• Support
  • Get In Touch
Login
January 12, 2017

How to Install and Configure Graylog Server on Ubuntu 16.04

Want your very own server? Get our 1GB memory, Xeon V4, 25GB SSD VPS for £10.00 / month.
Get a Cloud Server

Graylog is a free and open source powerful centralized log management tool based on Elasticsearch and MongoDB. Graylog helps you to collect and analyze your system logs to debug applications.

Graylog is made up of three components Elasticsearch, MongoDB and Graylog server. Elasticsearch is used to store the log messages and provide searching facilities. MongoDB isused to store the configuration and meta information. Graylog server collects the logs from various inputs and provides a web interface for managing the logs.

In this tutorial, we will explain how to install and configure Graylog server on Ubuntu 16.04.

Prerequisites

  • A server running Ubuntu 16.04.
  • A non-root user with sudo privileges setup on your server.
  • A static IP address 192.168.15.110 configure on your server.

##Update the System

First, update your system to the latest stable version by running the following command:

sudo apt-get update -y
sudo apt-get upgrade -y

Once your system is up to date, you can proceed to the next step.

Installing Elasticsearch

Elasticsearch is one of the main components of Graylog server. Elasticsearch stores all the logs sent by Graylog server and displays the messages over the built-in web interface.

Before starting, Elasticsearch requires Java to be installed on your server. So you will need to install Java first.

By default Java is not available in Ubuntu default repository. So first add the Oracle Java PPA to apt with the following command:

sudo add-apt-repository ppa:webupd8team/java

Next, update your apt package database with the following command:

sudo apt-get update -y

Next, Install the latest stable version of Oracle Java 8 with the following command:

sudo apt-get install oracle-java8-installer

Next, Verify the Java version by running the following command:

java -version

Output:

java version "1.8.0_91"
Java(TM) SE Runtime Environment (build 1.8.0_91-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.91-b14, mixed mode)

Before installing Elasticsearch, you will need to download and install a GPG signing key.

sudo wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

Next, configure Eleasticsearch repository with the following command:

sudo echo "deb https://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch.list

Next, update the repository database with the following command:

sudo apt-get update -y

Then, install elasticsearch with the following command:

sudo apt-get install elasticsearch -y

Start the elasticsearch service and enable it to start on boot time with the following command:

sudo systemctl start elasticsearch
sudo systemctl enable elasticsearch

Next, you will need to make some changes in elasticsearch.yml file:

sudo nano /etc/elasticsearch/elasticsearch.yml

Change the file as shown below:

cluster.name: graylog
network.bind_host: localhost
script.disable_dynamic: true

Save the file and restart the Elasticsearch service:

sudo service elasticsearch restart

Next, verify Elasticsearch is running properly or not with the following command:

curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'

If everything is ok, you should see the following output:

{
  "cluster_name" : "graylog",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 1,
  "number_of_data_nodes" : 1,
  "active_primary_shards" : 0,
  "active_shards" : 0,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}

Once you are done, you can proceed to the next step.

Installing MongoDB

First, you will need to import the MongoDB public GPG key into apt.

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927

Next, create the MongoDB source list file with the following command:

sudo echo 'deb http://downloads-distro.mongodb.org/repo/debian-sysvinit dist 10gen' | sudo tee /etc/apt/sources.list.d/mongodb.list

Update your apt database and install MongoDB with the following command:

sudo apt-get update -y
sudo apt-get install mongodb-org

Next, start the MongoDB service and enable it to start on boot:

sudo systemctl start mongod
sudo systemctl enable mongod

Installing Graylog

First, you will need to download and install graylog repository on your system.

You can do this by using wget command:

wget https://packages.graylog2.org/repo/packages/graylog-2.0-repository_latest.deb

Next, install graylog repository with the following command:

sudo dpkg -i graylog-2.0-repository_latest.deb

Next, Install https support and update the repository cache with the following commands:

sudo apt-get install apt-transport-https -y
sudo apt-get update -y

Finally install Graylog server with the following command:

sudo apt-get install -y graylog-server

Next, you will need to install pwgen to generate password secret keys for graylog server.

sudo apt-get install pwgen

Next, generate a secret key using pwgen command:

pwgen -N 1 -s 96

You should see the following output:

eK76Gx7mwdQGIVYzOm7GYmucqiGShvZQ96vIQFyf0PHEi0bTFSQemte2ADkMZllv0epvpeSGqiInvnnXxxxRpQyYLKCyvL8v

Next, set a hash password for the root user that can be used to to login into the web interface.

echo -n password | sha256sum

You should see the following output:

5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8  -

Next, you will need to edit the server.conf file to begin the graylog configuration.

sudo nano /etc/graylog/server/server.conf

Change the file as shown below:

password_secret =
root_password_sha2 = 
root_email = hitjethva@gmail.com
root_timezone = UTC
elasticsearch_discovery_zen_ping_unicast_hosts = 192.168.15.110:9300
is_master = true
elasticsearch_max_docs_per_index = 20000000
elasticsearch_max_number_of_indices = 20
elasticsearch_shards = 1
elasticsearch_replicas = 0

Save and close the file when you are finish.

Installing the Graylog Web Interface

You can configure Graylog web interface by editing server.conf file.

sudo nano /etc/graylog/server/server.conf

Change the following lines:

rest_listen_uri = http://192.168.15.110:12900/
web_listen_uri = http://192.168.15.110:9000/

Once you are done, restart the Graylog service with the following command:

sudo systemctl daemon-reload
sudo systemctl restart graylog-server

Accessing the Graylog Web Interface

Once everything is up to date, it’s time to access graylog web interface.

Open your favourite web browser and type the URL http://192.168.15.110:9000. Login with username admin and the password you configured at root_password_sha2 on server.conf.

You should see the following pages:

HP_NO_IMG/data/uploads/users/7ecb43a5-b365-4ebf-93d5-f3b632f29f33/1505327921.png” alt=”” />
HP_NO_IMG/data/uploads/users/7ecb43a5-b365-4ebf-93d5-f3b632f29f33/264181997.png” alt=”” />

Conclusion

Congratulations! you have successfully installed and configured graylog server on Ubuntu 16.04. You can now easily explore the other functionality that it offers.

Want your very own server? Get our 1GB memory, Xeon V4, 25GB SSD VPS for £10.00 / month.
Get a Cloud Server

Share this Article!

Related Posts

Node.js Authentication – A Complete Guide with Passport and JWT

Node.js Authentication – A Complete Guide with Passport and JWT

Truth be told, it’s difficult for a web application that doesn’t have some kind of identification, even if you don’t see it as a security measure in and of itself. The Internet is a kind of lawless land, and even on free services like Google’s, authentication ensures that abuses will be avoided or at least […]

September 30, 2021
Read More Node.js Authentication – A Complete Guide with Passport and JWT
Node.js and MongoDB: How to Connect MongoDB With Node

Node.js and MongoDB: How to Connect MongoDB With Node

MongoDB is a document-oriented NoSQL database, which was born in 2007 in California as a service to be used within a larger project, but which soon became an independent and open-source product. It stores documents in JSON, a format based on JavaScript and simpler than XML, but still with good expressiveness. It is the dominant […]

September 27, 2021
Read More Node.js and MongoDB: How to Connect MongoDB With Node
Using MySQL with Node.js: A Complete Tutorial

Using MySQL with Node.js: A Complete Tutorial

Although data persistence is almost always a fundamental element of applications, Node.js has no native integration with databases. Everything is delegated to third-party libraries to be included manually, in addition to the standard APIs. Although MongoDB and other non-relational databases are the most common choice with Node because if you need to scale an application, […]

September 7, 2021
Read More Using MySQL with Node.js: A Complete Tutorial
Node.Js Vs Django: Which Is the Best for Your Project

Node.Js Vs Django: Which Is the Best for Your Project

Django and NodeJs are two powerful technologies for web development, both have great functionality, versatile applications, and a great user interface. Both are open source and can be used for free. But which one fits your project best? NodeJs is based on JavaScript, while Django is written in Python. These are two equally popular technologies […]

August 31, 2021
Read More Node.Js Vs Django: Which Is the Best for Your Project
Nodejs Vs PHP: Which Works Best?

Nodejs Vs PHP: Which Works Best?

Before getting into the “battle” between Node.js and PHP we need to understand why the issue is still ongoing. It all started with the increased demand for smartphone applications, their success forcing developers to adapt to new back-end technologies that could handle a multitude of simultaneous requests. JavaScript has always been identified as a client-side […]

August 30, 2021
Read More Nodejs Vs PHP: Which Works Best?