Installing Graylog on Ubuntu 20.04 on the Raspberry Pi.

DBplatz Support -

In this article, I'm installing Graylog on Ubuntu 20.04 on the Raspberry Pi 4 8GB.

Graylog is a leading centralized log management solution for capturing, storing, and enabling real-time analysis of terabytes of machine data.

I'm following the steps described here:

Prereqs:

$ sudo apt-get update && sudo apt-get upgrade
$ sudo apt-get install apt-transport-https openjdk-8-jre-headless uuid-runtime pwgen

MongoDB

Instructions: Installing MongoDB on the Raspberry Pi

ElasticSearch

Instructions: Installing ElasticSearch on the Raspberry Pi

Graylog

I tried to install Graylog using the steps below, but it didn't work, I got the following message:
$ wget https://packages.graylog2.org/repo/packages/graylog-4.1-repository_latest.deb
$ sudo dpkg -i graylog-4.1-repository_latest.deb
$ sudo apt-get update && sudo apt-get install graylog-server graylog-enterprise-plugins graylog-integrations-plugins graylog-enterprise-integrations-plugins
ubuntu@ubuntu:~$ sudo apt-get install graylog-server
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package graylog-server
ubuntu@ubuntu:~$

Therefore, I followed the Manual Setup

Downloaded the server from here:

ubuntu@ubuntu:~$ wget https://downloads.graylog.org/releases/graylog/graylog-4.1.3.tgz

Uncompressed and extracted the installation files:

ubuntu@ubuntu:~$ tar xfz graylog-4.1.3.tgz
ubuntu@ubuntu:~$ ls -lrt
total 192540
-rw-rw-r-- 1 ubuntu ubuntu      1768 May 15  2018 myKey
-rw-rw-r-- 1 ubuntu ubuntu 197149916 Aug  4 15:46 graylog-4.1.3.tgz
drwxrwxr-x 5 ubuntu ubuntu      4096 Aug 31 10:51 graylog-4.1.3

Renamed the folder:

ubuntu@ubuntu:~$ mv graylog-4.1.3 graylog
ubuntu@ubuntu:~$ cd graylog/
ubuntu@ubuntu:~/graylog$ ls -lrt
total 123164
-rw-r--r-- 1 ubuntu ubuntu     35270 Aug  4 15:03 graylog.conf.example
-rw-r--r-- 1 ubuntu ubuntu      2343 Aug  4 15:03 UPGRADING.rst
-rw-r--r-- 1 ubuntu ubuntu      1371 Aug  4 15:03 README.markdown
-rw-r--r-- 1 ubuntu ubuntu     30608 Aug  4 15:03 LICENSE
-rw-r--r-- 1 ubuntu ubuntu 126028828 Aug  4 15:31 graylog.jar
drwxr-xr-x 2 ubuntu ubuntu      4096 Aug  4 15:33 plugin
drwxr-xr-x 2 ubuntu ubuntu      4096 Aug  4 15:33 log
drwxrwxr-x 2 ubuntu ubuntu      4096 Aug 31 10:51 bin

Created the required folders:

ubuntu@ubuntu:~/graylog$ sudo mkdir /etc/graylog/
ubuntu@ubuntu:~/graylog$ sudo mkdir /etc/graylog/server/

Created the sha password:

ubuntu@graylog:~$ echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
Enter Password: Str0ngPassw-rdH3re
7b5600e954f7206c67a31c02b532254c483966d1b2dcd9b3331eda95c93a5c68

Copied the config file to /etc/graylog/server

ubuntu@graylog:~$ sudo cp graylog.conf.example /etc/graylog/server/server.conf

Edited the config file adding the password and password sha:

ubuntu@graylog:~$ sudo vi /etc/graylog/server/server.conf

password_secret = Str0ngPassw-rdH3re

root_password_sha2 = 7b5600e954f7206c67a31c02b532254c483966d1b2dcd9b3331eda95c93a5c68

Installed Java

sudo apt-get install openjdk-8-jre

and started Graylog

ubuntu@ubuntu:~/graylog$ cd bin
ubuntu@ubuntu:~/graylog/bin$ sudo ./graylogctl run
Running graylog-server ...
2021-08-31 11:00:42,785 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: AWS plugins 4.1.3 [org.graylog.aws.AWSPlugin]
2021-08-31 11:00:42,800 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Collector 4.1.3 [org.graylog.plugins.collector.CollectorPlugin]
2021-08-31 11:00:42,805 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Threat Intelligence Plugin 4.1.3 [org.graylog.plugins.threatintel.ThreatIntelPlugin]
2021-08-31 11:00:42,806 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Elasticsearch 6 Support 4.1.3+9d79c05 [org.graylog.storage.elasticsearch6.Elasticsearch6Plugin]
2021-08-31 11:00:42,807 INFO : org.graylog2.bootstrap.CmdLineTool - Loaded plugin: Elasticsearch 7 Support 4.1.3+9d79c05 [org.graylog.storage.elasticsearch7.Elasticsearch7Plugin]
2021-08-31 11:00:42,909 INFO : org.graylog2.bootstrap.CmdLineTool - Running with JVM arguments: -Djdk.tls.acknowledgeCloseNotify=true -Xms1g -Xmx1g -XX:NewRatio=1 -XX:+ResizeTLAB -XX:-OmitStackTraceInFastThrow -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled
2021-08-31 11:00:43,481 INFO : org.hibernate.validator.internal.util.Version - HV000001: Hibernate Validator null

and opened the browser and searched for http://127.0.0.0.1:9000

ubuntu@ubuntu:~$ curl http://127.0.0.1:9000
<!DOCTYPE html>
<html>
  <head>
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="robots" content="noindex, nofollow">
    <meta charset="UTF-8">
    <title>Graylog Web Interface</title>
    <link rel="shortcut icon" href="/assets/favicon.png">

  </head>
  <body>
    <script src="/config.js"></script>

    <script src="/assets/vendor.53480e037b0a599cf54a.js"></script>

    <script src="/assets/polyfill.85571c0316cd2b7313fb.js"></script>

    <script src="/assets/builtins.85571c0316cd2b7313fb.js"></script>

    <script src="/assets/plugin/org.graylog.plugins.threatintel.ThreatIntelPlugin/plugin.org.graylog.plugins.threatintel.ThreatIntelPlugin.5828bc1c2a8564d7cb91.js"></script>

    <script src="/assets/plugin/org.graylog.plugins.collector.CollectorPlugin/plugin.org.graylog.plugins.collector.CollectorPlugin.ad1eb129ed2d9d12cb2d.js"></script>

    <script src="/assets/plugin/org.graylog.aws.AWSPlugin/plugin.org.graylog.aws.AWSPlugin.dc11b78abab05c2c9340.js"></script>

    <script src="/assets/app.85571c0316cd2b7313fb.js"></script>

  </body>
</html>
ubuntu@ubuntu:~$