How to Install Graylog on Void Linux

Graylog is an open-source log management tool that can centralize and aggregate logs from various sources, including applications, servers, and network devices. In this tutorial, we will walk you through the process of installing Graylog on Void Linux.

Prerequisites

Before proceeding with this tutorial, you need to have the following:

  • A running instance of Void Linux
  • Superuser privileges or access to a sudo user
  • Java 8 or higher installed

Step 1: Install Elasticsearch

Graylog relies on Elasticsearch to store and index logs. To install Elasticsearch, run the following command:

sudo xbps-install -S elasticsearch

After the installation is complete, start the Elasticsearch service and enable it to start automatically during system boot:

sudo ln -s /etc/sv/elasticsearch /var/service/
sudo sv start elasticsearch

You can verify if Elasticsearch is running by visiting its health status API in a web browser:

http://localhost:9200/_cat/health?v

If everything is fine, you should see an output similar to this:

epoch      timestamp cluster       status node.total node.data shards pri relo init unassign pending_tasks max_task_wait_time active_shards_percent
1624944630 04:10:30  elasticsearch green           1         1      0   0    0    0        0             0                  -                100.0%

Step 2: Install MongoDB

Graylog uses MongoDB as a NoSQL database to store configuration and metadata. To install MongoDB, run the following command:

sudo xbps-install -S mongodb

After the installation is complete, start the MongoDB service and enable it to start automatically during system boot:

sudo ln -s /etc/sv/mongodb /var/service/
sudo sv start mongodb

You can verify if MongoDB is running by checking its log file:

tail -f /var/log/mongodb/mongodb.log

If everything is fine, you should see a message similar to this:

[initandlisten] waiting for connections on port 27017

Step 3: Install Graylog

To install Graylog, run the following command:

sudo xbps-install -S graylog-server

After the installation is complete, edit the Graylog configuration file /etc/graylog/server/server.conf and change the following settings:

# Elasticsearch URL
elasticsearch_hosts = http://127.0.0.1:9200

# MongoDB connection settings
mongodb_uri = mongodb://127.0.0.1/graylog
mongodb_max_connections = 100

Save and close the file.

Step 4: Start Graylog

To start Graylog, run the following command:

sudo ln -s /etc/sv/graylog-server /var/service/
sudo sv start graylog-server

You can verify if Graylog is running by visiting its web interface in a web browser:

http://localhost:9000/

If everything is fine, you should see a login page.

Conclusion

Congratulations! You have successfully installed Graylog on Void Linux. You can now start sending logs to your Graylog server and explore its features.