Graylog is a free and open log management tool based on Java, ElasticSearch and MongoDB. Graylog can be used to collect, index and analyze any server log from a centralized location or distributed location . We can easily monitor all unusual activity for troubleshooting applications and logs with Graylog. Graylog provides a powerful query language, alarm capabilities, a data transformation processing pipeline and much more. We can also extend Graylog's functionality through a REST API and add-ons.
There is currently no official guide for Graylog v3.1 on Debian 10. yet.
Installation of Graylog v3.1 on Debian 10 is available in 9 steps:
- Step 1: Update system with Debian Backport archive
- Step 2: Install some helper
- Step 3 : Install headless JAVA runtime v1
- Step 4: Install MongoDB v4.2, a database to store configurations and meta information.
- Step 5: Install Elasticsearch-OSS 6.x: It stores all incoming messages and provides a search function.
- Step 6: Install Graylog v3.1 – It receives and logs from various inputs and provides a web interface for analysis and monitoring.
- Step 7: Configure Graylog
- Step 8: Test Graylog
- Step 9: Log in Graylog
- A minimal Debian 10. We can refer to this tutorial.
- At least 4 GB of RAM, 2-core CPU and 20 GB of discs
- Default password: KataLaluan
- Default secret: SecretRahsiaSecreta
- root access with " su – " Debian recently changed su command behavior. now & # 39; su & # 39; command does not replace PATH. use " su – " instead.
Step 1: Update systems with Debian Backport
Configure the system to use the Debian backports archive
cat> /etc/apt/sources.list << EOF
deb http: //ftp.debian .org / debian / buster main contrib non-free
deb http://security.debian.org/debian-security buster / updates main contrib non-free
deb http://ftp.debian.org/ debian / buster updates main contrib non-free
deb http://ftp.debian.org/debian buster-backports main contrib non-free
apt -y update
apt -y dist-upgrade
Step 2 – Install headless Java runtime v11.00
Graylog and Elasticsearch is a Java based program. So we need to install Java on your system. By default, the latest version of Java is available in the standard Debian 10 repository. We can install it by just running the following command:
apt -y install apt-transport-https default-jdk
Step 3 – Install some helper
We need to install some useful tools as helpers in the process:
- GnuPG – a implementation of the OpenPGP standard, to assist with the key management system
- wget – a tool for downloading files using HTTP, HTTPS and FTP, the most commonly used Internet protocols
apt -y install gnupg wget
Step 4 – Install MongoDB v4.2
By default, MongoDB is not available in Debian 10 standard repository. So we need to add the MongoDB layer to the system:
apt-key adv --keyserver hkp: //keyserver.ubuntu.com: 80 --recv 4B7C549A058F8B6B
echo "deb http: //repo.mongodb. org / apt / debian buster / mongodb-org / 4.2 main "| tee /etc/apt/sources.list.d/latest-mongodb.list Chapter19459017achteapt -y update
apt install -y mongodb-org
Enable and restart MongoDB services:
systemctl enable mongod. service
systemctl start mongod.service
Step 5: Install Elasticsearch-OSS 6.x
Right now Graylog v3.1 is not supported Elasticsearch-OSS 7.x yet  We will add the Elasticsearch key and archive to Debian. With the elasticsearch repository from elastic.co we can install Elasticsearch by running the following command:
wget -qO - https://artifacts.elastic.co/GPG- KEY-elasticsearch | apt-key add -
echo "deb https://artifacts.elastic.co/packages/oss-6.x/apt stable main" | tee -a /etc/apt/sources.list.d/latest-elastic-6.x.listvud19459017achteapt -y update
apt -y install elasticsearch-oss
Configure Elasticsearch for the cluster name
sed -i "s / # cluster.name: my-application / cluster.name: graylog- application / g" /etc/elasticsearch/elasticsearch.yml 12719659033] Enable and restart Elasticsearch services:
systemctl enable elasticsearch.service
systemctl start elasticsearch.service
Step 6: Install Graylog v3.1
We are going to download one simple Graylog package that helps add Graylog key and configure Graylog archive
cd / tmp /
wget https://packages.graylog2.org/repo/packages /graylog-3.1-repository_latest.debuut19459017achtedpkg -i graylog-3.1-repository_latest.deb
apt -y update
Install G raylog by running the following command:
apt - y in stall graylog server
Step 7: Configure Graylog
Remove the password and copy the hash. " KataLaluan " is the currently selected password.
echo & # 39; KataLaluan & # 39; | tr -d & # 39; n & # 39; | sha256sum | cut -d "" -f1
Add the hash password to the Graylog configuration file
sed -i "s / ^ root_password_sha2 = $ / root_password_sha2 = a25d2f6605c9e27f182d39b66a8b24f2bcf4b2bfbbbbbbbbbbbbbbbbbbbbfb ?? 19199009003 Add the secret to the Graylog configuration file The minimum length is 16 characters.
sed -i "s / ^ password_secret = $ / password_secret = SecretRahsiaSecreta / g" / etc / graylog / server / server. confebrit19659033 ?? Allow external access to graylog
sed -i "s / ^ # http_bind_address = 127.0.0.1:9000/http_bind_address = 0.0.0.0:9000/g" /etc/graylog/server/server.confebrit19659033 ?? Change time zone located
sed -i "s / # root_timezone = UTC / root_timezone = Asia / Kuala_Lumpur / g" / etc / graylog /server/server.conf Chapter19459004 ???? 19659033 ??? ? 1919900900: Enable and restart G raylog services:
systemctl enable graylog-server.service
systemctl start graylog-server.service
If Graylog is behind a router, we must set the router's WAN IP address in the Graylog configuration. There may also be DNS-A records pointing to the same IP address
sed -i & # 39; / http_publish_uri = / c http_publish_uri = http: // graylog.howtoforge.com : 9000 / & # 39; / etc / graylog / server / server.conf
Step 8: Test Graylog
Lets test Graylog using some primitive commands
apt -y install netcat curl
Here are some sample commands to log in .  echo "Hi Graylog, let's be friends." | nc -w 1 -u 127.0.0.1 9099
Here are some sample commands to get Graylog server API status.
curl -X GET http: // localhost: 9200
curl - XGET & # 39; http: // localhost: 9200 / _cluster / health? Pretty = true & # 39;
Here are some sample commands to get Graylog server log.
tail -f / var / log / graylog-server / server.log
Step 9: Log in Graylog
Let WebGUI be used. The URL can be:
- http: //
: 9000 /
- http: //
: 9000 /
- http: //
: 9000 /
Examples of URL
- http://192.168.0.3:9000/  http://220.127.116.11:9000/  http: //graylog.howtoforge: 9000 /  After entering the URL in a browser, we will see the following login page, default name is admin and the selected password is KataLaluan,
After login we would see the following Graylog page:
Clearly, we have installed and configured Graylog 3.1 server on Debian 10. Now we can easily see the logs and the analysis of the system logs at the central location. Get more information from the Graylog documentation page. Comment and feedback if you have any questions.