How to Install Graylog Server on Ubuntu 21

Graylog is an open source tool for Log Management. It consists of Elastic Search, MongoDB and Graylog. Graylog can be used to analyze logs and notify if there is any discrepancy in the logs. We can also use it to analyze conventional as well as custom logs.

In this Article we will install Graylog. You must have an account with sudo privileges or root account.

Update your system packages.

apt install -y apt-transport-https openjdk-11-jre-headless uuid-runtime pwgen curl dirmngr
apt update
apt upgrade

you can verify the Java version installed using above command.

java -version

We will install Elastic Search which we will use eventually to analyze and store logs imported from different machines.

download and install Elastic Search GPG Key.

wget -qO - | sudo apt-key add -

Add Elastic Search repository in Ubuntu 21 sources list.

echo "deb stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list

Use below mentioned commands for installing Elastic Search.

sudo apt update
sudo apt install -y elasticsearch-oss

Add cluster name for graylog in elastic search. Open Elastic Search configuration file using the following command:

nano /etc/elasticsearch/elasticsearch.yml

Uncomment the line “ my-application” by removing the # sign at the start of the line and replace “my-application” with graylog

Add the following line in the configuration file:

action.auto_create_index: false

Reload the daemon then start and enable Elastic Search Service.

systemctl daemon-reload
systemctl start elasticsearch.service
systemctl enable elasticsearch.service
systemctl status elasticsearch.service

Elastic Search uses port 9200 use curl command to verify Elastic Search.

curl -X GET http://localhost:9200

Now, We will install mongoDB. Graylog will use mongoDB so it is quite essential.

Use the following commands to install MongoDB.

apt update

apt install dirmngr gnupg apt-transport-https ca-certificates software-properties-common
wget -qO - | sudo apt-key add -
add-apt-repository 'deb [arch=amd64] focal/mongodb-org/4.4 multiverse'
apt install mongodb-org

Start and Enable MongoDB.

systemctl start mongod.service
systemctl enable mongod.service
systemctl status mongod.service

Install Graylog:

Download Garylog repository.

dpkg -i graylog-4.1-repository_latest.deb

Now, Install Graylog server.

apt update
apt install -y graylog-server

Graylog server is installed. Now, we will configure it.

Use pwgen command to generate a secret for secure user password.

pwgen -N 1 -s 96

Edit graylog configuration file to add above secret.

nano /etc/graylog/server/server.conf

locate line “password_secret” and add the secret after “=” sign.

add the following lines in the configuration file:

rest_listen_uri =
web_listen_uri =

save and quit the file.

Now Generate a password to access graylog server web. Use the following command to do so.

echo -n admin | sha256sum

replace admin with your desired password the one you want to set in above command.

Above mentioned command will generate a hash key. enter it in configuration file “/etc/graylog/server/server.conf” in line “root_password_sha2 = “

save and quit the file.

Start and enable graylog service.

systemctl daemon-reload
systemctl restart graylog-server.service
systemctl enable graylog-server.service
systemctl status graylog-server.service

uncomment the following line from configuration file:

http_bind_address =

Open Web browser and enter and enter admin as username and password.

After Entering credentials you will be enter graylog server. Now you can configure accordingly to see your logs.


Please enter your comment!
Please enter your name here

Latest articles