How to Install Graylog Server on Ubuntu 22.04
In this tutorial, we are going to show you how to install the Graylog server on Ubuntu 22.04 OS.
Graylog is an open-source log management system that collects, analyzes, and sends alerts from large log data. Graylog uses the Elasticsearch search engine and MongoDB database service, which are required for analyzing structured and unstructured logs. In this tutorial, except for the Graylog server, elasticsearch, and MongoDB, we will install Java and Nginx and will configure reverse proxy so you can access Graylog via domain name.
Installing the Graylog server and setting up all requirements is a very easy process and may take up to 20 minutes. Let’s get started!
Prerequisites
- A server with Ubuntu 22.04 as OS and a Minimum 4GB of RAM
- Valid domain pointed to the servers IP address
- User privileges: root or non-root user with sudo privileges
Step 1. Update the System
Before we start with the installation of this software we will update the system packages to their latest versions available.
sudo apt-get update -y && sudo apt-get upgrade -y
Step 2. Install Nginx
To install the Nginx web server execute the following command:
sudo apt-get install nginx -y
After successful installation, the Nginx service will be automatically started. To check the status of Nginx, execute the following command:
sudo systemctl status nginx
You should get the following output:
[email protected]:~# sudo systemctl status nginx ● nginx.service - A high performance web server and a reverse proxy server Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2022-11-18 03:28:11 CST; 14min ago Docs: man:nginx(8) Process: 3778 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS) Process: 3779 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS) Main PID: 3874 (nginx) Tasks: 4 (limit: 4575) Memory: 6.0M CPU: 53ms CGroup: /system.slice/nginx.service ├─3874 "nginx: master process /usr/sbin/nginx -g daemon on; master_process on;"
Step 3. Install MongoDB Database Server
First, add the GPG keys:
wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -
Then, we need to add the MongoDB repository:
echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list echo "deb http://security.ubuntu.com/ubuntu focal-security main" | sudo tee /etc/apt/sources.list.d/focal-security.list
Once done, update the system and install the MongoDB database server.
sudo apt update -y sudo apt upgrade -y sudo apt-get install gnupg libssl1.1 -y sudo apt-get install mongodb-org=4.4.8 mongodb-org-server=4.4.8 mongodb-org-shell=4.4.8 mongodb-org-mongos=4.4.8 mongodb-org-tools=4.4.8 -y
After this start and enable the MongoDB service:
sudo systemctl start mongod && sudo systemctl enable mongod
To check the status of MongoDB execute the command below:
sudo systemctl status mongod
You should receive the following output:
[email protected]:~# systemctl status mongod ● mongod.service - MongoDB Database Server Loaded: loaded (/lib/systemd/system/mongod.service; disabled; vendor preset: enabled) Active: active (running) since Fri 2022-11-18 03:59:25 CST; 5s ago Docs: https://docs.mongodb.org/manual Main PID: 8635 (mongod) Memory: 59.9M CPU: 1.036s CGroup: /system.slice/mongod.service └─8635 /usr/bin/mongod --config /etc/mongod.conf Nov 18 03:59:25 host.test.vps systemd[1]: Started MongoDB Database Server.
Step 4. Install Java
To install the latest Java version, we need to install first some Java dependencies:
apt install apt-transport-https gnupg2 uuid-runtime pwgen curl dirmngr -y
Once these dependencies are installed, we can install Java with the following command:
apt install openjdk-11-jre-headless -y
After successfull installation, check the installed Java version:
java --version
You should receive output similar to this:
[email protected]:~# java --version openjdk 11.0.17 2022-10-18 OpenJDK Runtime Environment (build 11.0.17+8-post-Ubuntu-1ubuntu222.04) OpenJDK 64-Bit Server VM (build 11.0.17+8-post-Ubuntu-1ubuntu222.04, mixed mode, sharing)
Step 5. Install Elasticsearch
First we are going to add the elasticsearch public key to the APT, and the elastic source to the sources.list.d.
To add the GPG-KEY execute the following command:
curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elastic.gpg
To add the elastic source in the sources.list.d execute the following command:
echo "deb [signed-by=/usr/share/keyrings/elastic.gpg] https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
Now, update the system and install the elastic search with the following commands:
sudo apt update -y sudo apt install elasticsearch
Start and enable the elasticsearch service.
sudo systemctl start elasticsearch && sudo systemctl enable elasticsearch
To check the status of the service if is up and running execute the following command:
sudo systemctl status elasticsearch
You should receive the following output:
[email protected]:~# sudo systemctl status elasticsearch ● elasticsearch.service - Elasticsearch Loaded: loaded (/lib/systemd/system/elasticsearch.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2022-11-22 16:59:52 CST; 2min 8s ago Docs: https://www.elastic.co Main PID: 11001 (java) Tasks: 68 (limit: 4575) Memory: 2.3G CPU: 2min 36.261s CGroup: /system.slice/elasticsearch.service ├─11001 /usr/share/elasticsearch/jdk/bin/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch > └─11191 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64/bin/controller Nov 22 16:58:50 host.test.vps systemd[1]: Starting Elasticsearch...
After starting the service we need to configure the cluster name for our Graylog server:
sudo nano /etc/elasticsearch/elasticsearch.yml
Enter these lines of code:
cluster.name: graylog action.auto_create_index: false
Save the file, close it and restart the daemon along with elasticsearch service:
sudo systemctl daemon-reload && sudo systemctl restart elasticsearch
Step 6. Install Graylog Server
First, we need to download the Graylog package:
wget https://packages.graylog2.org/repo/packages/graylog-4.3-repository_latest.deb
After that, we need to install it:
dpkg -i graylog-4.3-repository_latest.deb sudo apt update -y sudo apt install graylog-server -y
Start and Enable the graylog-server service:
systemctl enable graylog-server.service && systemctl start graylog-server.service
To check the status of the Graylog server execute the following command:
systemctl status graylog-server
You should get output similar to this:
● graylog-server.service - Graylog server
Loaded: loaded (/lib/systemd/system/graylog-server.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2022-11-22 18:03:17 CST; 199ms ago
Docs: http://docs.graylog.org/
Main PID: 13451 (graylog-server)
Tasks: 9 (limit: 4575)
Memory: 5.5M
CPU: 268ms
CGroup: /system.slice/graylog-server.service
├─13451 /bin/sh /usr/share/graylog-server/bin/graylog-server
├─13470 /usr/bin/java -XX:+PrintFlagsFinal
└─13471 grep -q UseConcMarkSweepGC
Nov 22 18:03:17 host.test.vps systemd[1]: Started Graylog server.
Step 7. Configure Graylog User
In this step we will secure the user passwords using the password generator command pwgen.
pwgen -N 1 -s 96
You will get output similar to this:
hG1gMQmadHjwU31q3jqQk6Mfe85HW1go7nEfUjIvGvUVfMdqrcGlqOFPAtQilK8uujHR9uRZ2sA0fZ6RSPmpPESviRztoTGc
Then we will create an admin password:
echo -n YourStrongPasswordHere | shasum -a 256
You will receive output similar to this:
[email protected]:~# echo -n YourStrongPasswordHere | shasum -a 256 ddea588114d8e836dcc38e6a172dc03e6e256eca7788dab45be849dfe60b24f2 -
Open the /etc/graylog/server/server.conf file and find the part password_secret and root_password_sha2 fields. Paste the previously generated passwords.
password_secret = hG1gMQmadHjwU31q3jqQk6Mfe85HW1go7nEfUjIvGvUVfMdqrcGlqOFPAtQilK8uujHR9uRZ2sA0fZ6RSPmpPESviRztoTGc root_password_sha2 = ddea588114d8e836dcc38e6a172dc03e6e256eca7788dab45be849dfe60b24f2
Save the file, close it and restart the graylog server.
systemctl daemon-reload systemctl restart graylog-server
Step 8. Create Nginx Virtual Host
Create the Nginx virtual host file.
touch /etc/nginx/sites-available/graylog.conf
Open the file and paste the following lines of code:
server {
listen 80;
server_name <strong>YourDomainHere</strong>;
location /
{
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL http://$server_name/;
proxy_pass <strong>http://YourServerIPHere:9000</strong>;
}
}
Enable the Nginx configuration with a symbolic link.
ln -s /etc/nginx/sites-available/graylog.conf /etc/nginx/sites-enabled/
Check the Nginx syntax:
nginx -t
If you get the following output, restart the Nginx service:
[email protected]:~# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
systemctl restart nginx
Now, you can access your Graylog server at http://YourDomainHere.com using the credentials you created above.
Once logged in, you will get the following screen:
That’s it. You successfully installed the Graylog server on your Ubuntu 22.04 server. Of course, if you find some difficulties while installing the Graylog server, you do not have to install it yourself. You can always contact our system admins with their expertise. All you need to do is to contact our support. We are available 24/7.
PS. If you liked this post on how to install the Graylog server on Ubuntu 22.04, please share it with your friends on social networks using the buttons on the left or simply leave a reply below. Thanks.