How to install Graylog on Ubuntu 18.04?

0
14623
monitoring graylog
monitoring graylog

In large corporations you have many systems and applications running at the same time making error logging a bit complicated. In order to manage these records efficiently, specialized tools are used to centralize them.

Graylog is a professional application that provides a unified and centralized system of messages from different sources: operating system, application servers, information systems with the aim of centralizing and making easier the administration of error logs or logs.

In this tutorial we are going to install a Graylog server in Ubuntu 18.04.

Let’s get to work

1.-Upgrading the system and Installing Oracle JDK

First we proceed to update the system. Open a terminal emulator and type sudo -i, after entering the password, we can now update the system.

1.- Upgrading the system
1.- Upgrading the system

Now we proceed to install Oracle JDK. We write for them:

2.- Installing jdk
2.- Installing jdk

2.- Installing Elasticsearch

Graylog requires the installation of elasticsearch which is a highly scalable application that allows us to perform real time searches, in addition to storing and analyzing them.

We will then perform a basic installation of ElasticSearch so that Graylog can run. First download and install GPG signing key.

3.- Adding GPG key
3.- Adding GPG key

Now we write:

4.- Adding Elasticsearch repo
4.- Adding Elasticsearch repo

Next we update the repositories and install the ElasticSearch package

5.- Installing elasticsearch
5.- Installing elasticsearch

Then we proceed to enable the service and start it.

6.- Enabling elasticsearch
6.- Enabling elasticsearch

Now we must edit the elasticsearch.yml file in order to define the name of the cluster to graylog.

And in the “cluster.name” and define it as graylog.

7.- Editing elasticsearch config file
7.- Editing elasticsearch config file

We must also add these lines:

8.- Editing elasticsearch config file
8.- Editing elasticsearch config file

Finally we restart the elasticsearch service

3.- MongoDB’s turns

Now we must install mongoDB. To do this, we will first add the gpg key.

9.- importing gpg key
9.- importing gpg key

Then we add the mongoDB repository

10.- Adding repository
10.- Adding repository

We update the repository cache and then install mongodb

11.- Installing mongoDB
11.- Installing mongoDB

Now we start the service and make sure it starts with the system

12.- Enabling mongodb service
12.- Enabling mongodb service

4.- Installing Graylog

At last it’s GRaylog’s turn, first we download the package that adds the repository.

Then we install it:

13.- adding graylog repository
13.- adding graylog repository

And now we install the Graylog package:

13.- adding graylog repository
14.- installing graylog package

Once the installation of the Graylog package is finished, we will have to edit the configuration file to set our password in it. in the same file, we are told that it must be 64 characters, to generate it, we will use pwgen:

15.- Generating the password
15.- Generating the password

And we put it in the file.

16.- setting the password
16.- setting the password

Next we must generate a hash for the password.

17.- Hashing the password
17.- Hashing the password

Place the hash password. Additionally, we can put the email address of the root user, and their time zone.

18.- Editing graylog server conf file
18.- Editing graylog server conf file

Then we must add this line to the end of the file:

Next, in elasticsearch_shards we define the number of nodes; in our case 1. And in elasticsearch_replicas the number of replica nodes that are in our cluster. 0 in this case.

19.- editing graylog server conf file
19.- editing graylog server conf file

5.- Graylog web interface

Since version 2 of Graylog, its web interface is incorporated, we only have to edit the server.conf file to define some important parameters.

And we edit the file with these two parameters

We then restart the service

20.- restarting graylog
20.- restarting graylog

Now we only have to access our graylog from the web.

http://Ip_server:9000

And that’s it, we’re done, just start configuring graylog from your web interface.

21.- Accessing graylog
21.- Accessing graylog

A reminder, the password field is in the root_password_sha2 field of the server.conf file.

Please spread this article through social networks.

Spread the love
  • 5
    Shares

PS. If you like this post please share it with your friends on the social networks using the buttons above.Thanks.

LEAVE A REPLY

Please enter your comment!
Please enter your name here