How to Install Graylog on FreeBSD Latest

This tutorial will guide you through the process of installing Graylog on FreeBSD version Latest.

Prerequisites

Before proceeding with the installation of Graylog, make sure you have the following prerequisites installed:

• FreeBSD Latest system
• Root privileges
• Java Runtime Environment (JRE) version 8 or higher
• Elasticsearch version 5 or higher

Step 1 - Install Java Runtime Environment (JRE)

Graylog requires Java Runtime Environment (JRE) version 8 or higher to be installed on your system. Follow the steps below to install JRE.

1. Update the package repository index:

   pkg update
   

2. Install OpenJDK 8:

   pkg install openjdk8
   

3. Verify that Java is installed correctly:

   java -version
   

   This command should return the Java version information.

Step 2 - Install Elasticsearch

Graylog requires Elasticsearch version 5 or higher to be installed. Follow the steps below to install Elasticsearch.

1. Download and install the Elasticsearch package:

   pkg install elasticsearch5
   

2. Enable Elasticsearch to start at system boot:

   sysrc elasticsearch_enable=YES
   

3. Start Elasticsearch service:

   service elasticsearch start
   

4. Verify that Elasticsearch service is running:

   service elasticsearch status
   

   This command should return the message elasticsearch is running as pid <PID>.

Step 3 - Install Graylog

1. Download the Graylog package:

   fetch https://packages.graylog2.org/releases/graylog/graylog-4.1.4.tgz
   

2. Extract the Graylog package:

   tar -xzf graylog-4.1.4.tgz
   

3. Move the extracted Graylog directory to /usr/local directory:

   mv graylog-4.1.4 /usr/local/graylog
   

4. Create a Graylog system user and group:

   pw group add graylog -g 940
   pw user add graylog -u 940 -g graylog -d /nonexistent -s /usr/sbin/nologin
   

5. Create a storage directory for Graylog:

   mkdir -p /usr/local/graylog/data/journal
   chown -R graylog:graylog /usr/local/graylog/data
   chmod -R 755 /usr/local/graylog/data
   

6. Configure Graylog by creating a configuration file at /usr/local/graylog/conf/graylog.conf. You can use the following command to create the configuration file:

   cp /usr/local/graylog/conf/graylog.conf.example /usr/local/graylog/conf/graylog.conf
   

   Edit the configuration file and make the following changes:

   # Set the password_secret to a secret value (minimum 64 characters):
   password_secret = <generate_password_secret>
   
   # Set the root_username and root_password_sha2 to the desired root user credentials:
   root_username = <desired_username>
   root_password_sha2 = <desired_password_sha2>
   
   # Set the elasticsearch_hosts to the address of the Elasticsearch instance:
   elasticsearch_hosts = http://localhost:9200
   

7. Set the ownership and permissions for the Graylog configuration file:

   chown root:graylog /usr/local/graylog/conf/graylog.conf
   chmod 0640 /usr/local/graylog/conf/graylog.conf
   

8. Start the Graylog service:

   /usr/local/graylog/bin/graylogctl start
   

9. Verify that the Graylog service is running:

   /usr/local/graylog/bin/graylogctl status
   

   This command should return the message graylog-server running (pid: <PID>).

Step 4 - Access Graylog Web Interface

Once the Graylog service is up and running, you can access the Graylog web interface using your web browser.

• Open your web browser and navigate to http://<graylog-server-ip>:9000.

  Make sure to replace <graylog-server-ip> with the IP address of your Graylog server.

• Log in to the Graylog web interface using the root user credentials that you configured earlier in the Graylog configuration file.

Congratulations! You have successfully installed Graylog on your FreeBSD Latest system.