Introduction
GrayLog is a leading open source log management platform, it allows you to collect, index, and analyze logs from just about any source in a centralized location. In this guide, we will be installing all of the requirements (Graylog, Elasticsearch, MongoDB) on the same server, but for larger production environment this may not be ideal.
Requirements
Graylog requires that you have the following packages installed.
Java ( >= 8 )
Elasticsearch (5.x or 6.x)
MongoDB (3.6 or 4.0)
CPU
If you’re running all components (Graylog, Elasticsearch, MongoDB) on a single machine, a reasonably modern multi core CPU
RAM
4 GB of main memory will do if you’re running all components (Graylog, Elasticsearch, MongoDB)
Installation
ssh [email protected]
sudo apt update && sudo apt upgrade -y
sudo apt-get install apt-transport-https openjdk-8-jre-headless uuid-runtime pwgen
Installing MongoDB
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 9DA31620334BD75D9DCB49F368818C72E52529D4
echo "deb [ arch=amd64 ] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.0.list
sudo apt update
sudo apt install -y mongodb-org
sudo systemctl daemon-reload
sudo systemctl enable mongod.service
sudo systemctl restart mongod.service
Installing Elasticsearch
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/oss-6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list
sudo apt update
sudo apt install elasticsearch-oss
sudo nano /etc/elasticsearch/elasticsearch.yml
cluster.name: graylog
action.auto_create_index: false
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service
Installing GrayLog
wget https://packages.graylog2.org/repo/packages/graylog-3.1-repository_latest.deb
sudo dpkg -i graylog-3.1-repository_latest.deb
sudo apt update
sudo apt install graylog-server
sudo nano /etc/elasticsearch/elasticsearch.yml
cluster.name: graylog
action.auto_create_index: false
Optional: Installing GrayLog Plugins
sudo apt install graylog-enterprise-plugins graylog-integrations-plugins graylog-enterprise-integrations-plugins
pwgen -N 1 -s 96

echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1

sudo nano /etc/graylog/server/server.conf


sudo systemctl daemon-reload
sudo systemctl enable graylog-server.service
sudo systemctl start graylog-server.service
Access the web interface at the http_bind_address with the username admin, and the password used to generate the hash for root_password_sha2.

Your all set, I recommend that you visit the GrayLog Documentation for more information.