Today we are going to learn that how to install graylog on Ubuntu 20.04. Graylog provides the logs about the system and manage the system logs centrally. It contains three parts as Graylog server, Elasticsearch and the MongoDB. Simply follow the below steps for an easy and optimal installation.
Step 1: Update Your System
First of all as usual we do, update your system to have the latest packages installed.
sudo apt update && sudo apt upgrade
Step 2: Install Java on Ubuntu 20.04
As Java is required for the graylog server so install it by visiting the below tutorial and proceed further.
How To Install Java On Ubuntu 20.04
Install the other required packages by typing
sudo apt install -y apt-transport-https openjdk-11-jre-headless uuid-runtime pwgen curl dirmngr
Verify the java version installed by hitting
java -version
Output:
sabi@sabi20:~$ java --version openjdk 11.0.8 2020-07-14 OpenJDK Runtime Environment (build 11.0.8+10-post-Ubuntu-0ubuntu120.04) OpenJDK 64-Bit Server VM (build 11.0.8+10-post-Ubuntu-0ubuntu120.04, mixed mode, sharing)
Step 3: Install Elasticsearch on Ubuntu 20.04
Now, install the elasticsearch as it provides the facility of storing the logs coming from the external sources so it is very useful to use with graylog. Install it by following the below steps.
Hit the below command to download and install the GPG signing key.
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
Then type the below command to add the Elasticsearch repository on your system.
echo "deb https://artifacts.elastic.co/packages/oss-6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list
Finally type the following command to install the Elasticsearch on Ubuntu 20.04.
sudo apt update
sudo apt install -y elasticsearch-oss
Step 4: Configure Elasticsearch with Graylog Server on Ubuntu 20.04
To configure the elasticsearch with graylog, edit the /etc/elasticsearch/elasticsearch.yml file and set up the cluster name as graylog.
cluster.name: graylog
Then add or uncomment the following line.
action.auto_create_index: false
After it reload the Elasticsearch services to take effect of updated configs.
sudo systemctl daemon-reload sudo systemctl start elasticsearch sudo systemctl enable elasticsearch
It’ll take maximum 1 minutes to start the services.
Elasticsearch listen to the port 9200. You can use the curl command to verify it.
curl -X GET http://localhost:9200
Output:
You’ll see the similar result. Make sure that the cluster name is graylog.
Step 5:Install MongoDB on Ubuntu 20.04
Install the MongoDB v3.6 by running the below commands in your terminal.
sudo apt update
sudo apt install -y mongodb-server
And start the MogoDB services.
sudo systemctl start mongodb sudo systemctl enable mongodb
Step 6: Install Graylog Server on Ubuntu 20.04
As graylog gets data from the elasticsearch and show it on its web interface so it’s easy to read and go through.
Hit the below commands to add the repository of graylog and install it in Ubuntu 20.04.
wget https://packages.graylog2.org/repo/packages/graylog-3.3-repository_latest.deb
sudo dpkg -i graylog-3.3-repository_latest.deb
sudo apt update
sudo apt install -y graylog-server
As for security reasons, enable the secret to secure the user passwords. To do this hit the below command in your terminal.
pwgen -N 1 -s 96
Result:
sabi@sabi20:~$ pwgen -N 1 -s 96 LmnaUmCKUmBgA2mwYpPNoC9FQP8YVR1ijerL00W00oB3scJrwk4CCpIQo3uI2llBlqug5v13UVIx5kXSrvExZ28gGRZlRulC
Now, edit the server.conf file and paste the above secret as seen below:
sudo nano /etc/graylog/server/server.conf password_secret = LmnaUmCKUmBgA2mwYpPNoC9FQP8YVR1ijerL00W00oB3scJrwk4CCpIQo3uI2llBlqug5v13UVIx5kXSrvExZ28gGRZlRulC
Then generate a hash password for the admin user of graylog that can be used to log in to web interface.
echo -n Your_Password | sha256sum
Replace Your_Password with your desired password.
Result:
99e87ec1196275a0c4ef6e5dd1cabd34f0c9a6ed680f24914b773295babd5da2 -
Now, edit the server.conf file and paste the hash password generated above.
root_password_sha2 = 99e87ec1196275a0c4ef6e5dd1cabd34f0c9a6ed680f24914b773295babd5da2 -
Step 7: Setup Graylog Web Interface on Ubuntu 20.04
To use the graylog web interface, enable it by editing server.conf file.
sudo nano /etc/graylog/server/server.conf
And replace the below line with your system IP.
http_bind_address = 192.168.0.10:9000
Finally start the graylog services by running below commands.
sudo systemctl daemon-reload
sudo systemctl start graylog-server
sudo systemctl enable graylog-server
If you got any error during the installation, you can follow up the graylog logs at startup by typing.
sudo tail -f /var/log/graylog-server/server.log
You’ll see the similar output upon successful installation.
2020-09-29T16:03:06.326-04:00 INFO [ServerBootstrap] Graylog server up and running.
Step 8: Access Graylog on Ubuntu 20.04
Type the IP:9000 in your browser to access graylog web interface.
Provide the credentials (username=”admin” and password=”root_password_sha2″ created earlier) to log in to the dashboard.
After the logged in, you’ll see the welcome page.
Then, navigate to the System>>Overview to see the status of graylog server.
So, this is how you can install Graylog on Ubuntu 20.04
