Describes how to install the Graylog logging system on a virtual server running the Ubuntu 18.04 operating system.
What is graylog?
Large corporations tend to have many systems and applications running at the same time, making error logging difficult. To effectively manage these records, specialized tools are used to centralize them.
Graylog is a professional application that provides a unified and centralized message system from various sources: operating system, applications, information systems in order to centralize and simplify the administration of error logs or logs.
Prerequisites
- For Graylog to work, the recommended amount of RAM on the virtual server is at least 2Gb.
- Graylog metadata is stored in the MongoDB DBMS, you can use our instructions to install it .
Updating the system and installing the Oracle JDK
Update your local package database:apt update && apt upgrade
Next, install OpenJDK and additional packages:apt install apt-transport-https uuid-runtime pwgen openjdk-8-jre-headless
Installing Elasticsearch
Graylog requires the installation of Elasticsearch, a scalable application that enables real-time data search, storage, and analysis.
Perform a basic installation of Elasticsearch. First you need to download the GPG key:wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add -
Download the deb package:echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-5.x.list
Update your local package database and install Elasticsearch:apt update && apt install elasticsearch
Next, allow the application to run after the OS boots and run it:systemctl enable elasticsearch
systemctl start elasticsearch
You need to change the name of the cluster in the configuration file. Using the vi text editor, open the following file:nano /etc/elasticsearch/elasticsearch.yml
Find the following parameter cluster.name and set the cluster name:сluster.name: graylog
Also add the following lines to the end of the file:script.inline: false
script.indexed: false
script.file: false
Save your changes and restart Elasticsearch:systemctl restart elasticsearch
Installing Graylog
Use the wget command to download the graylog package:wget https://packages.graylog2.org/repo/packages/graylog-2.4-repository_latest.deb
Install the package:dpkg -i graylog-2.4-repository_latest.deb
Update the package information and start the Graylog installation process:apt update && apt install graylog-server
After the installation is complete, you need to edit the configuration file to set a password in it. The password must contain 64 characters, we recommend using pwgen to generate it:pwgen -N 1 -s 96
As a result, a string will be output to the console, for example:
iQflncka906AZkfcJtMAuuehAjMoj9MfDiYnrj6NDIFaprVY3jP6rQszcd56MwGT4Ra0ckoxpeZnxbpg2pJPEUTa0qYaNtDw
Next, open the configuration file with:vi /etc/graylog/server/server.conf
Set the password_secret parameter to the value of the generated password, for example:
password_secret = iQflncka906AZkfcJtMAuuehAjMoj9MfDiYnrj6NDIFaprVY3jP6rQszcd56MwGT4Ra0ckoxpeZnxbpg2pJPEUTa0qYaNtDw
Next, generate a hash for the password of the admin user, specifying the password value:echo -n ваш_пароль | sha256sum
As a result, the following line will be displayed:
6c8ccf159a4b150dc29e7b013b1d04700821a5c44a17f6d85dd6e317f7b4e209 –
Set the root_password_sha2 parameter to the value of the generated password, for example:
root_password_sha2 = 6c8ccf159a4b150dc29e7b013b1d04700821a5c44a17f6d85dd6e317f7b4e209
Also fill in the root_email parameter:
root_email = “example@domain.com”
Add the following line to the end of the file, indicating the IP address of your VPS:elasticsearch_discovery_zen_ping_unicast_hosts =
For example:elasticsearch_discovery_zen_ping_unicast_hosts = 121.123.123.121:9300
Next, you need to change the address of the web interface and api, for this, find the following lines and replace the IP address with the address of your virtual server:web_listen_uri = http://web_listen_uri = http://
Note: You can also change the port if needed.
Save the changes to the configuration file.
Restart the service to apply the changes:systemctl restart graylog-server
You can check the service status with the following command:systemctl status graylog-server
Connecting to the Graylog web interface
To connect to the Graylog Web interface, you first need to open the appropriate port, by default we use 9000 everywhere. You can open the port using a firewall directly in the control panel or at the server level using a simple iptables utility:iptables -A INPUT -p tcp --dport 9000 -j ACCEPT
iptables-save
After that, in the browser, you can go to the following link:
For example:121.123.123.121:9000
On the page that opens, enter the username admin and the password you created earlier:
Interface preparation may take several days:
Now you can start working with Graylog:
Welcome to the world of DomainRooster, where roosters (and hens) rule the roost! We're a one-stop shop for all your entrepreneurial needs, bringing together domain names and website hosting, and all the tools you need to bring your ideas to life. With our help, you'll soar to new heights and hatch great success. Think of us as your trusty sidekick, always there to lend a wing and help you navigate the sometimes-complex world of domain names and web hosting. Our team of roosters are experts in their fields and are always on hand to answer any questions and provide guidance. So why wait? Sign up today and join the ranks of the world's greatest entrepreneurs. With DomainRooster, the sky's the limit! And remember, as the saying goes, "Successful people do what unsuccessful people are not willing to do." So don't be afraid to take that leap of faith - DomainRooster is here to help you reach for the stars. Caw on!
