How to Install Graylog on Ubuntu 16.04

Prerequisites

Installing Default JRE/JDK

sudo apt-get update
sudo apt-get install default-jre
Sudo apt-get install default-jdk

Installing Oracle JDK

sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update

Oracle JDK 8

sudo apt-get install oracle-java8-installer

Oracle JDK 9

sudo apt-get install oracle-java9-installer

Managing Java

sudo update-alternatives –-config java
Output There are 5 choices for the alternative java (providing /usr/bin/java).
Section Path Priority Status
* 0 /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java 1081 auto mode
1 /usr/lib/jvm/java-6-oracle/jre/bin/java 1 manual mode
2 /usr/lib/jvm/java-7-oracle/jre/bin 2 manual mode
3 /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java 1081 manual mode
4 /usr/lib/jvm/java-8-oracle/jre/bin/java 3 manual mode
5 /usr/lib/jvm/java-9-oracle/bin/java 4 manual mode
Press <enter> to keep the current choice[*], or type selection number:
sudo update-alternatives –-config command

Setting the JAVA_HOME Environment Variable

sudo update-alternatives –-config java
sudo nano /etc/environment
/etc/environment
JAVA_HOME="/usr/lib/jvm/java-8-oracle"
source /etc/environment
echo $JAVA_HOME

Install Elasticsearch

wget –q0 – https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key 
add –
Echo "deb https://packages.elastic.co/elasticsearch/2.x/debian stable main" 
| sudo tee-a /etc/apt/sources.list.d/elasticsearch.list
sudo apt-get update && sudo apt-get install –y elasticsearch
sudo systemctl enable elasticsearch

Configuring Elasticsearch

sudo nano /etc/elasticsearch/elasticsearch.yml
/etc/elasticsearch/elasticsearch.yml cluster.name: <CURRENT CLUSTER NAME>
/etc/elasticsearch/elasticsearch.yml cluster.name: graylog
sudo systemctl restart elasticsearch
script.inline: false
script.indexed: false
script.file: false
sudo service elasticsearch restart
curl –X GET http://localhost:9200

{
"name" : "Marvin Flumm"
"cluster_name" : "graylog"
"version" : {
"number" : "2.3.3",
"build_hash" : "218bdf10790eef486ff2c41a3df5cfa32dadcfde",
"build_timestamp" : "2018-07-28T15:40:04Z",
"build_snapshot" : false,
"lucene_version" : "5.5.0"
},
"tagline" : "You Know, for Search"
}
curl –XGET 'http://localhost:9200/_cluster/health?pretty=true'

{
"cluster_name" : "graylog"
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 2,
"number_of_data_nodes" : 1,
"active_primary_shards" : 1,
"active_shards" : 1,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}

Install MongoDB 3.2

sudo apt-key adv –keyserver hkp://keyserver.ubuntu.com:80 –-recv EA312927
echo "deb http://repo.mongodb.org/apt/debian wheezy/mongodb-org/3.2 main" | sudo tee 
/etc/apt/sources.list.d/mongodb-org.list
sudo apt-get update && sudo apt-get install –y mongodb-org
sudo systemctl start mongod
sudo systemctl enable mongod

Installing Graylog

wget https://packages.graylog2.org/repo/packages/graylog-2.2-   
repository_latest.deb
sudo dpkg –I graylog-2.2-repository_latest.deb
sudo apt-get update
sudo apt-get install graylog-server
sudo systemctl enable graylog-server.service
pwgen – N 1 –s 96 
OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP
sudo apt-get install pwgen
password_secret = OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP
echo –n yourpassword | sha256sum   e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951
root_password_sha2 = e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951
root_email = "datamounts@gmail.com"
root_timezone = UTC
elasticsearch_discovery_zen_ping_unicast_hosts = ipaddress:9300
is_master = true
elasticsearch_max_docs_per_index = 20000000
elasticsearch_max_number_of_indices = 20
elasticsearch_shards = 1

Install Graylog Web Interface

sudo nano /etc/graylog/server/server.conf
rest_listen_uri = http://your-server-ip:12900/
web_listen_uri = http://your-server-ip:9000/
sudo systemctl daemon-reload
sudo systemctl restart graylog-server
sudo systemctl enable graylog-server
sudo tailf /var/log/graylog-server/server.log
2018-07-28T08:21:41.538Z INFO [ServerBootstrap] Graylog server up and running.

Accessing Graylog Web Interface

Configure Graylog Inputs

Conclusion

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store