Install on Debian 11
Install the Prerequisites for Debian 11 Minimal Installations
sudo apt install apt-transport-https uuid-runtime pwgen dirmngr gnupg wget
As of 2022-11-11, the official documentation for Graylog (https://docs.graylog.org/docs/debian) calls for Java 11. Graylog can run under a newer version of Java.
For this guide, I will be going with Java 17, the latest version of Java from the Debian 11 repository.
sudo apt intsall openjdk-17-jre-headless
Install MongoDB
Graylog requires MongoDB to run. Add the MongoDB repository to Debian 11 with the following commands:
wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -
echo "deb http://repo.mongodb.org/apt/debian buster/mongodb-org/4.4 main" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list
sudo apt update
Install MongoDB
sudo apt install mongodb-org -y
Enable MongoDB at boot
sudo systemctl daemon-reload
sudo systemctl enable mongod.service
sudo systemctl restart mongod.service
Install Elasticsearch
Add Elasticsearch repository
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/oss-7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
sudo apt update
Install Elasticsearch
sudo apt install elasticsearch-oss
Run the following command to edit the elasticsearch config file:
sudo tee -a /etc/elasticsearch/elasticsearch.yml > /dev/null << EOT
cluster.name: graylog
action.auto_create_index: false
EOTEnable Elasticsearch at boot
sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service
Install Graylog Open Source
Download Graylog repository
wget https://packages.graylog2.org/repo/packages/graylog-4.3-repository_latest.deb
Unpack and install the repository
sudo dpkg -i graylog-4.3-repository_latest.deb
Update the repository and install Graylog Open Source
sudo apt update
sudo apt install graylog-server graylog-integrations-plugins