Installing Graylog on Ubuntu 20.04 on the Raspberry Pi.
In this article, I'm installing Graylog on Ubuntu 20.04 on the Raspberry Pi 4 8GB.
Graylog is a leading centralized log management solution for capturing, storing, and enabling real-time analysis of terabytes of machine data.
I'm following the steps described here:
Prereqs:
$ sudo apt-get update && sudo apt-get upgrade
$ sudo apt-get install apt-transport-https openjdk-8-jre-headless uuid-runtime pwgen
MongoDB
Instructions: Installing MongoDB on the Raspberry Pi
ElasticSearch
Instructions: Installing ElasticSearch on the Raspberry Pi
Graylog
I tried to install Graylog using the steps below, but it didn't work, I got the following message:
$ wget https://packages.graylog2.org/repo/packages/graylog-4.1-repository_latest.deb
$ sudo dpkg -i graylog-4.1-repository_latest.deb
$ sudo apt-get update && sudo apt-get install graylog-server graylog-enterprise-plugins graylog-integrations-plugins graylog-enterprise-integrations-plugins
ubuntu@ubuntu:~$ sudo apt-get install graylog-server
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package graylog-server
ubuntu@ubuntu:~$
Therefore, I followed the Manual Setup
Downloaded the server from here:
ubuntu@ubuntu:~$ wget https://downloads.graylog.org/releases/graylog/graylog-4.1.3.tgz
Uncompressed and extracted the installation files:
ubuntu@ubuntu:~$ tar xfz graylog-4.1.3.tgz
ubuntu@ubuntu:~$ ls -lrt
total 192540
-rw-rw-r-- 1 ubuntu ubuntu 1768 May 15 2018 myKey
-rw-rw-r-- 1 ubuntu ubuntu 197149916 Aug 4 15:46 graylog-4.1.3.tgz
drwxrwxr-x 5 ubuntu ubuntu 4096 Aug 31 10:51 graylog-4.1.3
Renamed the folder:
ubuntu@ubuntu:~$ mv graylog-4.1.3 graylog
ubuntu@ubuntu:~$ cd graylog/
ubuntu@ubuntu:~/graylog$ ls -lrt
total 123164
-rw-r--r-- 1 ubuntu ubuntu 35270 Aug 4 15:03 graylog.conf.example
-rw-r--r-- 1 ubuntu ubuntu 2343 Aug 4 15:03 UPGRADING.rst
-rw-r--r-- 1 ubuntu ubuntu 1371 Aug 4 15:03 README.markdown
-rw-r--r-- 1 ubuntu ubuntu 30608 Aug 4 15:03 LICENSE
-rw-r--r-- 1 ubuntu ubuntu 126028828 Aug 4 15:31 graylog.jar
drwxr-xr-x 2 ubuntu ubuntu 4096 Aug 4 15:33 plugin
drwxr-xr-x 2 ubuntu ubuntu 4096 Aug 4 15:33 log
drwxrwxr-x 2 ubuntu ubuntu 4096 Aug 31 10:51 bin
Created the required folders:
ubuntu@ubuntu:~/graylog$ sudo mkdir /etc/graylog/
ubuntu@ubuntu:~/graylog$ sudo mkdir /etc/graylog/server/
Created the sha password:
ubuntu@graylog:~$ echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
Enter Password: Str0ngPassw-rdH3re
7b5600e954f7206c67a31c02b532254c483966d1b2dcd9b3331eda95c93a5c68
Copied the config file to /etc/graylog/server
ubuntu@graylog:~$ sudo cp graylog.conf.example /etc/graylog/server/server.conf
Edited the config file adding the password and password sha:
ubuntu@graylog:~$ sudo vi /etc/graylog/server/server.conf
password_secret = Str0ngPassw-rdH3re
root_password_sha2 = 7b5600e954f7206c67a31c02b532254c483966d1b2dcd9b3331eda95c93a5c68
Installed Java
sudo apt-get install openjdk-8-jre
and started Graylog
ubuntu@ubuntu:~/graylog$ cd bin
ubuntu@ubuntu:~/graylog/bin$ sudo ./graylogctl run
Running graylog-server ...
2021-08-31 11:00:42,785 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: AWS plugins 4.1.3 [org.graylog.aws.AWSPlugin]
2021-08-31 11:00:42,800 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Collector 4.1.3 [org.graylog.plugins.collector.CollectorPlugin]
2021-08-31 11:00:42,805 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Threat Intelligence Plugin 4.1.3 [org.graylog.plugins.threatintel.ThreatIntelPlugin]
2021-08-31 11:00:42,806 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Elasticsearch 6 Support 4.1.3+9d79c05 [org.graylog.storage.elasticsearch6.Elasticsearch6Plugin]
2021-08-31 11:00:42,807 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Elasticsearch 7 Support 4.1.3+9d79c05 [org.graylog.storage.elasticsearch7.Elasticsearch7Plugin]
2021-08-31 11:00:42,909 INFO : org.graylog2.bootstrap.CmdLineTool - Running with JVM arguments: -Djdk.tls.acknowledgeCloseNotify=true -Xms1g -Xmx1g -XX:NewRatio=1 -XX:+ResizeTLAB -XX:-OmitStackTraceInFastThrow -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled
2021-08-31 11:00:43,481 INFO : org.hibernate.validator.internal.util.Version - HV000001: Hibernate Validator null
and opened the browser and searched for http://127.0.0.0.1:9000
ubuntu@ubuntu:~$ curl http://127.0.0.1:9000
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="robots" content="noindex, nofollow">
<meta charset="UTF-8">
<title>Graylog Web Interface</title>
<link rel="shortcut icon" href="/assets/favicon.png">
</head>
<body>
<script src="/config.js"></script>
<script src="/assets/vendor.53480e037b0a599cf54a.js"></script>
<script src="/assets/polyfill.85571c0316cd2b7313fb.js"></script>
<script src="/assets/builtins.85571c0316cd2b7313fb.js"></script>
<script src="/assets/plugin/org.graylog.plugins.threatintel.ThreatIntelPlugin/plugin.org.graylog.plugins.threatintel.ThreatIntelPlugin.5828bc1c2a8564d7cb91.js"></script>
<script src="/assets/plugin/org.graylog.plugins.collector.CollectorPlugin/plugin.org.graylog.plugins.collector.CollectorPlugin.ad1eb129ed2d9d12cb2d.js"></script>
<script src="/assets/plugin/org.graylog.aws.AWSPlugin/plugin.org.graylog.aws.AWSPlugin.dc11b78abab05c2c9340.js"></script>
<script src="/assets/app.85571c0316cd2b7313fb.js"></script>
</body>
</html>
ubuntu@ubuntu:~$