How to Install Graylog on Elementary OS Latest
Graylog is a free and open-source log management software that allows you to collect, index, and analyze any machine-generated data. In this tutorial, we will show you how to install Graylog on Elementary OS Latest.
Prerequisites
Before you begin with this tutorial, ensure that you have the following:
- A server running Elementary OS Latest.
- A user account with sudo privileges.
- At least 4GB of RAM.
Step 1: Install Java
Graylog requires Java 8 or later to be installed on your system. To install Java in Elementary OS, run the following command in your terminal:
sudo apt-get update
sudo apt-get install default-jre -y
Verify the installation by checking the Java version:
java -version
Step 2: Install MongoDB
Graylog requires MongoDB to store its metadata and configurations. Run the following command to install MongoDB:
sudo apt-get install mongodb-server -y
After MongoDB has been installed, start the service and enable it to start on system boot:
sudo systemctl start mongodb
sudo systemctl enable mongodb
To verify that MongoDB is running, enter the following command:
sudo systemctl status mongodb
Step 3: Install Elasticsearch
Graylog requires Elasticsearch for searching and indexing logs. Run the following command to install Elasticsearch:
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/oss-6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list
sudo apt-get update
sudo apt-get install elasticsearch-oss -y
After Elasticsearch has been installed, start the service and enable it to start on system boot:
sudo systemctl start elasticsearch
sudo systemctl enable elasticsearch
To verify that Elasticsearch is running, enter the following command:
sudo systemctl status elasticsearch
Step 4: Install Graylog
Now that Elasticsearch, MongoDB, and Java are installed and running on the system, we can proceed to install Graylog. Run the following commands to install Graylog:
wget https://packages.graylog2.org/repo/packages/graylog-3.3-repository_latest.deb
sudo dpkg -i graylog-3.3-repository_latest.deb
sudo apt-get update
sudo apt-get install graylog-server -y
Step 5: Configure Graylog
After installing Graylog, we need to configure it to run correctly. Open the Graylog configuration file with your favorite text editor:
sudo nano /etc/graylog/server/server.conf
Change the following settings:
- Uncomment the
password_secretline and replace the generated random string with your own secret value. - Uncomment the
root_password_sha2line and replace the generated random string with the SHA-256 hash of your desired password. You can generate the hash using the following command:echo -n yourpassword | sha256sum - Set the
elasticsearch_hostsparameter tohttp://127.0.0.1:9200. - Set the
mongodb_uriparameter tomongodb://127.0.0.1/graylog.
Save the file and exit.
Step 6: Start Graylog
After you have configured Graylog, start the Graylog service and enable it to start on system boot:
sudo systemctl start graylog-server
sudo systemctl enable graylog-server
To verify that Graylog is running, enter the following command:
sudo systemctl status graylog-server
If everything is working correctly, you should see a green status message in the terminal.
Step 7: Access Graylog Web Interface
Now that everything is set up, you can access the Graylog web interface by opening a web browser and entering the following URL:
http://your_server_ip:9000
Replace your_server_ip with the IP address or hostname of your server.
Conclusion
You have successfully installed Graylog on Elementary OS and configured it to run properly. You can now start creating your inputs and streams to begin collecting and analyzing your logs.