‍Are you looking for a powerful and efficient way to manage logs and analyze data in real-time? Look no further than Graylog, a free and open-source log management platform. In this comprehensive guide, we will walk you through the process of setting up a centralized log system with Graylog on Debian 11. We’ll cover everything from installing basic package dependencies to configuring Graylog and setting up Nginx as a reverse proxy. So let’s dive in and get started!

Prerequisites

Before we begin, make sure you have the following:

1. A Linux Debian 11 server with at least 4GB of RAM.
2. A non-root user with sudo or administrator privileges.

Installing Basic Package Dependencies

To get started, we need to install some basic package dependencies for Graylog. Open your terminal and run the following commands:

sudo apt update
sudo apt install apt-transport-https openjdk-11-jre-headless uuid-runtime pwgen dirmngr gnupg wget

This will update your Debian repository and install the necessary packages for Graylog.

Installing MongoDB

Graylog uses MongoDB, a NoSQL database, to store all its configuration information. To install MongoDB, follow these steps:

1. Add the MongoDB GPG key and repository to your Debian server:

wget -qO https://www.mongodb.org/static/pgp/server-4.2.asc | sudo apt-key add-
echo "deb http://repo.mongodb.org/apt/debian buster/mongodb-org/4.2 main" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.2.list

2. Refresh your Debian repository:

sudo apt update

3. Install MongoDB packages:

sudo apt install -y mongodb-org

4. Reload the systemd manager:

sudo systemctl daemon-reload

5. Enable and restart the MongoDB service:

sudo systemctl enable mongod.service
sudo systemctl restart mongod.service

6. Verify the MongoDB service:

sudo systemctl status mongod

Installing Elasticsearch

Next, we need to install Elasticsearch, which Graylog uses as a search engine. Follow these steps to install Elasticsearch:

1. Add the Elasticsearch GPG key and repository to your Debian system:

wget -qO https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add-
echo "deb https://artifacts.elastic.co/packages/oss-7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list

2. Update and refresh your Debian repository:

sudo apt update

3. Install Elasticsearch packages:

sudo apt install elasticsearch-oss

4. Add the configuration to the Elasticsearch config file:

sudo tee -a /etc/elasticsearch/elasticsearch.yml > /dev/null << EOT
cluster.name: graylog
action.auto_create_index: false
EOT

5. Reload the systemd manager:

sudo systemctl daemon-reload

6. Enable and restart the Elasticsearch service:

sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service

7. Verify the Elasticsearch service:

sudo systemctl status elasticsearch.service

Installing and Configuring Graylog Server

Now that we have installed the necessary dependencies, it’s time to install and configure the Graylog server. Follow these steps:

1. Download the Graylog repository .deb file and install it:

wget https://packages.graylog2.org/repo/packages/graylog-4.2-repository_latest.deb
sudo dpkg -i graylog-4.2-repository_latest.deb

2. Update and refresh your Debian repository:

sudo apt update

3. Install Graylog packages:

sudo apt install graylog-server graylog-enterprise-plugins graylog-integrations-plugins graylog-enterprise-integrations-plugins

4. Generate the Graylog password secret:

pwgen -N 1 -s 96

5. Generate the encrypted password for the Graylog administration password:

echo -n "Enter Password: " && head -1 </dev/stdin | tr -d 'n' | sha256sum | cut -d " " -f1

6. Edit the Graylog server configuration file:

sudo nano /etc/graylog/server/server.conf

7. Copy and paste the generated Graylog password secret and the Graylog administration password to the respective fields:

password_secret = Eqq4M8EHpKbGfgi6C05t19hJ5WmF3nkVS8yjwclYHtvwsTXRulNHEsaWuy85QUTNIUc6b2ovfRjvR7yD5kwNTPAJCCw39T3d
root_password_sha2 = 05a181f00c157f70413d33701778a6ee7d2747ac18b9c0fbb8bd71a62dd7a223

8. Reload the systemd manager:

sudo systemctl daemon-reload

9. Enable and start the Graylog server service:

sudo systemctl enable graylog-server.service
sudo systemctl start graylog-server.service

10. Verify the Graylog server service:

sudo systemctl status graylog-server.service

Congratulations! You have successfully installed and configured the Graylog server on your Debian 11 system. Now let’s move on to setting up Nginx as a reverse proxy.

Setting Up Nginx as a Reverse Proxy

To run Graylog with your own domain name, we will set up Nginx as a reverse proxy. Follow these steps:

1. Install the Nginx package:

sudo apt install nginx -y

2. Create a new Nginx virtual host configuration:

sudo nano /etc/nginx/sites-available/graylog.conf

3. Add the following Nginx configuration:

server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name graylog.example.org;

location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Graylog-Server-URL http://$server_name/;
proxy_pass http://127.0.0.1:9000;
}
}

4. Save and close the file.
5. Activate the configuration and verify the Nginx configuration:

sudo ln -s /etc/nginx/sites-available/graylog.conf /etc/nginx/sites-enabled/
sudo nginx -t

6. Restart the Nginx service:

sudo systemctl restart nginx

Now you can access your Graylog installation using your domain name. Open your web browser and visit http://graylog.example.org/. You will be redirected to the Graylog login page.

Conclusion

In this article, we have covered the step-by-step process of setting up a centralized log system with Graylog on Debian 11. We started by installing the necessary package dependencies, including Java and MongoDB. Then, we installed and configured Elasticsearch as the search engine for Graylog. Next, we installed and configured the Graylog server itself, generating passwords and editing the configuration file. Finally, we set up Nginx as a reverse proxy to run Graylog with a custom domain name.

Graylog is a powerful tool for managing logs and analyzing data in real-time. It offers a flexible and efficient centralized log management platform that can handle both structured and unstructured data from various sources. By following the steps outlined in this guide, you can easily set up your own centralized log system and gain valuable insights from your logs.

If you’re looking for reliable and scalable cloud hosting solutions, consider Shape.host. They offer Cloud VPS services that can provide the performance and security you need for your Graylog installation. With Shape.host, you can focus on leveraging the power of Graylog while leaving the infrastructure management to the experts. Visit Shape.host today to learn more about their services.