How To Install Graylog on Ubuntu 16.04 LTS

Graylog is a free and open source powerful centralized log management tool based on Elasticsearch and MongoDB. Graylog helps you to collect, index and analyze any machine logs centrally.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo’ to the commands to get root privileges. I will show you through the step by step installation Graylog on a Ubuntu 16.04 (Xenial Xerus) server.

Install Graylog on Ubuntu 16.04 LTS

Step 1. First make sure that all your system packages are up-to-date by running these following apt-get commands in the terminal.

sudo apt-get update
sudo apt-get upgrade

Step 2. Installing Java.

By default Java is not available in Ubuntu default repository. So first add the Oracle Java PPA to apt with the following command:

add-apt-repository ppa:webupd8team/java
apt-get update -y
apt-get install oracle-java8-installer

Now check the java version:

java -version

Step 3. Installing MongoDB.

MongoDB cannot be installed from the Ubuntu repository, so we will have to add the MongoDB repository:

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10
echo "deb http://repo.mongodb.org/apt/debian wheezy/mongodb-org/3.0 main" > /etc/apt/sources.list.d/mongodb-org-3.0.list

Update your apt database and install MongoDB with the following command:

apt-get update -y
apt-get install mongodb-org

Start the MongoDB service and enable it to start on boot with the following command:

systemctl start mongod
systemctl enable mongod

Step 4. Installing Elasticsearch.

Elasticsearch is one of the main component which requires Graylog to run, Let’s install the Elasticsearch. First download and install GPG signing key:

wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

Now add the elasticsearch repository to sources list:

apt-get update
apt-get install elasticsearch

Start the elasticsearch service and enable it to start on boot time with the following command:

systemctl start elasticsearch
systemctl enable elasticsearch

Step 5. Installing Graylog.

First, you will need to download and install graylog repository on your system:

wget https://packages.graylog2.org/repo/packages/graylog-2.3-repository_latest.deb
dpkg -i graylog-2.3-repository_latest.deb

Update the package lists and install Graylog:

apt-get update
apt-get install graylog-server

After you have installed the Graylog Server, you have to generate secret key for Graylog using the following command:

### pwgen -N 1 -s 96 
MTtPFSMZxAvoLsUiXXauggyJ761hwkGn1ZTN2ovb8wN2tO1LzyeNbaatOrpLukp96p0MxwHQosmMGPbmw46ojnnSORVvr2

Now create a hash password for the root user that can be used to log in to the Graylog web server using the following command:

### echo -n Password | sha256sum
e7cf3ef4f17c3999a94f2c6f612e8bmwe46b1026878e4e19398b23bd38ec221a

Edit the server.conf file:

nano /etc/graylog/server/server.conf

Make changes to the file as shown below:

password_secret= MTtPFSMZxAvoLsUiXXauggyJ761hwkGn1ZTN2ovb8wN2tO1LzyeNbaatOrpLukp96p0MxwHQosmMGPborm1YRojnnSORVvr2
root_password_sha2= e7cf3ef4f17c3999a94f2c6f612e8a888e5b10268bmwe4619398b23bd38ec221a
[email protected]
root_timezone=UTC
elasticsearch_discovery_zen_ping_unicast_hosts = ipaddress:9300
elasticsearch_shards=1
script.inline: false
script.indexed: false
script.file: false

To enable the Graylog web interface, make changes to the file as shown below:

rest_listen_uri = http://your-server-ip:12900/
web_listen_uri = http://your-server-ip:9000/

After you have modified the configuration file, you can start Graylog Service using the following commands:

systemctl enable graylog-server
systemctl restart graylog-server

Step 6. Accessing Graylog.

Graylog will be available on HTTP port 8080 by default. Open your favorite browser and navigate to http://yourdomain.com:9000 or http://server-ip:9000 and complete the required the steps to finish the installation.
Installing-Graylog-LoginScreen
Congratulation’s! You have successfully installed Graylog. Thanks for using this tutorial for installing Graylog in Ubuntu 16.04 Xenial Xerus system. For additional help or useful information, we recommend you to check the official Graylog web site.

Leave a Reply