt-get install graylog-server

After installing, now run this command to set password for your Graylog server.
echo -n PASSWORD | sha256sum
0be64ae89ddd24e225434de95d501711339baeee18f009ba9b4369af27d30d60 -

Note: Change PASSWORD in your command with your root password.

Now create a secret key:
apt-get install pwgen
pwgen -s 80 1
I2UqBbXDXcWkYTs2x7wCAPs7GDmLG4iB82AuAhhtB0ayegd5SAjlMxh1Il848Vyq5DP5Q5ZN8wJmWK4m

And paste it to server.conf file:
vi /etc/graylog/server/server.conf

root_password_sha2 = 0be64ae89ddd24e225434de95d501711339baeee18f009ba9b4369af27d30d60
password_secret = I2UqBbXDXcWkYTs2x7wCAPs7GDmLG4iB82AuAhhtB0ayegd5SAjlMxh1Il848Vyq5DP5Q5ZN8wJmWK4m

Without saving these changes, find the following lines and change IP_ADDRESS with your server IP.
rest_listen_uri = http://IP_ADDRESS:9000/api/
web_listen_uri = http://IP_ADDRESS:9000/

Restart Graylog:
systemctl restart graylog-server

And check if everything is OK.
systemctl status graylog-server

You will get this if everything is OK.
Graylog status

To login to your Graylog Server open this URL http://IP_ADDRESS:9000 with your favorite browser.
The default user is admin and password is how we created as root_password_sha2.

You have successfully installed and configured Graylog server.

Enjoy!

 

Register for free account now.