Documente Academic
Documente Profesional
Documente Cultură
04
UBUNTU
Graylog is an open-source log management tool that helps you to collect, index and analyze any
machine logs centrally. This guide focuses on installing Graylog on Ubuntu 18.04 / Ubuntu 16.04.
Components
MongoDB – Acts as a database, stores the configurations and meta information.
Elasticsearch – It stores the log messages and offers a searching facility. It is recommended to
allocate more memory and use SAS or SAN disks for Elasticsearch nodes. Here, where all your
searching happens.
Graylog Server – Log Parser. It collects the logs from various inputs and provides output to a built-
in web interface for managing the logs.
Prerequisites
As you know, Elasticsearch is a java based application. Install either OpenJDK or Oracle JDK on your
machine to proceed further.
x
Hands-On pfSense 2.x for Firewalls and Routers [Video]
https://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog-on-ubuntu-16-04.html 1/19
5/18/2019 How To Install Graylog 3.0 on Ubuntu 18.04 / Ubuntu 16.04
x
sudo apt update
sudo apt install -y apt-transport-https openjdk-8-jre-headless uuid-runtime pwgen curl dirmn
java -version
Output:
Install Elasticsearch
Elasticsearch is one of the main components which requires Graylog to run, acts as a search server,
offers a real-time distributed search and analytics with the RESTful web interface.
Elasticsearch stores all the logs sent by the Graylog server and displays the messages whenever user
request over the built-in web interface.
x
Update the repository cache and install Elasticsearch package.
https://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog-on-ubuntu-16-04.html 2/19
5/18/2019 How To Install Graylog 3.0 on Ubuntu 18.04 / Ubuntu 16.04
The only important thing is to set a cluster name as graylog. Edit the configuration file of Elasticsearch
and update it accordingly.
cluster.name: graylog
Wait at least a minute to let the Elasticsearch get fully restarted. Elastisearch should be now listening
on 9200 for the processing HTTP request. Use a CURL to check the response.
Output:
https://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog-on-ubuntu-16-04.html 3/19
5/18/2019 How To Install Graylog 3.0 on Ubuntu 18.04 / Ubuntu 16.04
x
{
"name" : "bgVbYrc",
"cluster_name" : "graylog",
"cluster_uuid" : "-wECQlwnSZWftd_XdWSz-g",
"version" : {
"number" : "6.6.1",
"build_flavor" : "default",
"build_type" : "deb",
"build_hash" : "1fd8f69",
"build_date" : "2019-02-13T17:10:04.160291Z",
"build_snapshot" : false,
"lucene_version" : "7.6.0",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}
Output:
https://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog-on-ubuntu-16-04.html 4/19
5/18/2019 How To Install Graylog 3.0 on Ubuntu 18.04 / Ubuntu 16.04
€106.25
{
"cluster_name" : "graylog",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"active_primary_shards" : 0,
"active_shards" : 0,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}
Install MongoDB
Download and install the latest version of MongoDB from the official website. Import the public key on
the terminal to begin. x
https://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog-on-ubuntu-16-04.html 5/19
5/18/2019 How To Install Graylog 3.0 on Ubuntu 18.04 / Ubuntu 16.04
x
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 9DA31620334BD75D9DCB49F368
€106.25
x
Start the MongoDB and enable it on the system start-up.
https://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog-on-ubuntu-16-04.html 6/19
5/18/2019 How To Install Graylog 3.0 on Ubuntu 18.04 / Ubuntu 16.04
x
sudo systemctl start mongod
sudo systemctl enable mongod
Install Graylog
Graylog Server accepts and processes the log messages and then displays it for the requests that
come from the graylog web interface.
wget https://packages.graylog2.org/repo/packages/graylog-3.0-repository_latest.deb
sudo dpkg -i graylog-3.0-repository_latest.deb
Configure Graylog x
You must set a secret to secure the user passwords. Use the pwgen command to the same.
https://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog-on-ubuntu-16-04.html 7/19
5/18/2019 How To Install Graylog 3.0 on Ubuntu 18.04 / Ubuntu 16.04
x
pwgen -N 1 -s 96
Output:
fGoTI07CooB6xNy5sdPVSKSuq6QSu2QyWf6G9z3haolgwbERTQ9ZbfbF6hxRYbJMMAlEZX7CXHxJLBkNyfM0420u8aFu
password_secret = fGoTI07CooB6xNy5sdPVSKSuq6QSu2QyWf6G9z3haolgwbERTQ9ZbfbF6hxRYbJMMAlEZX7CXH
Next is to set a hash (sha256) password for the root user (not to be confused with the system user,
the root user of graylog is admin).
You will need this password to login into the Graylog web interface. Admin’s password can’t be
changed using the web interface. So, you must edit this variable to set.
x
echo -n yourpassword | sha256sum
https://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog-on-ubuntu-16-04.html 8/19
5/18/2019 How To Install Graylog 3.0 on Ubuntu 18.04 / Ubuntu 16.04
Output: x
e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951
root_password_sha2 = e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951
root_email = "itzgeek.web@gmail.com"
root_timezone = UTC
Set only one master node by defining the below variable. If you add a second Graylog node, set this to
false to make the second node as a slave as the Master node does some periodic tasks that slave
nodes won’t perform.
is_master = true
Set the number of log messages to keep per index; it is recommended to have several smaller indices
instead of larger ones.
elasticsearch_max_docs_per_index = 20000000
The following parameter defines to have a total number of indices if this number is reached old index
x
will be deleted.
https://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog-on-ubuntu-16-04.html 9/19
5/18/2019 How To Install Graylog 3.0 on Ubuntu 18.04 / Ubuntu 16.04
x
elasticsearch_max_number_of_indices = 20
Shards setting rely on the number of nodes in the particular Elasticsearch cluster. If you have only one
node, set it as 1.
elasticsearch_shards = 1
This setting defines the number of replicas for your indices. If you have only one node in the
Elasticsearch cluster, then set it as 0.
elasticsearch_replicas = 0
Update the below entry with your system ip address from which you will access the Graylog web
interface.
http_bind_address = your-server-ip:9000
https://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog-on-ubuntu-16-04.html 10/19
5/18/2019 How To Install Graylog 3.0 on Ubuntu 18.04 / Ubuntu 16.04
You can check out the server startup logs, and it will be useful for you to troubleshoot Graylog in casex
of an issue.
On the successful start of graylog-server, you should get the following message in the log file.
Access Graylog
The web interface will now be listening on port 9000, point your browser to
http://ip.add.re.ss:9000
Login with username admin and the password you configured at root_password_sha2 on server.conf.
x
Install Graylog 3.0 on Ubuntu 18.04 – Graylog Login Screen
https://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog-on-ubuntu-16-04.html 11/19
5/18/2019 How To Install Graylog 3.0 on Ubuntu 18.04 / Ubuntu 16.04
Once you logged in, you would see the getting started page. x
Click on System >> Overview to know the status of the Graylog server.
https://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog-on-ubuntu-16-04.html 12/19
5/18/2019 How To Install Graylog 3.0 on Ubuntu 18.04 / Ubuntu 16.04
For this example, we will set up an input for receiving logs from syslog on port number UDP 1514.
Because if you start to try an input on one of the privileged ports, any TCP/UDP port number below
1024, you would see permission denied error in Graylog logs.
Click System >> Inputs >> select Syslog UDP and then click Launch new input.
https://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog-on-ubuntu-16-04.html 13/19
5/18/2019 How To Install Graylog 3.0 on Ubuntu 18.04 / Ubuntu 16.04
Port: 1514
https://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog-on-ubuntu-16-04.html 14/19
5/18/2019 How To Install Graylog 3.0 on Ubuntu 18.04 / Ubuntu 16.04
Configure Rsyslog
https://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog-on-ubuntu-16-04.html 15/19
5/18/2019 How To Install Graylog 3.0 on Ubuntu 18.04 / Ubuntu 16.04
Once you have created the inputs, configure Rsyslog or forward any system logs to your Graylog x
server.
Typical Rsyslog configuration will look like below to send logs on UDP 1514.
*.info;mail.none;authpriv.none;cron.none @192.168.1.10:1514
Following screenshot shows the logs received by Graylog (Graylog console >> Search).
https://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog-on-ubuntu-16-04.html 16/19
5/18/2019 How To Install Graylog 3.0 on Ubuntu 18.04 / Ubuntu 16.04
Install Graylog 3.0 on Ubuntu 18.04 – View Syslog Messages using Graylog
Conclusion
You have successfully installed Graylog 3.0 on Ubuntu 18.04 / Ubuntu 16.04 and configured Graylog
to receive Rsyslog logs from external sources. As a further read, you can try configuring Nginx or
Apache as a reverse proxy and set up HTTPS for the Graylog web interface.
https://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog-on-ubuntu-16-04.html 17/19
5/18/2019 How To Install Graylog 3.0 on Ubuntu 18.04 / Ubuntu 16.04
3 Comments ITzGeek
1 Login x
LOG IN WITH
OR SIGN UP WITH DISQUS ?
Name
https://github.com/Graylog2...
△ ▽ • Reply • Share ›
ALSO ON ITZGEEK
How To Integrate Google Drive on Linux Mint Configure OpenLDAP with SSL on CentOS 7 /
19 “Tara” RHEL 7
5 comments • 10 months ago 11 comments • a year ago
shelbysalpha — I am trying to open a file from shankars — I had the same issue, solved by
AvatarDraftSight but the network drives are not seen. Avatarfollowing your way. Thank you.
How To Enable SSH on Ubuntu 18.04, Linux How To Integrate Google Drive on Ubuntu
Mint 19 & Debian 9 18.04 (Bionic Beaver)
1 comment • 18 days ago 1 comment • a year ago
RO — And make sure your firewall (probably ufw Onii Chan — Hey, thanks for that, but I can't copy
Avataras on my Mint 19.1 installation) is set to allow Avataror paste items, It says authorization required ?
incoming - drove me crazy till I caught on to the
x
✉ Subscribe d Add Disqus to your siteAdd DisqusAdd 🔒 Disqus' Privacy PolicyPrivacy PolicyPrivacy
https://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog-on-ubuntu-16-04.html 18/19
5/18/2019 How To Install Graylog 3.0 on Ubuntu 18.04 / Ubuntu 16.04
CONTENTS x
Components
Prerequisites
Install Elasticsearch
Install MongoDB
Install Graylog
Configure Graylog
Access Graylog
Configure Rsyslog
Conclusion
LIKE US ON FACEBOOK
ITzGeek
3,434 likes
NEWSLETTER
Subscribe our newsletter to stay updated.
https://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog-on-ubuntu-16-04.html 19/19