This guide describes the fastest way to install Graylog on Ubuntu 18.04 and 20.04 LTS. All links and packages are present at the time of writing but might need to be updated later on.
Install Prerequisite
sudo apt-get update && sudo apt-get upgrade
sudo apt -y install bash-completion apt-transport-https uuid-runtime pwgen openjdk-11-jre-headless
Install MongoDB
sudo apt-key adv –keyserver hkp://keyserver.ubuntu.com:80 –recv 9DA31620334BD75D9DCB49F368818C72E52529D4
echo “deb [ arch=amd64 ] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.0 multiverse” | sudo tee /etc/apt/sources.list.d/mongodb-org-4.0.list
sudo apt-get update
sudo apt-get install -y mongodb-org
The last step is to enable MongoDB during the operating system’s startup and verify it is running
sudo systemctl daemon-reloadsudo systemctl enable mongod.service
sudo systemctl restart mongod.service
sudo systemctl –type=service –state=active | grep mongod
Install Elasticsearch
Graylog can be used with Elasticsearch 7.x, please follow the below instructions to install the open source version of Elasticsearch.
wget -q https://artifacts.elastic.co/GPG-KEY-elasticsearch -O myKeysudo apt-key add myKey
echo “deb https://artifacts.elastic.co/packages/oss-7.x/apt stable main” | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
sudo apt-get update && sudo apt-get install elasticsearch-oss
Modify the Elasticsearch configuration file (/etc/elasticsearch/elasticsearch.yml) and set the cluster name to Graylog and uncomment action.auto_create_index: false to enable the action:
sudo tee -a /etc/elasticsearch/elasticsearch.yml > /dev/null <<EOT
cluster.name: graylog
action.auto_create_index: false
EOT
After you have modified the configuration, you can start Elasticsearch and verify it is running.
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service
sudo systemctl –type=service –state=active | grep elasticsearch
GRAYLOG
Now install the Graylog repository configuration and Graylog itself with the following commands:
wget https://packages.graylog2.org/repo/packages/graylog-4.2-repository_latest.deb
sudo dpkg -i graylog-4.2-repository_latest.deb
sudo apt-get update && sudo apt-get install graylog-server graylog-integrations-plugins
Edit the Configuration File
Read the instructions within the configurations file and edit as needed, located at /etc/graylog/server/server.conf. Additionally add password_secret and root_password_sha2 as these are mandatory and Graylog will not start without them.
To create your root_password_sha2 run the following command:
echo -n “Enter Password: ” && head -1 </dev/stdin | tr -d ‘\n’ | sha256sum | cut -d” ” -f1
To be able to connect to Graylog you should set http_bind_address to the public host name or a public IP address of the machine you can connect to
minimal konfigurasi agar bisa di akses:
/etc/graylog/server/server.conf
password_secret = bo9ug]ai7jae7yeiCeeR
root_username = admin
root_password_sha2 = dac7dde7dd3c200aaf56f52df23cd88547a227722f2cfdb092c4830cfb841497
http_bind_address = 172.16.0.16:9000
The last step is to enable Graylog during the operating system’s startup and verify it is running.
sudo systemctl daemon-reload
sudo systemctl enable graylog-server.service
sudo systemctl start graylog-server.service
sudo systemctl –type=service –state=active | grep graylog
Akses Ui webadmin
http://<ip-graylog-server>:9000/.
Referensi: