Installing Graylog on Ubuntu 20.04 on the Raspberry Pi.

Installing Graylog on Ubuntu 20.04 on the Raspberry Pi.

In this article, I'm installing Graylog on Ubuntu 20.04 on the Raspberry Pi 4 8GB.

Graylog is a leading centralized log management solution for capturing, storing, and enabling real-time analysis of terabytes of machine data.

I'm following the steps described here:

Prereqs:

$ sudo apt-get update && sudo apt-get upgrade
$ sudo apt-get install apt-transport-https openjdk-8-jre-headless uuid-runtime pwgen

MongoDB

Instructions: Installing MongoDB on the Raspberry Pi

ElasticSearch

Instructions: Installing ElasticSearch on the Raspberry Pi

Graylog

I tried to install Graylog using the steps below, but it didn't work, I got the following message:
$ wget https://packages.graylog2.org/repo/packages/graylog-4.1-repository_latest.deb
$ sudo dpkg -i graylog-4.1-repository_latest.deb
$ sudo apt-get update && sudo apt-get install graylog-server graylog-enterprise-plugins graylog-integrations-plugins graylog-enterprise-integrations-plugins
[email protected]:~$ sudo apt-get install graylog-server
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package graylog-server
[email protected]:~$

Therefore, I followed the Manual Setup

Downloaded the server from here:

[email protected]:~$ wget https://downloads.graylog.org/releases/graylog/graylog-4.1.3.tgz

Uncompressed and extracted the installation files:

[email protected]:~$ tar xfz graylog-4.1.3.tgz
[email protected]:~$ ls -lrt
total 192540
-rw-rw-r-- 1 ubuntu ubuntu      1768 May 15  2018 myKey
-rw-rw-r-- 1 ubuntu ubuntu 197149916 Aug  4 15:46 graylog-4.1.3.tgz
drwxrwxr-x 5 ubuntu ubuntu      4096 Aug 31 10:51 graylog-4.1.3

Renamed the folder:

[email protected]:~$ mv graylog-4.1.3 graylog
[email protected]:~$ cd graylog/
[email protected]:~/graylog$ ls -lrt
total 123164
-rw-r--r-- 1 ubuntu ubuntu     35270 Aug  4 15:03 graylog.conf.example
-rw-r--r-- 1 ubuntu ubuntu      2343 Aug  4 15:03 UPGRADING.rst
-rw-r--r-- 1 ubuntu ubuntu      1371 Aug  4 15:03 README.markdown
-rw-r--r-- 1 ubuntu ubuntu     30608 Aug  4 15:03 LICENSE
-rw-r--r-- 1 ubuntu ubuntu 126028828 Aug  4 15:31 graylog.jar
drwxr-xr-x 2 ubuntu ubuntu      4096 Aug  4 15:33 plugin
drwxr-xr-x 2 ubuntu ubuntu      4096 Aug  4 15:33 log
drwxrwxr-x 2 ubuntu ubuntu      4096 Aug 31 10:51 bin

Created the required folders:

[email protected]:~/graylog$ sudo mkdir /etc/graylog/
[email protected]:~/graylog$ sudo mkdir /etc/graylog/server/

Created the sha password:

[email protected]:~$ echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
Enter Password: Str0ngPassw-rdH3re
7b5600e954f7206c67a31c02b532254c483966d1b2dcd9b3331eda95c93a5c68

Copied the config file to /etc/graylog/server

[email protected]:~$ sudo cp graylog.conf.example /etc/graylog/server/server.conf

Edited the config file adding the password and password sha:

[email protected]:~$ sudo vi /etc/graylog/server/server.conf

password_secret = Str0ngPassw-rdH3re

root_password_sha2 = 7b5600e954f7206c67a31c02b532254c483966d1b2dcd9b3331eda95c93a5c68

Installed Java

sudo apt-get install openjdk-8-jre

and started Graylog

[email protected]:~/graylog$ cd bin
[email protected]:~/graylog/bin$ sudo ./graylogctl run
Running graylog-server ...
2021-08-31 11:00:42,785 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: AWS plugins 4.1.3 [org.graylog.aws.AWSPlugin]
2021-08-31 11:00:42,800 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Collector 4.1.3 [org.graylog.plugins.collector.CollectorPlugin]
2021-08-31 11:00:42,805 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Threat Intelligence Plugin 4.1.3 [org.graylog.plugins.threatintel.ThreatIntelPlugin]
2021-08-31 11:00:42,806 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Elasticsearch 6 Support 4.1.3+9d79c05 [org.graylog.storage.elasticsearch6.Elasticsearch6Plugin]
2021-08-31 11:00:42,807 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Elasticsearch 7 Support 4.1.3+9d79c05 [org.graylog.storage.elasticsearch7.Elasticsearch7Plugin]
2021-08-31 11:00:42,909 INFO : org.graylog2.bootstrap.CmdLineTool - Running with JVM arguments: -Djdk.tls.acknowledgeCloseNotify=true -Xms1g -Xmx1g -XX:NewRatio=1 -XX:+ResizeTLAB -XX:-OmitStackTraceInFastThrow -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled
2021-08-31 11:00:43,481 INFO : org.hibernate.validator.internal.util.Version - HV000001: Hibernate Validator null

and opened the browser and searched for http://127.0.0.0.1:9000

[email protected]:~$ curl http://127.0.0.1:9000
<!DOCTYPE html>
<html>
  <head>
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="robots" content="noindex, nofollow">
    <meta charset="UTF-8">
    <title>Graylog Web Interface</title>
    <link rel="shortcut icon" href="/assets/favicon.png">

  </head>
  <body>
    <script src="/config.js"></script>

    <script src="/assets/vendor.53480e037b0a599cf54a.js"></script>

    <script src="/assets/polyfill.85571c0316cd2b7313fb.js"></script>

    <script src="/assets/builtins.85571c0316cd2b7313fb.js"></script>

    <script src="/assets/plugin/org.graylog.plugins.threatintel.ThreatIntelPlugin/plugin.org.graylog.plugins.threatintel.ThreatIntelPlugin.5828bc1c2a8564d7cb91.js"></script>

    <script src="/assets/plugin/org.graylog.plugins.collector.CollectorPlugin/plugin.org.graylog.plugins.collector.CollectorPlugin.ad1eb129ed2d9d12cb2d.js"></script>

    <script src="/assets/plugin/org.graylog.aws.AWSPlugin/plugin.org.graylog.aws.AWSPlugin.dc11b78abab05c2c9340.js"></script>

    <script src="/assets/app.85571c0316cd2b7313fb.js"></script>

  </body>
</html>
[email protected]:~$