To use Graylog Enterprise, you must obtain a license from the Graylog Enterprise sales team.

DEB / RPM Package

Complete the default installation with the system package tools, which includes the repository installation described in the Operating System Packages installation guides.

HintThese packages can only be used if you install Graylog via the Operating System Packages!

DEB

Installation on distributions like Debian or Ubuntu can be done with apt-get as an installation tool from the previously installed online repository.

Copy
sudo apt-get install graylog-enterprise

RPM

Installation on distributions like CentOS or Red Hat can be done with YUM as an installation tool from the previously installed online repository.

Copy
sudo yum swap graylog-server graylog-enterprise

Tarball

Download the tar archive from the download pages and extract it on your system:

Copy
tar xvfz graylog-5.1.tgz
cd graylog-5.1

JAR File

Depending on the Graylog setup method you use, you may need to install the plugin in different locations.

Plugin Installation Locations

Installation Method

Directory

Operating System Packages

/usr/share/graylog-server/plugin/

Manual Setup

/<extracted-graylog-tarball-path>/plugin/

Also, check the plugin_dir configuration option in the Graylog server configuration file. The default might have been changed.

Install the Enterprise plugin JAR files alongside the other Graylog plugins. Your plugin directory should look similar to the image below after you install the Enterprise plugins.

Copy
plugin/
├── graylog-plugin-aws-4.0.1.jar
├── graylog-plugin-collector-4.0.1.jar
├── graylog-plugin-enterprise-4.0.1.jar
└── graylog-plugin-threatintel-4.0.1.jar

Binary Files

Depending on the Graylog setup method you use, you may need to copy the binaries into different locations.

Binaries Installation Locations

Installation Method

Directory

Operating System Packages

/usr/share/graylog-server/bin/

Manual Setup

/<extracted-graylog-tarball-path>/bin/

Make sure to check the bin_dir configuration option set in your Graylog server configuration file, as the default may have changed.

Server Restart

After you install the Graylog Enterprise plugins, restart each Graylog server to load the plugins.

HintWe recommend restarting one server at a time!

Your server logs should look something like this if the plugins were installed and loaded successfully:

Copy
2017-12-18T17:39:10.797+01:00 INFO [CmdLineTool] Loaded plugin: AWS plugins 3.3.2 [org.graylog.aws.plugin.AWSPlugin]
2017-12-18T17:39:10.809+01:00 INFO [CmdLineTool] Loaded plugin: Collector 3.3.2 [org.graylog.plugins.collector.CollectorPlugin]
2017-12-18T17:39:10.811+01:00 INFO [CmdLineTool] Loaded plugin: Enterprise Integration Plugin 3.3.2 [org.graylog.plugins.enterprise_integration.EnterpriseIntegrationPlugin]
2017-12-18T17:39:10.805+01:00 INFO [CmdLineTool] Loaded plugin: Graylog Enterprise 3.3.2 [org.graylog.plugins.enterprise.EnterprisePlugin]
2017-12-18T17:39:10.827+01:00 INFO [CmdLineTool] Loaded plugin: Threat Intelligence Plugin 3.3.2 [org.graylog.plugins.threatintel.ThreatIntelPlugin]