Categories
Data Ingestion Graylog log management

Install Graylog in Ubuntu 20.04

Graylog is a centralized log management tool built for capturing, storing, and enabling real-time analysis of terabytes of machine data. Here is how you can install graylog in Ubuntu 20.04

  1. If elasticsearch is already installed, then OpenJDK already installed.

You can check OpenJDK version by below command,

java -version

It shows below output,

openjdk version "11.0.8" 2020-07-14
OpenJDK Runtime Environment (build 11.0.8+10-post-Ubuntu-0ubuntu120.04)
OpenJDK 64-Bit Server VM (build 11.0.8+10-post-Ubuntu-0ubuntu120.04, mixed mode, sharing)
  1. If elasticsearch is not installed, follow this blog to install elasticsearch

Install Elasticsearch in Ubuntu 20.04

Then Ctrl+x, press “y” to save.

  1. Install Mongodb
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 9DA31620334BD75D9DCB49F368818C72E52529D4
echo "deb [ arch=amd64 ] <https://repo.mongodb.org/apt/ubuntu> bionic/mongodb-org/4.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.0.list
sudo apt-get update
sudo apt-get install -y mongodb-org

Enable mongodb during os startup,

sudo systemctl daemon-reload
sudo systemctl enable mongod.service
sudo systemctl restart mongod.service

Check if mongodb running,

sudo systemctl --type=service --state=active | grep mongod

It should show below output,

mongod.service                                                                            loaded active running MongoDB Database Server
  1. Install greylog,
wget <https://packages.graylog2.org/repo/packages/graylog-3.3-repository_latest.deb>
sudo dpkg -i graylog-3.2-repository_latest.deb
sudo apt-get update && sudo apt-get install graylog-server

Start greylog,

sudo systemctl enable graylog-server.service
sudo systemctl start graylog-server.service
  1. You must set a secret that is used for password encryption.
pwgen -N 1 -s 96

If pwgen is not already installed, install it as below,

sudo apt install pwgen

you will get something like this,

V5kGYOFvauEcuSt0qRiCbOP1ZIRSekpMsCSMz8SyWCa1RFRTsEGM7JTkkvuk5S0a9C4eTW4AOpPpWSDlWiWwj3SHmloa7k8E

Edit server.conf file and place the secret in password_secret =

sudo nano /etc/graylog/server/server.conf
password_secret = V5kGYOFvauEcuSt0qRiCbOP1ZIRSekpMsCSMz8SyWCa1RFRTsEGM7JTkkvuk5S0a9C4eTW4AOpPpWSDlWiWwj3SHmloa7k8E
  1. Now generate a hash (sha256) password for the admin user of graylog.

Replace “Password” with your own password.

echo -n Password | sha256sum

Output:

e7cf3ef4f17c3999a94f2c6f612e8a888e5b1026878e4e19398b23bd38ec221a  -

Add this sha256 password in “root_password_sha2” of server.conf file.

sudo nano /etc/graylog/server/server.conf
root_password_sha2 = e7cf3ef4f17c3999a94f2c6f612e8a888e5b1026878e4e19398b23bd38ec221a  -
  1. Set greylog web interface
sudo nano /etc/graylog/server/server.conf

Uncomment

http_bind_address = 127.0.0.1:9000
root_email = "[email protected]"
  1. Start and enable the Graylog service.
sudo systemctl restart graylog-server

Access greylog using 127.0.0.1:9000

Login username will be “admin” and password willbe the password which you configured at root_password_sha2 in the server.conf file.

Referencesâž–

https://docs.graylog.org/en/3.2/pages/installation/os/ubuntu.html

https://docs.graylog.org/en/3.2/pages/installation/manual_setup.html

By Satyanarayan Bhanja

Machine learning engineer

Leave a Reply

Your email address will not be published. Required fields are marked *