We’ll show you, How to Install Graylog Server on Ubuntu 16.04. Graylog is a free and open source, centralized log management tool based on MongoDB and Elasticsearch. Using Graylog you can easily collect and analyze your server logs. Graylog is made up of three components Elasticsearch, MongoDB and Graylog server. Elasticsearch is used to store the logs and provide searching facilities. MongoDB stores the configuration and meta information. Graylog server collects the log messages from different inputs and provides a web interface for managing the logs. Installing Graylog Server on Ubuntu 16.04 is not so complicated and should be done in less then 10 minutes.
In this tutorial we will guide you through the steps of installing Graylog on an Ubuntu 16.04 VPS
Table of Contents
1. Login via SSH
Login to your VPS as user root
ssh root@IP_ADDRESS
and update the system
apt-get update && apt-get upgrade
2. Install Java
We need Java installed on the server for the Graylog installation. It can be installed from the official ubuntu repo. You can also read our detailed tutorial on how to install java on ubuntu 16.04
apt-get install openjdk-7-jre
check the version
java -version openjdk version "1.8.0_131" OpenJDK Runtime Environment (build 1.8.0_131-8u131-b11-2ubuntu1.16.04.3-b11) OpenJDK 64-Bit Server VM (build 25.131-b11, mixed mode)
3. Install MongoDB
MongoDB cannot be installed from the Ubuntu repository, so we will have to add the MongoDB repository. You can also read our detailed tutorial on How to Install MongoDB on Ubuntu 16.0
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10 echo "deb http://repo.mongodb.org/apt/debian wheezy/mongodb-org/3.0 main" > /etc/apt/sources.list.d/mongodb-org-3.0.list apt-get update
and run the following command to install MongoDB
apt-get install mongodb-org
Once installed, start MongoDB and enable it to start on boot
systemctl start mongod systemctl enable mongod
4. Install Elasticsearch
Add the GPG key to the server:
wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
Now add the elasticsearch repository to sources list
apt-get install apt-transport-https echo "deb https://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch-2.x.list
Update the package lists and install Elasticsearch
apt-get update && apt-get install elasticsearch
Once the installation is completed, modify the Elasticsearch configuration file, uncomment the ‘cluster.name’ name, and change it to ‘graylog’.
cluster.name: graylog
start Elastcisearch and enable it to start at boot time
systemctl start elasticsearch systemctl enable elasticsearch
5. Install and Configure Graylog
Download and install Graylog repository
wget https://packages.graylog2.org/repo/packages/graylog-2.3-repository_latest.deb dpkg -i graylog-2.3-repository_latest.deb
Update the package lists and install Graylog
apt-get update && apt-get install graylog-server
Next, we must specify ‘root_password_sha2’ password and secret key.
Run the following command to create your password ‘root_password_sha2’, which will be password for the ‘admin’ account
echo -n PASSWORD | sha256sum 0be64ae89ddd24e225434de95d501711339baeee18f009ba9b4369af27d30d60 -
Replace PASSWORD with an actual password
Create a sectret key using pwgen
apt-get install pwgen pwgen -s 80 1 I2UqBbXDXcWkYTs2x7wCAPs7GDmLG4iB82AuAhhtB0ayegd5SAjlMxh1Il848Vyq5DP5Q5ZN8wJmWK4m
Edit the ‘/etc/graylog/server/server.conf’ file and insert the shasum of your desired password in the ‘root_password_sha2’ line and the secret key we created with pwgen in the ‘password_secret’ line
nano /etc/graylog/server/server.conf root_password_sha2 = 0be64ae89ddd24e225434de95d501711339baeee18f009ba9b4369af27d30d60 password_secret = I2UqBbXDXcWkYTs2x7wCAPs7GDmLG4iB82AuAhhtB0ayegd5SAjlMxh1Il848Vyq5DP5Q5ZN8wJmWK4m
In the same ‘server.conf’ find the following lines and change ‘IP_ADDRESS’ with your server IP address
rest_listen_uri = http://IP_ADDRESS:9000/api/ web_listen_uri = http://IP_ADDRESS:9000/
Save the changes and restart Graylog
systemctl restart graylog-server
6. Verify Graylog Installation
Check if Graylog is properly started
systemctl status graylog-server
If everything is OK, you will get the following output
● graylog-server.service - Graylog server Loaded: loaded (/usr/lib/systemd/system/graylog-server.service; disabled; vendor preset: enabled) Active: active (running) since Sat 2017-08-19 22:50:14 CDT; 54s ago Docs: http://docs.graylog.org/ Main PID: 571 (graylog-server) CGroup: /system.slice/graylog-server.service ├─571 /bin/sh /usr/share/graylog-server/bin/graylog-server └─572 /usr/bin/java -Xms1g -Xmx1g -XX:NewRatio=1 -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThr
7. Test Graylog Installation
Finally, you should be able to access Graylog web interface at http://IP_ADDRESS:9000 and login with user ‘admin’ and the password we created as ‘root_password_sha2’.
Please check Graylog’s official documentation for more information on how to configure and use the application. http://docs.graylog.org/en/2.2/index.html
Of course, if you are one of our Managed MongoDB Hosting customers, you don’t have to install Graylog server on Ubuntu 16.04, simply ask our admins, sit back and relax. Our admins will install and configure Graylog on Ubuntu 16.4, for you immediately.
PS. If you liked this post on how to install Graylog server on Ubuntu 16.04, please share it with your friends on the social networks using the buttons below or simply leave a comment in the comments section. Thanks.