How to Install Graylog on Ubuntu 24.04 

Graylog is a powerful open-source log management platform that provides real-time insights into your infrastructure’s performance and health. By enabling the collection, indexing, and analysis of log data from various sources, Graylog simplifies system monitoring and troubleshooting. If you’re looking to enhance your system’s visibility, you can easily install Graylog on Ubuntu 24.04 to streamline log management and improve overall operational efficiency.

Graylog, built on Elasticsearch for data storage and MongoDB for metadata management, offers a web-based interface for efficient log interaction. It is extensively used for processing large amounts of machine-generated data, making it perfect for security monitoring, tracking system performance, and resolving issues. To take full advantage of its capabilities, you can easily install Graylog on Ubuntu 24.04, which provides a reliable platform for managing and analyzing log data.

Install Dependencies

Install several necessary utilities like curl, gnupg, and apt-transport-https:

apt install apt-transport-https gnupg2 uuid-runtime pwgen curl dirmngr -y

Update your system’s package list:

apt update
apt upgrade

Install MongoDB

MongoDB is required for Graylog to store its configurations and metadata. Add the MongoDB repository’s GPG key:

curl -fsSL https://www.mongodb.org/static/pgp/server-7.0.asc | gpg -o /usr/share/keyrings/mongodb-server-7.0.gpg --dearmor
echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-7.0.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/7.0 multiverse" | tee /etc/apt/sources.list.d/mongodb-org-7.0.list
apt update
apt install mongodb-org -y

Start and enable MongoDB

systemctl enable --now mongod
systemctl status mongod

Install Java (OpenJDK 11)

Graylog requires Java to run. We’ll install OpenJDK 11:

apt install openjdk-11-jre-headless

Check the installation:

java --version

Install Elasticsearch

Graylog uses Elasticsearch for storing and indexing logs. First, import the Elasticsearch GPG key:

curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | gpg --dearmor -o /usr/share/keyrings/elastic-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/elastic-archive-keyring.gpg] https://artifacts.elastic.co/packages/oss-7.x/apt stable main" | tee /etc/apt/sources.list.d/elastic-7.x.list
apt update && apt install elasticsearch-oss

Reload systemd, enable, and start Elasticsearch:

systemctl daemon-reload
systemctl enable --now elasticsearch
systemctl status elasticsearch

Verify Elasticsearch is running:

curl -X GET http://localhost:9200

Install Graylog

Next, we will install the Graylog server. Download the Graylog repository package:

wget https://packages.graylog2.org/repo/packages/graylog-6.1-repository_latest.deb

Install the downloaded package:

dpkg -i graylog-6.1-repository_latest.deb

Update the package list and install the Graylog server:

apt update
apt install graylog-server -y

Generate a Password Secret and Hash for Admin Password

Graylog requires a password secret for encryption. Generate a random secret with the following command:

< /dev/urandom tr -dc A-Z-a-z-0-9 | head -c${1:-96};echo;

To hash the admin password, use this command:

echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1

Configure Graylog

Now, let’s configure Graylog by editing its configuration file:

vim /etc/graylog/server/server.conf

Make the following changes:

Set the password secret:

password_secret = your_random_password_secret

Set the root password hash:

root_password_sha2 = your_sha256_password_hash_here

Set the MongoDB URI:

mongodb_uri = mongodb://localhost:27017/graylog

Set the Elasticsearch hosts:

elasticsearch_hosts = http://127.0.0.1:9200

Start and Enable Graylog Server

Reload systemd, enable and start the Graylog service:

systemctl daemon-reload
systemctl enable --now graylog-server
systemctl status graylog-server

 Access Graylog Web Interface

Now that Graylog is installed and running, you can access its web interface. Open your browser and go to:

http://your_server_ip:9000

Log in using the following credentials:

Username: admin

Password: The password you set in the root_password_sha2 field

If you need assistance with the installation or setup of Graylog on Ubuntu 24.04, our support team is here to help. Whether you’re facing challenges during the installation process or need guidance on configuring Graylog for optimal performance, we offer expert support to ensure a smooth experience. Contact us today, and we’ll guide you step-by-step on how to install Graylog on Ubuntu 24.04 and ensure it’s running efficiently to meet your log management needs.