Installing Graylog on Ubuntu

Graylog – open source software with a web interface for collecting and viewing logs, at the time of this writing, free of charge up to the limit of data collected is 5 GB per day.

On the test, I will install Graylog on Ubuntu Server 18.04.
First, upgrade the system and install the necessary components:

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install apt-transport-https openjdk-8-jre-headless uuid-runtime pwgen

Install the latest version of MongoDB by adding the official repository:

sudo apt-key adv --keyserver hkp:// --recv 9DA31620334BD75D9DCB49F368818C72E52529D4
echo "deb [ arch=amd64 ] bionic/mongodb-org/4.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.0.list
sudo apt-get update
sudo apt-get install -y mongodb-org
sudo systemctl daemon-reload
sudo systemctl enable mongod.service
sudo systemctl restart mongod.service
sudo systemctl status mongod.service

You can also install Elasticsearch:

wget -qO - | sudo apt-key add -
echo "deb stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list
sudo apt-get update
sudo apt-get install elasticsearch-oss
sudo nano /etc/elasticsearch/elasticsearch.yml graylog
action.auto_create_index: false
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service
sudo systemctl status elasticsearch.service

Now install Graylog:

sudo dpkg -i graylog-3.0-repository_latest.deb
sudo apt-get update
sudo apt-get install graylog-server

Edit the configuration file:

sudo nano /etc/graylog/server/server.conf
password_secret = ...
root_password_sha2 = ...
http_bind_address =

You can create root_password_sha2 by executing the command (must contain at least 16 characters, otherwise I did not start Graylog):

echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1

Run Graylog:

sudo systemctl daemon-reload
sudo systemctl enable graylog-server.service
sudo systemctl start graylog-server.service
sudo systemctl status graylog-server.service

In case of problems you can see the logs /var/log/graylog-server/server.log.

The web interface can be opened at the address specified in the configuration, for example, in my case, the login is “admin”, the password is the one specified in the configuration file.
If you need HTTPS, then run greylog on and you can configure NGINX or Apache2 reverse proxy.

Did my article help you? How about buying me a cup of coffee as an encouragement? Buy me a coffe.

Leave a comment

Leave a Reply