One of the most common ways to install software on Linux servers is to use operating system packages. Debian has DEB, Red Hat has RPM, and many other distributions are based on those or come with their own package formats. Online repositories of software packages and corresponding package managers make installing and configuring new software a matter of a single command and a few minutes of time.

Graylog offers official DEB and RPM package repositories for the following supported operating systems:

  • Debian 10, 11

  • Ubuntu 20.04, 22.04

  • Red Hat Enterprise Linux 7-9 and compatible (AlmaLinux, Rocky Linux, etc)

  • SUSE Linux Enterprise Server 13, 15

The repositories can be set up by installing a single package. Once that’s done, the Graylog packages can be installed via apt-get or yum. The packages can also be downloaded with a web browser in the Graylog operating system package repository.

Prerequisites

WarningGraylog 5.0 only supports version 7.10.2 of Elasticsearch! We recommend you use OpenSearch 2.x as your data node to support Graylog 5.0.

Make sure to install and configure the following software before installing and starting any Graylog services:

  • MongoDB 5.x, 6.x
  • OpenSearch 1.x, 2.x OR Elasticsearch 7.10.2

Step-by-Step Guides

DEB / APT

Graylog builds & hosts DEB packages to install software with.

1. To define the Graylog Package Repository, install the graylog-5.0-repository_latest.deb package.

Copy 
wget https://packages.graylog2.org/repo/packages/graylog-5.0-repository_latest.deb
sudo dpkg -i graylog-5.0-repository_latest.deb
sudo apt-get update

2. Next, select a version to install:

Copy 
# Debian/Ubuntu
sudo apt-cache policy graylog-server

3. Then install the Graylog Server software:

Copy 
# Debian/Ubuntu
sudo apt-get install graylog-server=5.0.3-1

After the installation has completed successfully, Graylog can be started with the following commands. Make sure to use the correct command for your operating system.

OS

Init System

Command

Debian 10 & 11, Ubuntu 20 & 22

systemd

sudo systemctl start graylog-server

The packages are configured to not start any Graylog services during boot. You can use the following commands to start Graylog when the operating system is booting.

OS

Init System

Command

Debian 10 & 11, Ubuntu 20 & 22

systemd

sudo systemctl enable graylog-server

Manual Repository Installation

If you'd prefer not to install the repository DEB to get the repository configuration onto your system, you can manually define the repository (although this is not recommended).

First, add the Graylog GPG keyring that is being used to sign the packages to your system.

HintWe assume that you have placed the GPG key into /etc/apt/trusted.gpg.d/.

Now create a file /etc/apt/sources.list.d/graylog.list with the following content:

Copy 
deb https://packages.graylog2.org/repo/debian/ stable 5.0 

After installation, consider marking the package on-hold so that package updates do not accidentally upgrade the Graylog Server:

Copy 
# Debian/Ubuntu
sudo apt-mark hold graylog-server
sudo apt-mark showhold | grep graylog-server

When you want to upgrade the Graylog Server Package, remove the hold:

Copy 
# Debian/Ubuntu
sudo apt-mark unhold graylog-server

RPM / YUM / DNF

Download and install graylog-5.0-repository_latest.rpm via rpm(8):

Copy 
sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-5.0-repository_latest.rpm

# RHEL 7.x/8.x (and Compatible)
sudo yum list graylog-server --showduplicates
sudo yum install graylog-server-5.0.2-1

# RHEL 9.x (and Compatible), Fedora, CentOS Stream
sudo dnf list graylog-server --showduplicates
sudo dnf install graylog-server-5.0.2-1

# SLES
sudo zypper search -s graylog-server
sudo zypper install graylog-server-5.0.2-1

After the installation completes successfully, Graylog can be started with the following commands. Make sure to use the correct command for your operating system.

OS

Init System

Command

RHEL 7-9 (and Compatible)

systemd

sudo systemctl start graylog-server

The packages are configured to not start any Graylog services during boot. You can use the following commands to start Graylog when the operating system is booting.

OS

Init System

Command

RHEL 7-9 (and Compatible)

systemd

sudo systemctl enable graylog-server

Consider locking the Package after installation so that package updates do not accidentally upgrade the Graylog server. In CentOS/RHEL, the versionlock package can be used to accomplish this.

Copy 
# RHEL/CentOS 7
sudo yum install yum-plugin-versionlock
sudo yum versionlock add graylog-server
sudo yum versionlock list | grep graylog-server
# RHEL/CentOS 8/9
sudo yum install python3-dnf-plugin-versionlock
sudo yum versionlock add graylog-server
sudo yum versionlock list | grep graylog-server
# SLES
sudo zypper addlock graylog-server*

When you want to upgrade the Graylog Server Package, remove the lock:

Copy 
# RHEL/CentOS 7/8/9
sudo yum versionlock delete graylog-server
# SLES
sudo zypper removelock graylog-server*

Manual Repository Installation

If you prefer not to install the repository RPM to get the repository configuration onto your system, you can do so manually (although we do not recommend this method).

First, add the Graylog GPG key, which is being used to sign the packages to your system.

Hint: We assume that you have placed the GPG key into /etc/pki/rpm-gpg/RPM-GPG-KEY-graylog.

Now create a file named /etc/yum.repos.d/graylog.repo with the following content:

Copy 
[graylog]
name=graylog
baseurl=https://packages.graylog2.org/repo/el/stable/5.0/$basearch/
gpgcheck=1
repo_gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-graylog

Feedback

Please file a bug report in the GitHub repository for the operating system packages if you run into any packaging related issues.