Installing Graylog on Ubuntu 18.04

Describes how to install the Graylog logging system on a virtual server running the 18.04 operating system.

What is graylog?

Large corporations tend to have many systems and applications running at the same time, making error logging difficult. To effectively manage these records, specialized tools are used to centralize them.

Graylog is a professional application that provides a unified and centralized message system from various sources: operating system, applications, information systems in order to centralize and simplify the administration of error logs or logs.

Prerequisites

  1. For Graylog to work, the recommended amount of RAM on the virtual server is at least 2Gb.
  2. Graylog metadata is stored in the DBMS, you can use our instructions to install .

Updating the system and installing the JDK

Update your local package :
apt update && apt upgrade

Next, install OpenJDK and additional packages:
apt install apt-transport-https uuid-runtime pwgen openjdk-8-jre-headless

Installing Elasticsearch

Graylog requires the installation of Elasticsearch, a scalable application that enables real-time data search, storage, and analysis.

Perform a basic installation of Elasticsearch. First you need to download the GPG key:
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add -

Download the deb package:
echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-5.x.list

Update your local package database and install Elasticsearch:
apt update && apt install elasticsearch

Next, allow the application to run after the OS boots and run it:
systemctl enable elasticsearch
systemctl start elasticsearch

You need to change the name of the cluster in the configuration file. Using the vi text editor, open the following file:
nano /etc/elasticsearch/elasticsearch.yml

Find the following parameter cluster.name and set the cluster name:
сluster.name: graylog

Also add the following lines to the end of the file:
.inline: false
script.indexed: false
script.file: false

Save your changes and restart Elasticsearch:
systemctl restart elasticsearch

Installing Graylog

Use the wget command to download the graylog package:
wget https://packages.graylog2.org/repo/packages/graylog-2.4-repository_latest.deb

Install the package:
dpkg -i graylog-2.4-repository_latest.deb

Update the package information and start the Graylog installation process:
apt update && apt install graylog-server

After the installation is complete, you need to edit the configuration file to set a password in it. The password must contain 64 characters, we recommend using pwgen to generate it:
pwgen -N 1 -s 96

As a result, a string will be output to the console, :
iQflncka906AZkfcJtMAuuehAjMoj9MfDiYnrj6NDIFaprVY3jP6rQszcd56MwGT4Ra0ckoxpeZnxbpg2pJPEUTa0qYaNtDw

Next, open the configuration file with:
vi /etc/graylog/server/server.conf

Set the password_secret parameter to the value of the generated password, for example:
password_secret = iQflncka906AZkfcJtMAuuehAjMoj9MfDiYnrj6NDIFaprVY3jP6rQszcd56MwGT4Ra0ckoxpeZnxbpg2pJPEUTa0qYaNtDw

Next, generate a hash for the password of the admin user, specifying the password value:
echo -n ваш_пароль | sha256sum

As a result, the following line will be displayed:
6c8ccf159a4b150dc29e7b013b1d04700821a5c44a17f6d85dd6e317f7b4e209 –

Set the root_password_sha2 parameter to the value of the generated password, for example:
root_password_sha2 = 6c8ccf159a4b150dc29e7b013b1d04700821a5c44a17f6d85dd6e317f7b4e209

Also fill in the root_email parameter:
root_email = “example@.com”

Add the following line to the end of the file, indicating the IP address of your VPS:
elasticsearch_discovery_zen_ping_unicast_hosts = :9300

For example:
elasticsearch_discovery_zen_ping_unicast_hosts = 121.123.123.121:9300

Next, you need to change the address of the web interface and api, for this, find the following lines and replace the IP address with the address of your virtual server:
web_listen_uri = http://:9000/
web_listen_uri = http://:9000/

Note: You can also change the port if needed.

Save the changes to the configuration file.

Restart the service to apply the changes:
systemctl restart graylog-server

You can check the service status with the following command:
systemctl status graylog-server

Connecting to the Graylog web interface

To connect to the Graylog Web interface, you first need to open the appropriate port, by default we use 9000 everywhere. You can open the port using a firewall directly in the control panel or at the server level using a simple iptables utility:
iptables -A INPUT -p tcp --dport 9000 -j ACCEPT
iptables-save

After that, in the browser, you can go to the following link:
:9000

For example:
121.123.123.121:9000

On the page that opens, enter the username admin and the password you created earlier:

Interface preparation may take several days:

Now you can start working with Graylog:

 

Welcome to the world of DomainRooster, where roosters (and hens) rule the roost! We're a one-stop shop for all your entrepreneurial needs, bringing together domain names and website hosting, and all the tools you need to bring your ideas to life. With our help, you'll soar to new heights and hatch great success. Think of us as your trusty sidekick, always there to lend a wing and help you navigate the sometimes-complex world of domain names and web hosting. Our team of roosters are experts in their fields and are always on hand to answer any questions and provide guidance. So why wait? Sign up today and join the ranks of the world's greatest entrepreneurs. With DomainRooster, the sky's the limit! And remember, as the saying goes, "Successful people do what unsuccessful people are not willing to do." So don't be afraid to take that leap of faith - DomainRooster is here to help you reach for the stars. Caw on!