Skip to main content

Install on Debian 11

Install the Prerequisites for Debian 11 Minimal Installations
sudo apt install apt-transport-https uuid-runtime pwgen dirmngr gnupg wget

Screenshot 2022-11-03 235726.png

As of 2022-11-11, the official documentation for Graylog (https://docs.graylog.org/docs/debian) calls for Java 11. Graylog can run under a newer version of Java.

For this guide, I will be going with Java 17, the latest version of Java from the Debian 11 repository.

sudo apt intsall openjdk-17-jre-headless

Screenshot 2022-11-03 235818.png

Install MongoDB

Graylog requires MongoDB to run. Add the MongoDB repository to Debian 11 with the following commands:

wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -
echo "deb http://repo.mongodb.org/apt/debian buster/mongodb-org/4.4 main" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list
sudo apt update

Screenshot 2022-11-04 235742.png

Install MongoDB

sudo apt install mongodb-org -y

Screenshot 2022-11-04 235822.png

Enable MongoDB at boot

sudo systemctl daemon-reload
sudo systemctl enable mongod.service
sudo systemctl restart mongod.service

Screenshot 2022-11-05 000110.png

Install Elasticsearch

Add Elasticsearch repository

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/oss-7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
sudo apt update

Screenshot 2022-11-09 000306.png

Install Elasticsearch

sudo apt install elasticsearch-oss

Screenshot 2022-11-09 000355.png

Run the following command to edit the elasticsearch config file:

sudo tee -a /etc/elasticsearch/elasticsearch.yml > /dev/null << EOT
cluster.name: graylog
action.auto_create_index: false
EOT

Screenshot 2022-11-11 013037.png

Enable Elasticsearch at boot

sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service

Screenshot 2022-11-09 000511.png

Install Graylog Open Source

Download Graylog repository

wget https://packages.graylog2.org/repo/packages/graylog-4.3-repository_latest.deb

Screenshot 2022-11-09 000958.png

Unpack and install the repository

sudo dpkg -i graylog-4.3-repository_latest.deb

Screenshot 2022-11-09 001022.png

Update the repository and install Graylog Open Source

sudo apt update
sudo apt install graylog-server graylog-integrations-plugins

Screenshot 2022-11-11 013229.png

Generate a Password Secret and copy it down.

pwgen -N 1 -s 96

Screenshot 2022-11-11 013518.png

Generate an SHA256 hash of the admin account password, and copy it down.

echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1

Screenshot 2022-11-11 013702.png

Save those values to conf file at /etc/graylog/server/server.conf

sudo nano /etc/graylog/server/server.conf

Screenshot 2022-11-11 013911.png

Scroll down a bit in the conf file to find the HTTP line. Uncomment the line to allow Graylog WebGUI to run on localhost at port 9000. Change localhost to 0.0.0.0 to allow Graylog WebGUI to bind to any local network interface.

Save when finished.

Screenshot 2022-11-11 014155.png

Enable Graylog at boot.

sudo systemctl daemon-reload
sudo systemctl enable graylog-server.service
sudo systemctl restart graylog-server.service

Screenshot 2022-11-11 014318.png

Test Graylog WebGUI

Navigate to your Graylog instance's IP address at port 9000. You should now see the Graylog WebGui.

Screenshot 2022-11-11 014537.png

Script Installation on Debian 11

Alternatively, you can use the following script I created to install Graylog. 

#!/bin/bash

#Simple script to install Graylog

#Update System
sudo apt -y update && sudo apt upgrade

#Install Prereq packages for Debian 11 minimal install
sudo apt -y install apt-transport-https openjdk-17-jre-headless uuid-runtime pwgen dirmngr gnupg wget

#Add MobgoDB Repo
wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -
echo "deb http://repo.mongodb.org/apt/debian buster/mongodb-org/4.4 main" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list
sudo apt update

#install and enable mongodb
sudo apt -y install mongodb-org
sudo systemctl daemon-reload
sudo systemctl enable mongod.service
sudo systemctl restart mongod.service

#add Elasticsearch Repo
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/oss-7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
sudo apt update

#install and enable Elasticsearch
sudo apt -y install elasticsearch-oss

#Edit Elasticsearch config file
sudo tee -a /etc/elasticsearch/elasticsearch.yml > /dev/null << EOT
cluster.name: graylog
action.auto_create_index: false
EOT

#Restart Elasticsearch
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service

#Install Graylog Open Source
wget https://packages.graylog2.org/repo/packages/graylog-4.3-repository_latest.deb
sudo dpkg -i graylog-4.3-repository_latest.deb
sudo apt update
sudo apt -y install graylog-server graylog-integrations-plugins

#Generate Password Secret and save it to conf file
password_secret=$(pwgen -N 1 -s 96)
sudo sed -i "s/password_secret =/password_secret =$password_secret/g" /etc/graylog/server/server.conf

#Generate initial SHA-256 Hash of the root password and save it to conf file
echo -n "Enter Password: "
read password
message=$(echo -n "$password" | sha256sum | awk '{ print $1 }')
sudo sed -i "s/root_password_sha2 =/root_password_sha2 =$message/g" /etc/graylog/server/server.conf

#Set Graylog to listen on localhost at port 9000
sudo sed -i "s/#http_bind_address = 127.0.0.1:9000/http_bind_address = 0.0.0.0:9000/g" /etc/graylog/server/server.conf

#Reload and enable graylog at boot
sudo systemctl daemon-reload
sudo systemctl enable graylog-server.service
sudo systemctl restart graylog-server.service







Back to top