22 C

How To Install Graylog On Ubuntu 20.04

Today we are going to learn that how to install graylog on Ubuntu 20.04. Graylog provides the logs about the system and manage the system logs centrally. It contains three parts as Graylog server, Elasticsearch and the MongoDB. Simply follow the below steps for an easy and optimal installation.

Step 1: Update Your System

First of all as usual we do, update your system to have the latest packages installed.

sudo apt update && sudo apt upgrade

Step 2: Install Java on Ubuntu 20.04

As Java is required for the graylog server so install it by visiting the below tutorial and proceed further.

- Advertisement -

How To Install Java On Ubuntu 20.04

Install the other required packages by typing

sudo apt install -y apt-transport-https openjdk-11-jre-headless uuid-runtime pwgen curl dirmngr

Verify the java version installed by hitting

java -version


sabi@sabi20:~$ java --version
openjdk 11.0.8 2020-07-14
OpenJDK Runtime Environment (build 11.0.8+10-post-Ubuntu-0ubuntu120.04)
OpenJDK 64-Bit Server VM (build 11.0.8+10-post-Ubuntu-0ubuntu120.04, mixed mode, sharing)

Step 3: Install Elasticsearch on Ubuntu 20.04

Now, install the elasticsearch as it provides the facility of storing the logs coming from the external sources so it is very useful to use with graylog. Install it by following the below steps.

Hit the below command to download and install the GPG signing key.

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

Then type the below command to add the Elasticsearch repository on your system.

echo "deb https://artifacts.elastic.co/packages/oss-6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list

Finally type the following command to install the Elasticsearch on Ubuntu 20.04.

sudo apt update
sudo apt install -y elasticsearch-oss

Step 4: Configure Elasticsearch with Graylog Server on Ubuntu 20.04

To configure the elasticsearch with graylog, edit the /etc/elasticsearch/elasticsearch.yml file and set up the cluster name as graylog.

cluster.name: graylog

Then add or uncomment the following line.

action.auto_create_index: false

After it reload the Elasticsearch services to take effect of updated configs.

sudo systemctl daemon-reload
sudo systemctl start elasticsearch
sudo systemctl enable elasticsearch

It’ll take maximum 1 minutes to start the services.

Elasticsearch listen to the port 9200. You can use the curl command to verify it.

curl -X GET http://localhost:9200


You’ll see the similar result. Make sure that the cluster name is graylog.

Step 5:Install MongoDB on Ubuntu 20.04

Install the MongoDB v3.6 by running the below commands in your terminal.

sudo apt update
sudo apt install -y mongodb-server

And start the MogoDB services.

sudo systemctl start mongodb
sudo systemctl enable mongodb

Step 6: Install Graylog Server on Ubuntu 20.04

As graylog gets data from the elasticsearch and show it on its web interface so it’s easy to read and go through.

Hit the below commands to add the repository of graylog and install it in Ubuntu 20.04.

wget https://packages.graylog2.org/repo/packages/graylog-3.3-repository_latest.deb
sudo dpkg -i graylog-3.3-repository_latest.deb
sudo apt update
sudo apt install -y graylog-server

As for security reasons, enable the secret to secure the user passwords. To do this hit the below command in your terminal.

pwgen -N 1 -s 96


sabi@sabi20:~$ pwgen -N 1 -s 96

Now, edit the server.conf file and paste the above secret as seen below:

sudo nano /etc/graylog/server/server.conf
password_secret = LmnaUmCKUmBgA2mwYpPNoC9FQP8YVR1ijerL00W00oB3scJrwk4CCpIQo3uI2llBlqug5v13UVIx5kXSrvExZ28gGRZlRulC

Then generate a hash password for the admin user of graylog that can be used to log in to web interface.

echo -n Your_Password | sha256sum

Replace Your_Password with your desired password.


99e87ec1196275a0c4ef6e5dd1cabd34f0c9a6ed680f24914b773295babd5da2 -

Now, edit the server.conf file and paste the hash password generated above.

root_password_sha2 = 99e87ec1196275a0c4ef6e5dd1cabd34f0c9a6ed680f24914b773295babd5da2 -

Step 7: Setup Graylog Web Interface on Ubuntu 20.04

To use the graylog web interface, enable it by editing server.conf file.

sudo nano /etc/graylog/server/server.conf

And replace the below line with your system IP.

http_bind_address =

Finally start the graylog services by running below commands.

sudo systemctl daemon-reload
sudo systemctl start graylog-server
sudo systemctl enable graylog-server

If you got any error during the installation, you can follow up the graylog logs at startup by typing.

sudo tail -f /var/log/graylog-server/server.log

You’ll see the similar output upon successful installation.

2020-09-29T16:03:06.326-04:00 INFO [ServerBootstrap] Graylog server up and running.

Step 8: Access Graylog on Ubuntu 20.04

Type the IP:9000 in your browser to access graylog web interface.

Provide the credentials (username=”admin” and password=”root_password_sha2″ created earlier) to log in to the dashboard.

After the logged in, you’ll see the welcome page.

Then, navigate to the System>>Overview to see the status of graylog server.

So, this is how you can install Graylog on Ubuntu 20.04

- Advertisement -
Everything Linux, A.I, IT News, DataOps, Open Source and more delivered right to you.
"The best Linux newsletter on the web"


Please enter your comment!
Please enter your name here

Latest article