How to Install Graylog Server on Ubuntu 16.04

How to Install Graylog Server on Ubuntu 16.04

We’ll show you, How to Install Graylog Server on Ubuntu 16.04. Graylog is a free and open source, centralized log management tool based on MongoDB and Elasticsearch. Using Graylog you can easily collect and analyze your server logs. Graylog is made up of three components Elasticsearch, MongoDB and Graylog server. Elasticsearch is used to store the logs and provide searching facilities. MongoDB stores the configuration and meta information. Graylog server collects the log messages from different inputs and provides a web interface for managing the logs. Installing Graylog Server on Ubuntu 16.04 is not so complicated and should be done in less then 10 minutes.

In this tutorial we will guide you through the steps of installing Graylog on an Ubuntu 16.04 VPS

1. Login via SSH

Login to your VPS as user root

ssh root@IP_ADDRESS

and update the system

apt-get update && apt-get upgrade

2. Install Java

We need Java installed on the server for the Graylog installation. It can be installed from the official ubuntu repo. You can also read our detailed tutorial on how to install java on ubuntu 16.04

apt-get install openjdk-7-jre

check the version

java -version

openjdk version "1.8.0_131"
OpenJDK Runtime Environment (build 1.8.0_131-8u131-b11-2ubuntu1.16.04.3-b11)
OpenJDK 64-Bit Server VM (build 25.131-b11, mixed mode)

3. Install MongoDB

MongoDB cannot be installed from the Ubuntu repository, so we will have to add the MongoDB repository. You can also read our detailed tutorial on How to Install MongoDB on Ubuntu 16.0

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10
echo "deb http://repo.mongodb.org/apt/debian wheezy/mongodb-org/3.0 main" > /etc/apt/sources.list.d/mongodb-org-3.0.list
apt-get update

and run the following command to install MongoDB

apt-get install mongodb-org

Once installed, start MongoDB and enable it to start on boot

systemctl start mongod
systemctl enable mongod

4. Install Elasticsearch

Add the GPG key to the server:

wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

Now add the elasticsearch repository to sources list

apt-get install apt-transport-https
echo "deb https://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch-2.x.list

Update the package lists and install Elasticsearch

apt-get update && apt-get install elasticsearch

Once the installation is completed, modify the Elasticsearch configuration file, uncomment the ‘cluster.name’ name, and change it to ‘graylog’.

cluster.name: graylog

start Elastcisearch and enable it to start at boot time

systemctl start elasticsearch
systemctl enable elasticsearch

5. Install and Configure Graylog

Download and install Graylog repository

wget https://packages.graylog2.org/repo/packages/graylog-2.3-repository_latest.deb
dpkg -i graylog-2.3-repository_latest.deb

Update the package lists and install Graylog

apt-get update && apt-get install graylog-server

Next, we must specify ‘root_password_sha2’ password and secret key.

Run the following command to create your password ‘root_password_sha2’, which will be password for the ‘admin’ account

echo -n PASSWORD | sha256sum
0be64ae89ddd24e225434de95d501711339baeee18f009ba9b4369af27d30d60 -

Replace PASSWORD with an actual password

Create a sectret key using pwgen

apt-get install pwgen
pwgen -s 80 1
I2UqBbXDXcWkYTs2x7wCAPs7GDmLG4iB82AuAhhtB0ayegd5SAjlMxh1Il848Vyq5DP5Q5ZN8wJmWK4m

Edit the ‘/etc/graylog/server/server.conf’ file and insert the shasum of your desired password in the ‘root_password_sha2’ line and the secret key we created with pwgen in the ‘password_secret’ line

nano /etc/graylog/server/server.conf
root_password_sha2 = 0be64ae89ddd24e225434de95d501711339baeee18f009ba9b4369af27d30d60
password_secret = I2UqBbXDXcWkYTs2x7wCAPs7GDmLG4iB82AuAhhtB0ayegd5SAjlMxh1Il848Vyq5DP5Q5ZN8wJmWK4m

In the same ‘server.conf’ find the following lines and change ‘IP_ADDRESS’ with your server IP address

rest_listen_uri = http://IP_ADDRESS:9000/api/
web_listen_uri = http://IP_ADDRESS:9000/

Save the changes and restart Graylog

systemctl restart graylog-server

6. Verify Graylog Installation

Check if Graylog is properly started

systemctl status graylog-server

If everything is OK, you will get the following output

● graylog-server.service - Graylog server
Loaded: loaded (/usr/lib/systemd/system/graylog-server.service; disabled; vendor preset: enabled)
Active: active (running) since Sat 2017-08-19 22:50:14 CDT; 54s ago
Docs: http://docs.graylog.org/
Main PID: 571 (graylog-server)
CGroup: /system.slice/graylog-server.service
├─571 /bin/sh /usr/share/graylog-server/bin/graylog-server
└─572 /usr/bin/java -Xms1g -Xmx1g -XX:NewRatio=1 -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThr

7. Test Graylog Installation

Finally, you should be able to access Graylog web interface at http://IP_ADDRESS:9000 and login with user ‘admin’ and the password we created as ‘root_password_sha2’.

Please check Graylog’s official documentation for more information on how to configure and use the application. http://docs.graylog.org/en/2.2/index.html


Of course, if you are one of our Managed MongoDB Hosting customers, you don’t have to install Graylog server on Ubuntu 16.04, simply ask our admins, sit back and relax. Our admins will install and configure Graylog on Ubuntu 16.4, for you immediately.

PS. If you liked this post on how to install Graylog server on Ubuntu 16.04, please share it with your friends on the social networks using the buttons below or simply leave a comment in the comments section. Thanks.

Leave a Comment