How to Install Graylog on Ubuntu 24.04

February 24, 2025 rootlogic ubuntu graylog security

Graylog is a powerful log management and analysis platform. This guide will walk you through installing Graylog 5.2 on Ubuntu 24.04, including all required components.

Prerequisites

  • Ubuntu 24.04 server
  • Minimum 4GB RAM (8GB recommended)
  • Root privileges or sudo access
  • Java 17 or newer

Step 1: System Preparation

First, update your system:

sudo apt update
sudo apt upgrade -y

Step 2: Install Java

sudo apt install openjdk-17-jre-headless -y

Verify Java installation:

java -version

Step 3: Install MongoDB

Import MongoDB GPG key and repository:

sudo apt install gnupg curl

curl -fsSL https://www.mongodb.org/static/pgp/server-7.0.asc | \
   sudo gpg -o /usr/share/keyrings/mongodb-server-7.0.gpg \
   --dearmor

echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-7.0.gpg ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/7.0 multiverse" | \
   sudo tee /etc/apt/sources.list.d/mongodb-org-7.0.list

Install MongoDB:

sudo apt update
sudo apt install mongodb-org -y

sudo systemctl daemon-reload 
sudo systemctl enable mongod
sudo systemctl start mongod

Step 4: Install OpenSearch

Import OpenSearch GPG key and repository:

curl -fsSL https://artifacts.opensearch.org/publickeys/opensearch.pgp | \
   sudo gpg -o /usr/share/keyrings/opensearch-archive-keyring.gpg \
   --dearmor

echo "deb [signed-by=/usr/share/keyrings/opensearch-archive-keyring.gpg] https://artifacts.opensearch.org/releases/bundle/opensearch/2.x/apt stable main" | \
   sudo tee /etc/apt/sources.list.d/opensearch-2.x.list

Install OpenSearch:

sudo apt update
sudo apt install opensearch -y

Configure OpenSearch:

sudo nano /etc/opensearch/opensearch.yml

Update these settings:

cluster.name: graylog
node.name: node-1
network.host: localhost
http.port: 9200
discovery.type: single-node
plugins.security.disabled: true

Start OpenSearch:

sudo systemctl daemon-reload
sudo systemctl enable opensearch
sudo systemctl start opensearch

Step 5: Install Graylog

Add Graylog repository:

wget https://packages.graylog2.org/repo/packages/graylog-5.2-repository_latest.deb
sudo dpkg -i graylog-5.2-repository_latest.deb

Install Graylog server:

sudo apt update
sudo apt install graylog-server -y

Step 6: Configure Graylog

Generate password secret:

pwgen -N 1 -s 96

Generate admin password hash:

echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1

Edit Graylog configuration:

sudo nano /etc/graylog/server/server.conf

Update these settings:

password_secret = YOUR_GENERATED_SECRET
root_password_sha2 = YOUR_PASSWORD_HASH
http_bind_address = 0.0.0.0:9000
elasticsearch_hosts = http://localhost:9200
mongodb_uri = mongodb://localhost:27017/graylog

Step 7: Start Graylog

sudo systemctl daemon-reload
sudo systemctl enable graylog-server
sudo systemctl start graylog-server

Step 8: Configure Firewall

sudo ufw allow 9000/tcp
sudo ufw reload

Troubleshooting

Check Service Status

sudo systemctl status mongod
sudo systemctl status opensearch
sudo systemctl status graylog-server

View Logs

sudo tail -f /var/log/graylog-server/server.log
sudo tail -f /var/log/mongodb/mongod.log
sudo tail -f /var/log/opensearch/graylog.log

Common Issues

MongoDB Connection Issues

sudo mongosh
> show dbs
> use graylog
> show collections

OpenSearch Not Starting

sudo sysctl -w vm.max_map_count=262144

Initial Setup

Access Graylog web interface:

http://your-server-ip:9000

Default login credentials:

  • Username: admin
  • Password: (the one you set earlier)

Security Recommendations

  • Change default ports
  • Set up SSL/TLS
  • Configure authentication backends
  • Implement role-based access control
  • Regular security updates

Performance Tuning

MongoDB Optimization

sudo nano /etc/mongod.conf
wiredTiger:
  engineConfig:
    cacheSizeGB: 2

OpenSearch Optimization

sudo nano /etc/opensearch/jvm.options
-Xms2g
-Xmx2g

Maintenance

Backup Configuration

sudo cp /etc/graylog/server/server.conf /etc/graylog/server/server.conf.backup
sudo mongodump --db graylog --out /backup/mongodb/

Update Procedure

sudo apt update
sudo apt upgrade graylog-server

Conclusion

Your Graylog installation is now complete. Remember to:

  • Configure input sources
  • Set up log retention policies
  • Create dashboards and alerts
  • Monitor system resources
  • Regularly backup your data