{"id":8539,"date":"2021-07-20T12:40:15","date_gmt":"2021-07-20T12:40:15","guid":{"rendered":"https:\/\/linuxways.net\/?p=8539"},"modified":"2021-07-20T12:40:15","modified_gmt":"2021-07-20T12:40:15","slug":"install-and-configure-log-with-graylog-in-ubuntu-20-04","status":"publish","type":"post","link":"https:\/\/linuxways.net\/de\/ubuntu\/install-and-configure-log-with-graylog-in-ubuntu-20-04\/","title":{"rendered":"Install and Configure Log with Graylog in Ubuntu 20.04"},"content":{"rendered":"<p>Graylog is the open-source centralized log management solution that enables real-time analysis, search, and monitoring of large amounts of machine data. It was developed in Hamburg, Germany with the purpose to deliver a more robust and easier-to-use analysis platform, faster analysis speeds, easy administration and infrastructure management.<\/p>\n<p>In this article, we will learn the way to install and configure Graylog in Ubuntu 20.04 LTS.<\/p>\n<h2>Prerequisites<\/h2>\n<p>Before continue to install the Graylog you must set up the following things,<\/p>\n<ul>\n<li>Oracle Java SE 8 (OpenJDK 8) as the Elasticsearch is a java based project.<\/li>\n<li>Elasticsearch 6.8, and version 7 up to 7.10 as version later is not supported by Graylog.<\/li>\n<li>MongoDB (4.0, 4.2 or 4.4).<\/li>\n<\/ul>\n<h2>Installing Graylog<\/h2>\n<p>Let\u2019s begin with installing as java 8 is required to run Elasticsearch. We will need some additional packages also let\u2019s install them along with it.<\/p>\n<pre>$ sudo apt update<\/pre>\n<pre>$ sudo apt-get install openjdk-8-jre-headless pwgen apt-transport-https uuid-runtime<\/pre>\n<p>After installing the java you can verify the installation by using the following command.<\/p>\n<pre>$ java -version<\/pre>\n<p>Now, Let\u2019s install Elasticsearch. First, we need to add a package repository to our system package repository list using the following command.<\/p>\n<pre>$ wget -qO - https:\/\/artifacts.elastic.co\/GPG-KEY-elasticsearch | sudo apt-key add -<\/pre>\n<pre>$ echo \"deb https:\/\/artifacts.elastic.co\/packages\/oss-7.x\/apt stable main\" | sudo tee -a \/etc\/apt\/sources.list.d\/elastic-7.x.list<\/pre>\n<p>Then, install the Elasticsearch using the apt command.<\/p>\n<pre>$ sudo apt update<\/pre>\n<pre>$ sudo apt install elasticsearch-oss<\/pre>\n<p>Once Elasticsearch installation is complete, update the following line in the configuration file.<\/p>\n<pre>$ sudo vim \/etc\/elasticsearch\/elasticsearch.yml<\/pre>\n<pre>cluster.name: graylog<\/pre>\n<pre>action.auto_create_index: false<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"728\" height=\"165\" class=\"wp-image-8540\" src=\"http:\/\/linuxways.net\/wp-content\/uploads\/2021\/07\/word-image.jpeg\" srcset=\"https:\/\/linuxways.net\/wp-content\/uploads\/2021\/07\/word-image.jpeg 728w, https:\/\/linuxways.net\/wp-content\/uploads\/2021\/07\/word-image-300x68.jpeg 300w\" sizes=\"auto, (max-width: 728px) 100vw, 728px\" \/><\/p>\n<p>Now, enable and restart the service to apply the modification.<\/p>\n<pre>$ sudo systemctl daemon-reload<\/pre>\n<pre>$ sudo systemctl restart elasticsearch.service<\/pre>\n<pre>$ sudo systemctl enable elasticsearch.service<\/pre>\n<p>Next, Let\u2019s install a database for Graylog, Graylog uses MongoDB as the database to store data. First, we need to register a public GPG key for the repository using the following command.<\/p>\n<pre>$ sudo apt install gnupg<\/pre>\n<pre>$ wget -qO - https:\/\/www.mongodb.org\/static\/pgp\/server-4.4.asc | sudo apt-key add -<\/pre>\n<p>Now download and add package repository to the system package repository list. To do so run,<\/p>\n<pre>$ echo \"deb [ arch=amd64,arm64 ] https:\/\/repo.mongodb.org\/apt\/ubuntu focal\/mongodb-org\/4.4 multiverse\" | sudo tee \/etc\/apt\/sources.list.d\/mongodb-org-4.4.list<\/pre>\n<p>Finally, install MongoDB using the apt command.<\/p>\n<pre>$ sudo apt update<\/pre>\n<pre>$ sudo apt install -y mongodb-org<\/pre>\n<p>And, to install a specific version of the MongoDB run along with prefer version,<\/p>\n<pre>$ sudo apt install -y mongodb-org-mongos=4.4.6 mongodb-org=4.4.6 mongodb-org-tools=4.4.6 mongodb-org-shell=4.4.6 mongodb-org-server=4.4.6<\/pre>\n<p>Now, enable and restart the MongoDB using the systemctl command,<\/p>\n<pre>$ sudo systemctl enable mongod<\/pre>\n<pre>$ sudo systemctl restart mongod<\/pre>\n<p>Note: During run time if you get \u2018mongod.service: Main process exited, code=exited, status=14\/n\/a\u2019 execute the following command.<\/p>\n<pre>$ sudo chown -R mongodb:mongodb \/var\/lib\/mongodb<\/pre>\n<pre>$ sudo chown mongodb:mongodb \/tmp\/mongodb-27017.sock<\/pre>\n<pre>$ sudo systemctl restart mongod<\/pre>\n<p>Lastly, installing the Graylog server after all prerequisite packages are installed. To install Graylog first download the deb package then parse it using the dpkg command and finally, install it.<\/p>\n<pre>$ wget https:\/\/packages.graylog2.org\/repo\/packages\/graylog-4.1-repository_latest.deb<\/pre>\n<pre>$ sudo dpkg -i graylog-4.1-repository_latest.deb<\/pre>\n<pre>$ sudo apt update<\/pre>\n<pre>$ sudo apt -y install graylog-server<\/pre>\n<p>Now, enabling the Graylog using systemctl command,<\/p>\n<pre>$ sudo systemctl enable graylog-server.service<\/pre>\n<h2>Configuring Graylog<\/h2>\n<p>We have installed every package that is required to run Graylog but it is not ready to run. Before we start using Graylog we need to configure the password_secret and root_password_sh2. The default path for the config file is \/etc\/graylog\/server\/server.conf and we will use the sed command to infuse the password generated by pwgen.<\/p>\n<p>For password_secret we will use the pwgen command to generate a random 128 character password. To install it run,<\/p>\n<pre>$ sudo apt install pwgen<\/pre>\n<p>Now, we will generate a password using the following command and inject it using the sed command. To do so run,<\/p>\n<pre>$ sudo -E sed -i -e \"s\/password_secret =.*\/password_secret = $(pwgen -s 128 1)\/\" \/etc\/graylog\/server\/server.conf<\/pre>\n<p>Next, let&#8217;s generate the SHA 256 hash password for the root_password using the following command. Don\u2019t forget to replace the your_password with the actual password.<\/p>\n<pre>$ sudo sed -i -e \"s\/root_password_sha2 =.*\/root_password_sha2 = $(echo -n 'your_password' | shasum -a 256 | cut -d' ' -f1)\/\" \/etc\/graylog\/server\/server.conf<\/pre>\n<p>Lastly, configuring a domain for the Graylog using your preferred editor.<\/p>\n<pre>$ sudo vim \/etc\/graylog\/server\/server.conf<\/pre>\n<p>Then, find and set the value of the variable in the configuration in the following way.<\/p>\n<pre>http_bind_address = your_server_ip:9000\r\n\r\nhttp_external_uri= http:\/\/your_server_ip or domain:9000\/<\/pre>\n<p>Then, write and quit the file.<br \/>\nOnce everything is set, restart the graylog-server using the systemctl command to apply the changes.<\/p>\n<pre>$ sudo systemctl restart graylog-server.service<\/pre>\n<h2>Testing the Graylog server<\/h2>\n<p>Now, everything is ready to use. When you visit your configured http_external_url you can see the web interface like below.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1279\" height=\"693\" class=\"wp-image-8541\" src=\"http:\/\/linuxways.net\/wp-content\/uploads\/2021\/07\/word-image-1.jpeg\" srcset=\"https:\/\/linuxways.net\/wp-content\/uploads\/2021\/07\/word-image-1.jpeg 1279w, https:\/\/linuxways.net\/wp-content\/uploads\/2021\/07\/word-image-1-300x163.jpeg 300w, https:\/\/linuxways.net\/wp-content\/uploads\/2021\/07\/word-image-1-1024x555.jpeg 1024w, https:\/\/linuxways.net\/wp-content\/uploads\/2021\/07\/word-image-1-768x416.jpeg 768w\" sizes=\"auto, (max-width: 1279px) 100vw, 1279px\" \/><\/p>\n<p>Then, authenticate using the admin username and for password use the plain text password that you used during hashing.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1280\" height=\"693\" class=\"wp-image-8542\" src=\"http:\/\/linuxways.net\/wp-content\/uploads\/2021\/07\/word-image-2.jpeg\" srcset=\"https:\/\/linuxways.net\/wp-content\/uploads\/2021\/07\/word-image-2.jpeg 1280w, https:\/\/linuxways.net\/wp-content\/uploads\/2021\/07\/word-image-2-300x162.jpeg 300w, https:\/\/linuxways.net\/wp-content\/uploads\/2021\/07\/word-image-2-1024x554.jpeg 1024w, https:\/\/linuxways.net\/wp-content\/uploads\/2021\/07\/word-image-2-768x416.jpeg 768w\" sizes=\"auto, (max-width: 1280px) 100vw, 1280px\" \/><\/p>\n<h2>Conclusion<\/h2>\n<p>Thank you for reading till the end even if you are a newcomer or professional. I hope you have a clear mindset to configure and install Graylog in ubuntu. Now you can work with the log using the Graylog server.<\/p>","protected":false},"excerpt":{"rendered":"<p>Graylog is the open-source centralized log management solution that enables real-time analysis, search, and monitoring of large amounts of machine data. It was developed in Hamburg, Germany with&hellip;<\/p>","protected":false},"author":1,"featured_media":8627,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[434],"class_list":["post-8539","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ubuntu","tag-graylog"],"_links":{"self":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts\/8539","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/comments?post=8539"}],"version-history":[{"count":0,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts\/8539\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/media\/8627"}],"wp:attachment":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/media?parent=8539"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/categories?post=8539"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/tags?post=8539"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}