Graylog is an open-source log management tool that helps you to store and analyze any machine logs centrally. Graylog set up consists of three components Graylog server, Elasticsearch, and MongoDB.
Here, we will see how to install Graylog on Ubuntu 20.04.
Graylog set up requires Java version 8 or higher. You can use either OpenJDK or Oracle JDK on your machine to proceed further.
READ: How To Install Oracle Java on Ubuntu 20.04
Here, I will use OpenJDK 11.
sudo apt update
sudo apt install -y apt-transport-https openjdk-11-jre-headless uuid-runtime pwgen curl dirmngr
Verify the Java version post installing OpenJDK.
java -version
Output:
openjdk version "11.0.8" 2020-07-14
OpenJDK Runtime Environment (build 11.0.8+10-post-Ubuntu-0ubuntu120.04)
OpenJDK 64-Bit Server VM (build 11.0.8+10-post-Ubuntu-0ubuntu120.04, mixed mode, sharing)
Elasticsearch store logs coming from external sources and offers real-time distributed search and analytics with the RESTful web interface.
Download and install the GPG signing key.
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
Set up the Elasticsearch repository on your system by running the below command.
echo "deb https://artifacts.elastic.co/packages/oss-6.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-6.x.list
Update the repository cache and then install the Elasticsearch package.
sudo apt update
sudo apt install -y elasticsearch-oss
Edit the Elasticsearch configuration file to set the cluster name for Graylog set up.
sudo nano /etc/elasticsearch/elasticsearch.yml
Set the cluster name as graylog, as shown below.
cluster.name: graylog
Then, uncomment the below line.
action.auto_create_index: false
Start the Elasticsearch service to read the new configurations.
sudo systemctl daemon-reload
sudo systemctl start elasticsearch
sudo systemctl enable elasticsearch
Wait at least a minute to let the Elasticsearch get fully started.
Elastisearch should be now listening on port 9200. Use the curl command to check the Elasticsearch’s response.
curl -X GET http://localhost:9200
Output:
Ensure the output has the cluster name, graylog.
{
"name" : "vQklpl4",
"cluster_name" : "graylog",
"cluster_uuid" : "jLztxJoOROK-XuZkoKJr6A",
"version" : {
"number" : "6.8.11",
"build_flavor" : "oss",
"build_type" : "deb",
"build_hash" : "00bf386",
"build_date" : "2020-07-09T19:08:08.940669Z",
"build_snapshot" : false,
"lucene_version" : "7.7.3",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}
#ubuntu #elasticsearch #graylog #java #log management #mongodb