Setup

Graylog Operations is a single package that includes the Graylog enterprise installation file.

Requirements

Warning: Graylog does not support Elasticsearch versions 7.11 or later. Do not upgrade Elasticsearch, as doing so will break your instance! We also recommend using the server versions of these operating systems, not the desktop versions with the UI.

Graylog Operations has the following prerequisites:

Operating Systems:
- Debian 10, 11
- Ubuntu 20.04, 22.04
- RHEL/CentOS/AlmaLinux/Rocky Linux 7-9
Elasticsearch 7.10.2 OR OpenSearch 1.x-2.x
MongoDB 5.x or 6.x
OpenJDK 17 (embedded in the 5.0 installation file)

Installation

DEB / APT

For installation on APT-based systems, such as Debian or Ubuntu, run the following commands:

Copy

sudo apt-get install apt-transport-https
wget https://packages.graylog2.org/repo/packages/graylog-<server_version>-repository_latest.deb
sudo dpkg -i graylog-<server_version>-repository_latest.deb
sudo apt-get update
sudo apt-get install graylog-enterprise

RPM / YUM / DNF

For installation on RPM-based systems, such as CentOS or Red Hat, run the following commands:

Copy

sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-<server_version>-repository_latest.rpm
sudo yum install graylog-enterprise

Edit the Configuration File

Read the instructions within the configuration file and edit as needed. The configuration file is at /etc/graylog/server/server.conf. Additionally, add password_secret and root_password_sha2, as these are mandatory, and Graylog will not start without them.

To create your root_password_sha2, run the following command:

Copy

echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1

To connect to Graylog, set https_bind_address to the public host name or a public IP address for the machine to which you can connect. Find more information about these settings in configuring the web interface.

Hint: If you are operating a single-node setup, and you would like to use for the Graylog web interface and the Graylog REST API, use NGINX or Apache as a reverse proxy.

Starting Graylog

Start Graylog with the command based on your operating system below.

OS	Init System	Command
RedHat/CentOS/AlmaLinux/Rocky Linux 7-9	systemd	sudo systemctl start graylog-server
Debian 10 & 11, Ubuntu 20.04, 22.04	systemd	sudo systemctl start graylog-server

The packages are configured to not start any Graylog services during boot. You can use the following commands to start Graylog when the operating system boots up:

OS	Init System	Command
RedHat/CentOS/AlmaLinux/Rocky Linux 7-9	systemd	sudo systemctl enable graylog-server
Debian 10 & 11, Ubuntu 20.04, 22.04	systemd	sudo systemctl enable graylog-server

Cluster Setup

If you run a Graylog cluster, add the enterprise plugins to every Graylog node. Your load balancer must route /api/plugins/org.graylog.plugins.archive/ only to the Graylog master node. Future versions of Graylog will automatically forward these requests to the correct node.

Requirements

Installation

DEB / APT

RPM / YUM / DNF

Edit the Configuration File

Starting Graylog

Cluster Setup

Update Graylog Operations