Step 1: Update Your System

First of all as usual we do, update your system to have the latest packages installed.

sudo apt update && sudo apt upgrade

Step 2: Install Java on Ubuntu 20.04

As Java is required for the graylog server so install it by visiting the below tutorial and proceed further.

How To Install Java On Ubuntu 20.04

Install the other required packages by typing

sudo apt install -y apt-transport-https openjdk-11-jre-headless uuid-runtime pwgen curl dirmngr

Verify the java version installed by hitting

java -version

Output:

sabi@sabi20:~$ java --version
openjdk 11.0.8 2020-07-14
OpenJDK Runtime Environment (build 11.0.8+10-post-Ubuntu-0ubuntu120.04)
OpenJDK 64-Bit Server VM (build 11.0.8+10-post-Ubuntu-0ubuntu120.04, mixed mode, sharing)

Step 3: Install Elasticsearch on Ubuntu 20.04

Now, install the elasticsearch as it provides the facility of storing the logs coming from the external sources so it is very useful to use with graylog. Install it by following the below steps.

Hit the below command to download and install the GPG signing key.

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

Then type the below command to add the Elasticsearch repository on your system.

echo "deb https://artifacts.elastic.co/packages/oss-6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list

Finally type the following command to install the Elasticsearch on Ubuntu 20.04.

sudo apt update
sudo apt install -y elasticsearch-oss

Step 4: Configure Elasticsearch with Graylog Server on Ubuntu 20.04

To configure the elasticsearch with graylog, edit the /etc/elasticsearch/elasticsearch.yml file and set up the cluster name as graylog.

cluster.name: graylog

Then add or uncomment the following line.

action.auto_create_index: false

After it reload the Elasticsearch services to take effect of updated configs.

sudo systemctl daemon-reload
sudo systemctl start elasticsearch
sudo systemctl enable elasticsearch

It’ll take maximum 1 minutes to start the services.

Elasticsearch listen to the port 9200. You can use the curl command to verify it.

curl -X GET http://localhost:9200

Output:

You’ll see the similar result. Make sure that the cluster name is graylog.

Step 5:Install MongoDB on Ubuntu 20.04

Install the MongoDB v3.6 by running the below commands in your terminal.

sudo apt update
sudo apt install -y mongodb-server

And start the MogoDB services.

sudo systemctl start mongodb
sudo systemctl enable mongodb

Step 6: Install Graylog Server on Ubuntu 20.04

As graylog gets data from the elasticsearch and show it on its web interface so it’s easy to read and go through.

Hit the below commands to add the repository of graylog and install it in Ubuntu 20.04.

wget https://packages.graylog2.org/repo/packages/graylog-3.3-repository_latest.deb
sudo dpkg -i graylog-3.3-repository_latest.deb
sudo apt update
sudo apt install -y graylog-server

As for security reasons, enable the secret to secure the user passwords. To do this hit the below command in your terminal.

pwgen -N 1 -s 96

Result:

sabi@sabi20:~$ pwgen -N 1 -s 96
LmnaUmCKUmBgA2mwYpPNoC9FQP8YVR1ijerL00W00oB3scJrwk4CCpIQo3uI2llBlqug5v13UVIx5kXSrvExZ28gGRZlRulC

Now, edit the server.conf file and paste the above secret as seen below:

sudo nano /etc/graylog/server/server.conf
password_secret = LmnaUmCKUmBgA2mwYpPNoC9FQP8YVR1ijerL00W00oB3scJrwk4CCpIQo3uI2llBlqug5v13UVIx5kXSrvExZ28gGRZlRulC

Then generate a hash password for the admin user of graylog that can be used to log in to web interface.

echo -n Your_Password | sha256sum

Replace Your_Password with your desired password.

Result:

99e87ec1196275a0c4ef6e5dd1cabd34f0c9a6ed680f24914b773295babd5da2 -

Now, edit the server.conf file and paste the hash password generated above.

root_password_sha2 = 99e87ec1196275a0c4ef6e5dd1cabd34f0c9a6ed680f24914b773295babd5da2 -

Step 7: Setup Graylog Web Interface on Ubuntu 20.04

To use the graylog web interface, enable it by editing server.conf file.

sudo nano /etc/graylog/server/server.conf

And replace the below line with your system IP.

http_bind_address = 192.168.0.10:9000

Finally start the graylog services by running below commands.

sudo systemctl daemon-reload
sudo systemctl start graylog-server
sudo systemctl enable graylog-server

If you got any error during the installation, you can follow up the graylog logs at startup by typing.

sudo tail -f /var/log/graylog-server/server.log

You’ll see the similar output upon successful installation.

2020-09-29T16:03:06.326-04:00 INFO [ServerBootstrap] Graylog server up and running.

Step 8: Access Graylog on Ubuntu 20.04

Type the IP:9000 in your browser to access graylog web interface.

Provide the credentials (username=”admin” and password=”root_password_sha2″ created earlier) to log in to the dashboard.

After the logged in, you’ll see the welcome page.

Then, navigate to the System>>Overview to see the status of graylog server.

So, this is how you can install Graylog on Ubuntu 20.04

The post How To Install Graylog On Ubuntu 20.04 appeared first on Linux Windows and android Tutorials.

Graylog is a professional application that provides a unified and centralized system of messages from different sources: operating system, application servers, information systems with the aim of centralizing and making easier the administration of error logs or logs.

In this tutorial we are going to install a Graylog server in Ubuntu 18.04.

Let’s get to work

1.-Upgrading the system and Installing Oracle JDK

First we proceed to update the system. Open a terminal emulator and type sudo -i, after entering the password, we can now update the system.

:~# apt update && apt upgrade

Now we proceed to install Oracle JDK. We write for them:

:~# apt install apt-transport-https uuid-runtime pwgen openjdk-8-jre-headless

2.- Installing Elasticsearch

Graylog requires the installation of elasticsearch which is a highly scalable application that allows us to perform real time searches, in addition to storing and analyzing them.

We will then perform a basic installation of ElasticSearch so that Graylog can run. First download and install GPG signing key.

:~# wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add -

Now we write:

:~# echo "deb https://artifacts.elastic.co/packages/5.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-5.x.list

Next we update the repositories and install the ElasticSearch package

:~# apt update && apt install elasticsearch

Then we proceed to enable the service and start it.

:~# systemctl enable elasticsearch
:~# systenctl start elasticsearch

Now we must edit the elasticsearch.yml file in order to define the name of the cluster to graylog.

:~# nano /etc/elasticsearch/elasticsearch.yml

And in the “cluster.name” and define it as graylog.

We must also add these lines:

script.inline: false
script.indexed: false
script.file: false

Finally we restart the elasticsearch service

:~# systemctl restart elasticsearch

3.- MongoDB’s turns

Now we must install mongoDB. To do this, we will first add the gpg key.

:~# apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 2930ADAE8CAF5059EE73BB4B58712A2291FA4AD5

Then we add the mongoDB repository

:~# echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.6 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.6.list

We update the repository cache and then install mongodb

:~# apt update && apt install mongodb-org

Now we start the service and make sure it starts with the system

:~# systemctl start mongod
:~# systemctl enable mongod

4.- Installing Graylog

At last it’s GRaylog’s turn, first we download the package that adds the repository.

:~#  wget https://packages.graylog2.org/repo/packages/graylog-2.4-repository_latest.deb

Then we install it:

:~# dpkg -i graylog-2.4-repository_latest.deb

And now we install the Graylog package:

:~# apt update && apt install graylog-server

Once the installation of the Graylog package is finished, we will have to edit the configuration file to set our password in it. in the same file, we are told that it must be 64 characters, to generate it, we will use pwgen:

:~# pwgen -N 1 -s 96

And we put it in the file.

Next we must generate a hash for the password.

:~# echo -n your_password | sha256sum

Place the hash password. Additionally, we can put the email address of the root user, and their time zone.

Then we must add this line to the end of the file:

elasticsearch_discovery_zen_ping_unicast_hosts = ip_server:9300

Next, in elasticsearch_shards we define the number of nodes; in our case 1. And in elasticsearch_replicas the number of replica nodes that are in our cluster. 0 in this case.

5.- Graylog web interface

Since version 2 of Graylog, its web interface is incorporated, we only have to edit the server.conf file to define some important parameters.

:~#  nano /etc/graylog/server/server.conf

And we edit the file with these two parameters

web_listen_uri = http://ip_server:9000/
web_listen_uri = http://ip_server:9000/

We then restart the service

:~# systemctl restart graylog-server

Now we only have to access our graylog from the web.

http://Ip_server:9000

And that’s it, we’re done, just start configuring graylog from your web interface.

A reminder, the password field is in the root_password_sha2 field of the server.conf file.

Please spread this article through social networks.

The post How to install Graylog on Ubuntu 18.04? appeared first on Linux Windows and android Tutorials.