Graylog is not a system monitoring tool; it’s a system monitoring server. I am sure; previously, you have been using tools to monitor your Linux system. The concept of Graylog is mind-blowing; it’s enormous. Have you thought before that you can install an entire server to monitor your system or services? Graylog offers you to monitor your small, medium, and big all types of systems and services. As you are going through this post, you will learn a lot about the Graylog monitoring server. Graylog will provide you every single detail that you might have wanted to know about your system. Installing and configuring the Graylog monitoring server is not much complex on Ubuntu and other Linux distributions.
Graylog on Ubuntu Linux
Here, we are choosing Ubuntu to install and configure the Graylog system monitoring server. If you have other Linux distributions running on your system, no worries, the commands are the same, you need to replace the package management command for your desired Linux distribution.
To install the Graylog monitoring server on Debian and other Linux systems, you will need to install the Java services, the Elasticsearch services, the MongoDB, and a PHP server inside your Linux system.
Here, I will use the Nginx web server as the PHP server. You can use the Apache server if you want. In this post, we will see how to install, configure, and get started with the Graylog monitoring server on Ubuntu Linux.
Step 1: Install PWGen to Secure the Graylog Server
The first step of installing any packages on Ubuntu is updating the system repository. In this step, we will update the system and install the PWGen tool. The PWGen is a 256-bit secure password generator. We will use this tool later to configure the login script of the Graylog monitoring server.
You can use the following terminal command-line on your Ubuntu system to update the system repository.
sudo apt-get update -y
Now, run the following aptitude command to install the PWGen tool on your system through the terminal shell.
apt-get install apt-transport-https gnupg2 uuid-runtime pwgen curl dirmngr -y
Step 2: Install Java on Ubuntu Linux
The Graylog monitoring server requires the Java services installed inside your system. Java services will help you to install the package dependencies. To bypass connection and security errors, first, you should install the universe repository on your Linux system. Then, install the Java services. You can use the following terminal command-lines to install Java on Ubuntu Linux.
sudo add-apt-repository universe
apt-get install openjdk-11-jre-headless -y
When the installation of Java is done, you can check the Java version to make sure whether Java is correctly installed inside your system or not.
java -version
Step 3: Install and Configure Elasticsearch
Elasticsearch is a search engine that you can install on your web server or applications to search for different parameters. Elasticsearch is very fast and reliable to find queries from the server database. It can auto-complete, show a similar keyword, record search history on the database search query.
You can also generate a pie-chart, graphs, and other functions that you might need to get an enhanced search result. However, we will install the Elasticsearch on our system to deploy a search engine on the Graylog monitoring server.
Later we will configure the Elasticsearch for the Graylog server. First, you have to add a GNU privacy guard key for the Elasticsearch so that you can install the package through your aptitude package manager on Ubuntu. You can use the following wget key to add the GPG-key.
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add -
Now, use the following echo command to add the Elasticsearch package script on your Ubuntu system.
echo "deb https://artifacts.elastic.co/packages/oss-6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list
Then update your system repository and install the Elasticsearch on your Ubuntu Linux.
apt-get update -y
apt-get install elasticsearch-oss -y
After the installation of Elasticsearch is done, you can now configure the search engine for the Graylog monitoring server. You need to configure the cluster name and the action mode for Graylog. You can use the following command-line given below to open the Elasticsearch configuration script using Nano editor.
nano /etc/elasticsearch/elasticsearch.yml
Now, rename the cluster name, and add the action index at the bottom of the script. You can copy and paste the script lines given below. After making the changes, save and exit the file.
cluster.name: graylog
action.auto_create_index: false
Now, you have to reload and restart the Elasticsearch engine on your system. You can use the following system control command-lines to reload and start the Elasticsearch on your Linux machine.
systemctl daemon-reload
systemctl enable elasticsearch
systemctl start elasticsearch
You can check whether the Elasticsearch is functioning or not on your Ubuntu system. Use any of the following command-line to make sure that the tool is working.
ps aux | grep elasticsearch
systemctl status elasticsearch
Now, you have to verify the Elasticsearch engine on your system. You can use the following cURL-X command to verify your HTTP server. As we know that the Elasticsearch uses port 9200, we will verify the localhost address against the port.
curl -X GET https://localhost:9200
Once the verification is done, you can find the RAW data, header data, and other information about the Elastic search in the localhost server.
https://localhost:9200/
Step 4: Install MongoDB for Graylog Server
You might know that MongoDB is not a relational database management tool; rather, it’s a document-oriented database tool. You can store your data in xml and json format through the MongoDB.
As the Graylog monitoring server can handle live data, we need to configure the Elasticsearch with Java and the database through the MongoDB. Moreover, MongoDB uses the NoSQL query to handle live and microdata. Here, we will install the MongoDB to make the Graylog monitoring server functional.
You can use the following terminal command-line given below to install the MongoDB server on your Ubuntu Linux.
apt-get install mongodb-server -y
Now, use the following system control commands to start, enable, and reload the MongoDB services.
systemctl start mongodb
systemctl enable mongodb
systemctl daemon-reload
You can run the following process status command to check whether the MongoDB services are functioning correctly or not.
ps aux | grep mongo
Step 5: Install the Graylog Monitoring Server
In this step, we will install and configure the Graylog monitoring server on our Ubuntu machine. Before start installing the Graylog, make sure that you have done all the previous steps correctly. First, use the following wget command to download and store the Graylog package inside your system. Now, run the dpkg command to initialize the installation process of the Graylog monitoring server.
wget https://packages.graylog2.org/repo/packages/graylog-3.3-repository_latest.deb
dpkg -i graylog-3.3-repository_latest.deb
Then update your system repository and run the following apt command to install the Graylog package.
apt-get update -y
apt-get install graylog-server -y
Use the following system control commands given below to enable and start the Graylog services.
sudo systemctl enable graylog-server.service
sudo systemctl start graylog-server.service
After the installation of the Graylog is done, we will now generate a password to make the Graylog server secure. To generate the password, we will use the PWGen tool that we have installed previously. You can use the following command to generate a password. Later we will configure the Graylog configuration script to set the password.
pwgen -N 1 -s 96
It would be best if you got an automatic generated random password like the following one.
password_secret = dnJ7dHVFDbj9RnLavDl7nAkKZ78mOyuBGo6nsxC1dlvca14CgPusOLp6KOBKSyylLpy8kJg0RJE7eEPRbPZZXmhRxef5nANu
Now, you have to generate a strong hash password of your current system. You can see that I have used the sha256 tool to create the hash password in the following command. You can copy and paste the command-line on your terminal. Don’t forget to replace the yourpass syntax by your system password in the command.
echo -n yourpass | sha256sum
You will get a hash password like the following one.
root_password_sha2 = 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8
After the password generation is done, you can now edit the Graylog server configuration script to set the password. Use the following command to edit the Graylog configuration script.
sudo nano /etc/graylog/server/server.conf
From the configuration script, find the password_secret parameter and insert the value of the password_secret that we have generated earlier.
Then find the root_password_sha2 parameter and insert the hash password that we created a few moments ago. These changes will allow you to log in to the Graylog web server interface by using your current system password. I must mention that the default username of the Graylog web server interface is ‘admin.’
Add the following localhost address inside the Graylog configuration script to set the bind-address.
http_bind_address = 127.0.0.1:9000
Now, use the following system control commands to reload, start, and enable the Graylog server.
systemctl daemon-reload
systemctl start graylog-server
systemctl enable graylog-server
You can run the system control command given below to ensure that your Graylog server is performing correctly.
systemctl status graylog-server
Step 6: Install Nginx Server
Installing the Nginx server is a very efficient way to run a quick local server on Linux distributions. We will use the Nginx to power the Graylog monitoring server on our Ubuntu machine. You can copy and paste the following apt command given below on your Ubuntu terminal to install the Nginx server.
sudo apt-get install nginx -y
After the Nginx server is installed successfully, you have to enlist your Graylog server inside the sites-available script of the Nginx server. Use the following command-line to edit the script.
nano /etc/nginx/sites-available/graylog.conf
Now, copy and paste the following script inside the configuration file. Then save and exit the file. In the script, we will assign port 9000 for the Graylog server. Later, we will use this port to load the Graylog server on the localhost.
server {
listen 80;
server_name graylog.example.org;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL https://$server_name/;
proxy_pass https://127.0.0.1:9000;
}
}
You can now run the -t command to test your Nginx server.
nginx -t
Now run the following command on your Ubuntu terminal to finish the Graylog server settings on Nginx.
ln -s /etc/nginx/sites-available/graylog.conf /etc/nginx/sites-enabled/
Finally, restart and check the status of your Nginx server.
systemctl restart nginx
systemctl status nginx
Step 7: Get Started With Graylog
Till now, we have successfully installed and configured the Graylog monitoring server on our Ubuntu machine. Now, open your web browser and enter the following address. You will be directed to the starting page of the Graylog monitoring server. You have to log in at the saver to see the dashboard and other facilities. You have to use the admin username and your system password to sign in.
127.0.0.1:9000
Once you are signed in to the server, you can create a dashboard for your system. You can add multiple dashboards for complicated systems. If you own a microservice that requires several dashboard panels, Graylog is perfect for you. You can check incoming messages, traffic source, system configuration, CPU, memory, and other log files from the Graylog monitoring service.
Final Words
Graylog monitoring server has a unique dashboard and user interface to check all the system parameters. Moreover, it doesn’t require heavy maintenance. In this post, I have demonstrated how to install, configure, and use the Graylog monitoring server on Ubuntu Linux. You can also use it on Docker and other Linux systems.
Please share it with your friends and the Linux community if you find this post useful and informative. You can write your thoughts regarding the Graylog monitoring server in the comment section.
