Install Graylog in Ubuntu 20.04

  1. If elasticsearch is already installed, then OpenJDK already installed.

You can check OpenJDK version by below command,

java -version

It shows below output,

openjdk version "11.0.8" 2020-07-14
OpenJDK Runtime Environment (build 11.0.8+10-post-Ubuntu-0ubuntu120.04)
OpenJDK 64-Bit Server VM (build 11.0.8+10-post-Ubuntu-0ubuntu120.04, mixed mode, sharing)
  1. If elasticsearch is not installed, follow this blog to install elasticsearch

Install Elasticsearch in Ubuntu 20.04

Then Ctrl+x, press “y” to save.

  1. Install Mongodb
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 9DA31620334BD75D9DCB49F368818C72E52529D4
echo "deb [ arch=amd64 ] <https://repo.mongodb.org/apt/ubuntu> bionic/mongodb-org/4.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.0.list
sudo apt-get update
sudo apt-get install -y mongodb-org

Enable mongodb during os startup,

sudo systemctl daemon-reload
sudo systemctl enable mongod.service
sudo systemctl restart mongod.service

Check if mongodb running,

sudo systemctl --type=service --state=active | grep mongod

It should show below output,

mongod.service                                                                            loaded active running MongoDB Database Server
  1. Install greylog,
wget <https://packages.graylog2.org/repo/packages/graylog-3.3-repository_latest.deb>
sudo dpkg -i graylog-3.2-repository_latest.deb
sudo apt-get update && sudo apt-get install graylog-server

Start greylog,

sudo systemctl enable graylog-server.service
sudo systemctl start graylog-server.service
  1. You must set a secret that is used for password encryption.
pwgen -N 1 -s 96

If pwgen is not already installed, install it as below,

sudo apt install pwgen

you will get something like this,

V5kGYOFvauEcuSt0qRiCbOP1ZIRSekpMsCSMz8SyWCa1RFRTsEGM7JTkkvuk5S0a9C4eTW4AOpPpWSDlWiWwj3SHmloa7k8E

Edit server.conf file and place the secret in password_secret =

sudo nano /etc/graylog/server/server.conf
password_secret = V5kGYOFvauEcuSt0qRiCbOP1ZIRSekpMsCSMz8SyWCa1RFRTsEGM7JTkkvuk5S0a9C4eTW4AOpPpWSDlWiWwj3SHmloa7k8E
  1. Now generate a hash (sha256) password for the admin user of graylog.

Replace “Password” with your own password.

echo -n Password | sha256sum

Output:

e7cf3ef4f17c3999a94f2c6f612e8a888e5b1026878e4e19398b23bd38ec221a  -

Add this sha256 password in “root_password_sha2” of server.conf file.

sudo nano /etc/graylog/server/server.conf
root_password_sha2 = e7cf3ef4f17c3999a94f2c6f612e8a888e5b1026878e4e19398b23bd38ec221a  -
  1. Set greylog web interface
sudo nano /etc/graylog/server/server.conf

Uncomment

http_bind_address = 127.0.0.1:9000
root_email = "admin@example.com"
  1. Start and enable the Graylog service.
sudo systemctl restart graylog-server

Access greylog using 127.0.0.1:9000

Login username will be “admin” and password willbe the password which you configured at root_password_sha2 in the server.conf file.

References➖

https://docs.graylog.org/en/3.2/pages/installation/os/ubuntu.html

https://docs.graylog.org/en/3.2/pages/installation/manual_setup.html


Posted

in

, ,

by

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *