Skip to main content

Manual Install on Debian

Install the Prerequisites for Debian Minimal Installations

The steps in this guide has been tested to work with Debian 12. 

sudo apt install apt-transport-https uuid-runtime pwgen dirmngr gnupg wget

Screenshot 2022-11-03 235726.png

As of 2022-11-11, the official documentation for Graylog (https://docs.graylog.org/docs/debian) calls for Java 11. Graylog can run under a newer version of Java.

For this guide, I will be going with Java 17, the latest version of Java from the Debian 11 repository.

sudo apt intsall openjdk-17-jre-headless

Screenshot 2022-11-03 235818.png

Install MongoDB

Graylog requires MongoDB to run. Add the MongoDB repository to Debian 11 with the following commands:

wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -
echo "deb http://repo.mongodb.org/apt/debian buster/mongodb-org/4.4 main" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list
sudo apt update

Screenshot 2022-11-04 235742.png

Install MongoDB

sudo apt install mongodb-org -y

Screenshot 2022-11-04 235822.png

Enable MongoDB at boot

sudo systemctl daemon-reload
sudo systemctl enable mongod.service
sudo systemctl restart mongod.service

Screenshot 2022-11-05 000110.png

Install Elasticsearch

Add Elasticsearch repository

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/oss-7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
sudo apt update

Screenshot 2022-11-09 000306.png

Install Elasticsearch

sudo apt install elasticsearch-oss

Screenshot 2022-11-09 000355.png

Run the following command to edit the elasticsearch config file:

sudo tee -a /etc/elasticsearch/elasticsearch.yml > /dev/null << EOT
cluster.name: graylog
action.auto_create_index: false
EOT

Screenshot 2022-11-11 013037.png

Enable Elasticsearch at boot

sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service

Screenshot 2022-11-09 000511.png

Install Graylog Open Source

Download Graylog repository

wget https://packages.graylog2.org/repo/packages/graylog-4.3-repository_latest.deb

Screenshot 2022-11-09 000958.png

Unpack and install the repository

sudo dpkg -i graylog-4.3-repository_latest.deb

Screenshot 2022-11-09 001022.png

Update the repository and install Graylog Open Source

sudo apt update
sudo apt install graylog-server graylog-integrations-plugins

Screenshot 2022-11-11 013229.png

Generate a Password Secret and copy it down.

pwgen -N 1 -s 96

Screenshot 2022-11-11 013518.png

Generate an SHA256 hash of the admin account password, and copy it down.

echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1

Screenshot 2022-11-11 013702.png

Save those values to conf file at /etc/graylog/server/server.conf

sudo nano /etc/graylog/server/server.conf

Screenshot 2022-11-11 013911.png

Scroll down a bit in the conf file to find the HTTP line. Uncomment the line to allow Graylog WebGUI to run on localhost at port 9000. Change localhost to 0.0.0.0 to allow Graylog WebGUI to bind to any local network interface.

Save when finished.

Screenshot 2022-11-11 014155.png

Enable Graylog at boot.

sudo systemctl daemon-reload
sudo systemctl enable graylog-server.service
sudo systemctl restart graylog-server.service

Screenshot 2022-11-11 014318.png

Test Graylog WebGUI

Navigate to your Graylog instance's IP address at port 9000. You should now see the Graylog WebGui.

Screenshot 2022-11-11 014537.png






Back to top