ManagedCloud Servers

High performance handled and monitored by us 24/7/365. A complete solution to provide you with our in house expertise 24/7 tailored to your specific needs. We'll setup a bespoke server for your site using the latest tehnologies so you can get the most out of your hardware and get your website loading quickly and reliably. Find out more..

cPanelCloud Servers

Recommended - High performance cloud servers with no technical knowledge required. If you're hosting multiple websites already and you're looking to consolidate, or if you're looking to isolate yourself from the shared hosting environment but you don't have the time or knoweldge to manage a server, then the Managed cPanel Servers are for you. Find out more..

UnmanagedCloud Servers

Our unmanaged range gives you complete control at rock bottom prices and our cloud platform boasts super fast multipath 40Gb/s network, the latest Intel Xeon V3 CPUs and enterprise grade redundant SSDs. If you're a sysadmin look no further, we offer some of the best specification to price ratio servers available. Find out more..

Want your very own server? Get our 1GB memory, Xeon V4, 20GB SSD VPS for £10.00 / month.

View Plans

How to Install and Configure Graylog Server on Ubuntu 16.04

Graylog is a free and open source powerful centralized log management tool based on Elasticsearch and MongoDB. Graylog helps you to collect and analyze your system logs to debug applications.

Graylog is made up of three components Elasticsearch, MongoDB and Graylog server. Elasticsearch is used to store the log messages and provide searching facilities. MongoDB isused to store the configuration and meta information. Graylog server collects the logs from various inputs and provides a web interface for managing the logs.

In this tutorial, we will explain how to install and configure Graylog server on Ubuntu 16.04.

Prerequisites

  • A server running Ubuntu 16.04.
  • A non-root user with sudo privileges setup on your server.
  • A static IP address 192.168.15.110 configure on your server.

##Update the System

First, update your system to the latest stable version by running the following command:

sudo apt-get update -y sudo apt-get upgrade -y

Once your system is up to date, you can proceed to the next step.

Installing Elasticsearch

Elasticsearch is one of the main components of Graylog server. Elasticsearch stores all the logs sent by Graylog server and displays the messages over the built-in web interface.

Before starting, Elasticsearch requires Java to be installed on your server. So you will need to install Java first.

By default Java is not available in Ubuntu default repository. So first add the Oracle Java PPA to apt with the following command:

sudo add-apt-repository ppa:webupd8team/java

Next, update your apt package database with the following command:

sudo apt-get update -y

Next, Install the latest stable version of Oracle Java 8 with the following command:

sudo apt-get install oracle-java8-installer

Next, Verify the Java version by running the following command:

java -version

Output:

java version "1.8.0_91"
Java(TM) SE Runtime Environment (build 1.8.0_91-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.91-b14, mixed mode)

Before installing Elasticsearch, you will need to download and install a GPG signing key.

sudo wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

Next, configure Eleasticsearch repository with the following command:

sudo echo "deb https://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch.list

Next, update the repository database with the following command:

sudo apt-get update -y

Then, install elasticsearch with the following command:

sudo apt-get install elasticsearch -y

Start the elasticsearch service and enable it to start on boot time with the following command:

sudo systemctl start elasticsearch sudo systemctl enable elasticsearch

Next, you will need to make some changes in elasticsearch.yml file:

sudo nano /etc/elasticsearch/elasticsearch.yml

Change the file as shown below:

cluster.name: graylog
network.bind_host: localhost
script.disable_dynamic: true

Save the file and restart the Elasticsearch service:

sudo service elasticsearch restart

Next, verify Elasticsearch is running properly or not with the following command:

curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'

If everything is ok, you should see the following output:

{
  "cluster_name" : "graylog",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 1,
  "number_of_data_nodes" : 1,
  "active_primary_shards" : 0,
  "active_shards" : 0,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0
}

Once you are done, you can proceed to the next step.

Installing MongoDB

First, you will need to import the MongoDB public GPG key into apt.

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927

Next, create the MongoDB source list file with the following command:

sudo echo 'deb http://downloads-distro.mongodb.org/repo/debian-sysvinit dist 10gen' | sudo tee /etc/apt/sources.list.d/mongodb.list

Update your apt database and install MongoDB with the following command:

sudo apt-get update -y sudo apt-get install mongodb-org

Next, start the MongoDB service and enable it to start on boot:

sudo systemctl start mongod sudo systemctl enable mongod

Installing Graylog

First, you will need to download and install graylog repository on your system.

You can do this by using wget command:

wget https://packages.graylog2.org/repo/packages/graylog-2.0-repository_latest.deb

Next, install graylog repository with the following command:

sudo dpkg -i graylog-2.0-repository_latest.deb

Next, Install https support and update the repository cache with the following commands:

sudo apt-get install apt-transport-https -y sudo apt-get update -y

Finally install Graylog server with the following command:

sudo apt-get install -y graylog-server

Next, you will need to install pwgen to generate password secret keys for graylog server.

sudo apt-get install pwgen

Next, generate a secret key using pwgen command:

pwgen -N 1 -s 96

You should see the following output:

eK76Gx7mwdQGIVYzOm7GYmucqiGShvZQ96vIQFyf0PHEi0bTFSQemte2ADkMZllv0epvpeSGqiInvnnXxxxRpQyYLKCyvL8v

Next, set a hash password for the root user that can be used to to login into the web interface.

echo -n password | sha256sum

You should see the following output:

5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8  -

Next, you will need to edit the server.conf file to begin the graylog configuration.

sudo nano /etc/graylog/server/server.conf

Change the file as shown below:

password_secret =
root_password_sha2 = 
root_email = hitjethva@gmail.com
root_timezone = UTC
elasticsearch_discovery_zen_ping_unicast_hosts = 192.168.15.110:9300
is_master = true
elasticsearch_max_docs_per_index = 20000000
elasticsearch_max_number_of_indices = 20
elasticsearch_shards = 1
elasticsearch_replicas = 0

Save and close the file when you are finish.

Installing the Graylog Web Interface

You can configure Graylog web interface by editing server.conf file.

sudo nano /etc/graylog/server/server.conf

Change the following lines:

rest_listen_uri = http://192.168.15.110:12900/
web_listen_uri = http://192.168.15.110:9000/

Once you are done, restart the Graylog service with the following command:

sudo systemctl daemon-reload sudo systemctl restart graylog-server

Accessing the Graylog Web Interface

Once everything is up to date, it's time to access graylog web interface.

Open your favourite web browser and type the URL http://192.168.15.110:9000. Login with username admin and the password you configured at root_password_sha2 on server.conf.

You should see the following pages:

Conclusion

Congratulations! you have successfully installed and configured graylog server on Ubuntu 16.04. You can now easily explore the other functionality that it offers.

Want your very own server? Get our 1GB memory, Xeon V4, 20GB SSD VPS for £10.00 / month.

View Plans