Installing GreyLog: A CreatingNetworks How-To

Installing GreyLog: A CreatingNetworks How-To

Glenn Kelley Glenn Kelley

Glenn Kelley

Empowering People & Networks to Get Stuff Done

发布日期: 2022年8月26日
+ 关注

Installing Graylog: A simple to follow How To

So you found this article and might be wondering … what is Graylog?

Graylog is an open-source tool that offers an integrated platform for collecting, indexing, and analyzing log data. The system essentially consists of the Graylog web interface, the Graylog servers, the Elasticsearch nodes, and a Mongo database.

The nodes can be scaled as required. A system in which everything is combined in one node is sufficient for testing. The Graylog server is the central element of the architecture, which takes care of the management of the Elasticsearch indices and forms an abstraction layer. Therefore, it would be possible to swap Elasticsearch for another system that is particularly suitable for analyzing the log data.

Graylog supports various input mechanisms. By default, four different formats or protocols are supported: Syslog, GELF, JSON / REST-URLs, and RAW. syslog is a standard for the transmission of log messages and is often used by system components.

Things we require to perform this tutorial:

  • MongoDB
  • ElasticSearch
  • Graylog server
  • A non-root user with?sudo?rights
  • A Ubuntu server with?4 CPU Cores and?8 GB RAM

Steps to Install Graylog Ubuntu 20.04 LTS

1. Install required dependencies

There are few things required by the Graylog server to be installed on Ubuntu 20.04 LTS out of them are Java, password generator along with some common ones. Run the below commands to install all of them.

First, run the system update command 

sudo apt update

Then install the following packages… 

sudo apt-get install apt-transport-https openjdk-11-jre-headless uuid-runtime pwgen

2. Setup MongoDB on Ubuntu 20.04 for Graylog

Graylog uses MongoDB to store data, hence we need to install it on our server so that later the generated logs can be saved there for further analyses.

The?packages we need to install?MongoDB are already available on the official repository of Ubuntu, thus simply run the below command: 

sudo apt install -y mongodb-server

Enable and start the Database Server services: 

sudo systemctl enable --now mongodb
sudo systemctl restart mongod.service

To check whether it is running properly without any error you can run: 

sudo systemctl status mongodb

PLEASE NOTE MONGODB IS NOT SECURE - PLEASE MAKE SURE TO SECURE MONGODB AFTER YOU ARE DONE FOLLOWING THE REST OF THIS INSTALLATION DOCUMENT


3. Install Elastic Search on ubuntu 20.04 LTS server


Elasticsearch is an open-source full-text search and analytics engine. It is also highly scalable and allows users to store, search, and analyze big volumes of data quickly and in near real-time which will be helpful in Graylog to deal?& analyze with a large number of logs.

This system is not available in Ubuntu 20.04’s base repo, hence we manually need to add the official Elastic Search repository.

Add GPG Key: 

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

Add Elastic Search repository: 

echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list

Command to Install ElasticSearch open-source version on Ubuntu 20.04 

sudo apt-get update && sudo apt-get install elasticsearch-oss

Modify the Elasticsearch configuration file to set cluster name to?graylog?and add?action.auto_create_index: false

For this simply?copy-paste?the below given?whole command block?and hit?Enter?key. 

sudo tee -a /etc/elasticsearch/elasticsearch.yml > /dev/null <<EOT
cluster.name: graylog
action.auto_create_index: false
EOT

Enable and start Elastic search service: 

sudo systemctl daemon-reload
sudo systemctl enable --now elasticsearch
sudo systemctl restart elasticsearch.service

4. Command to Install Graylog Server on Ubuntu 20.04

领英推荐

Download the repository of Graylog that is available as a deb package. 

wget https://packages.graylog2.org/repo/packages/graylog-4.0-repository_latest.deb

Install it: 

sudo dpkg -i graylog-4.0-repository_latest.deb

Now, update your system,?so that it could recognize the newly added repository to download the packages for Graylog: 

sudo apt-get update

Finally, install it 

sudo apt-get install graylog-server

Extra: If you also want to install the Integrations Plugins or the Enterprise Plugins (need license), then run: 

sudo apt install graylog-enterprise-plugins graylog-integrations-plugins graylog-enterprise-integrations-plugins

5. Edit Graylog configuration file to set admin Password

There are two password values-?password_secret?and?root_password_sha2, we need to configure them otherwise Graylog on Ubuntu 20.04 LTS will not start at all.

These two values are present in the?Graylog configuration file?and what we set for them will use to secure user passwords and log in to the admin user on its web interface. But we cannot set a plain text value for them instead we have to generate a hash. So, run:

Set password_secret key 

pwgen -N 1 -s 96

The above command will generate a secret key to secure user passwords, so?copy?that and edit the configuration file using: 

sudo nano /etc/graylog/server/server.conf

Now, find?password_secret =?in the file and paste the copied secret key in front of it.

There are two password values-?password_secret?and?root_password_sha2, we need to configure them otherwise Graylog on Ubuntu 20.04 LTS will not start at all.

These two values are present in the?Graylog configuration file?and what we set for them will use to secure user passwords and log in to the admin user on its web interface. But we cannot set a plain text value for them instead we have to generate a hash. So, run:

Set password_secret key 

pwgen -N 1 -s 96

The above command will generate a secret key to secure user passwords, so?copy?that and edit the configuration file using: 

sudo nano /etc/graylog/server/server.conf

Now, find?password_secret =?in the file and paste the copied secret key in front of it.

Also, by default, the Graylog is only accessible using localhost IP i.e?127.0.0.1?thus in case you are planning to access its web interface remotely, then change it with your server IP address in the configuration file.

Find the line:?http_bind_address,?uncomment it and change?127.0.0.1?with the?IP address of your system where you are installing graylog.

Save the file– Ctrl + X, Y?and hit the?Enter?key.

6. Enable and Restart Graylog Server

We already have done all the essential configuration, now enable this log system service to start automatically. 

sudo systemctl daemon-reload
sudo systemctl enable --now graylog-server

sudo systemctl restart graylog-server

It is wise to check whether it is running without any error or not:  do that by running this command
sudo systemctl status graylog-server

If you are planning to access the Graylog web interface?remotely then also open port?9000?in the Ubuntu firewall:

sudo ufw allow 9000

7. Access Web interface

Open a browser on your local system or remote that can access the Ubuntu 20.04 server Ip-address. And type the?https://your-server-ipaddress:9000

Replace?your-server-ip-address?with the actual?IP address of your Server where Graylog?has been installed.

The default username is?admin?whereas the?password?is what you have set in?step 5?of this article for root_password.?For example?in the command, we have used?MyPassword.Inst




Edit 11/8/2023 ** https://github.com/connectivityengineer/installscripts/blob/main/greyloginstaller-ubuntu2204.sh is an install script to help automate the install.


要查看或添加评论,请登录

Glenn Kelley的更多文章

社区洞察

其他会员也浏览了