Direct Deployment

Installing software directly on Linux servers is typically done using operating system packages. Debian-based systems use DEB packages, Red Hat-based systems use RPM packages, and other distributions have similar formats.

To set up the Graylog repository, you simply install the latest package. After that, you can install Graylog and Data Node using apt-get or yum. Alternatively, the packages can be downloaded directly from the Graylog repository using a web browser.

Hint: It is also possible to manually install Graylog on Linux servers by downloading the tar archive from the download pages and extracting it on your system; however, this method is not generally recommended.

This article provides general information on the process of installing operating system packages. For step-by-step guides on installing Graylog on your preferred Linux-based operating system, see the complete list of installation guides available.

Prerequisites

Before proceeding, ensure that the following prerequisites are met:

Installation Guides

The following installation guides provide step-by-step guidance on installing Graylog on supported operating systems.

For installation guides on small-scale clusters with a single Graylog node, see the following:

For installation guides on medium to large clusters with multiple Graylog nodes, see the following:

For those intending to build larger or more complex environments, see the guidance on custom builds.

For general information on how to install Graylog using DEB and RPM packages, see the sections below.

DEB Operating System Package Installation

Graylog builds and hosts DEB packages for use with supported operating systems, like Debian and Ubuntu. Overall, the process of installation with DEB packages is as follows: 

1. Define the Graylog package repository:

Copy 
wget https://packages.graylog2.org/repo/packages/graylog-6.1-repository_latest.deb
sudo dpkg -i graylog-6.1-repository_latest.deb
sudo apt-get update

2. Next, install Data Node:

Copy 
sudo apt-get install graylog-datanode

3. After configuring Data Node, enable and start the service:

Copy 
sudo systemctl enable graylog-datanode.service
sudo systemctl start graylog-datanode

4. Then install the Graylog server software.

For Graylog Open:

Copy 
sudo apt-get install graylog-server

For Graylog Enterprise:

Copy 
sudo apt-get install graylog-enterprise

5. After the installation has completed successfully and you have set your configurations, start Graylog with the following commands:

Copy 
sudo systemctl daemon-reload
sudo systemctl enable graylog-server.service
sudo systemctl start graylog-server.service
sudo systemctl --type=service --state=active | grep graylog

Hint: The packages are configured not to start any Graylog services during boot. You can use the following command to start Graylog when the operating system is booting instead: sudo systemctl enable graylog-server.

DEB Manual Repository Installation

It is possible to manually define the repository; however, this is not recommended. To do so, follow these general steps:

1. First, add the Graylog GPG keyring that is being used to sign the packages to your system.

Hint: We assume that you have placed the GPG key into /etc/apt/trusted.gpg.d/.

2. Now create a file at /etc/apt/sources.list.d/graylog.list with the following content:

Copy 
deb https://packages.graylog2.org/repo/debian/ stable 6.1

3. Continue to follow the process of installing the Data Node and Graylog services as defined in the section above.

RPM Operating System Package Installation

Graylog builds and hosts RPM packages for use with supported operating systems, like Red Hat and SUSE. Generally, the process of installation with RPM packages is as follows: 

1. Define the Graylog package repository:

Copy 
sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-6.1-repository_latest.rpm

2. Next, install Data Node:

For Red Hat (RHEL)

Copy 
sudo yum install graylog-datanode

For SUSE: 

Copy 
sudo zypper install graylog-datanode

3. After configuring Data Node, enable and start the service:

Copy 
sudo systemctl enable graylog-datanode.service
sudo systemctl start graylog-datanode

4. Then install the Graylog server software, selecting the correct command depending on your operating system and Graylog product.

For Graylog Open on Red Hat:

Copy 
sudo yum install graylog-server

For Graylog Enterprise on Red Hat:

Copy 
sudo yum install graylog-enterprise

For Graylog Open on SUSE:

Copy 
sudo zypper install graylog-server

For Graylog Enterprise on SUSE:

Copy 
sudo zypper install graylog-enterprise

5. After the installation has completed successfully and you have set your configurations, started Graylog with the following commands:

Copy 
sudo systemctl daemon-reload
sudo systemctl enable graylog-server.service
sudo systemctl start graylog-server.service
sudo systemctl --type=service --state=active | grep graylog

Hint: The packages are configured not to start any Graylog services during boot. You can use the following command to start Graylog when the operating system is booting instead: sudo systemctl enable graylog-server.

RPM Manual Repository Installation

It is possible to manually define the repository; however, this is not recommended. To do so, follow these general steps:

1. Add the Graylog GPG keyring that is being used to sign the packages to your system.

Hint: We assume that you have placed the GPG key into /etc/pki/rpm-gpg/RPM-GPG-KEY-graylog.

2. Now create a file at /etc/yum.repos.d/graylog.repo with the following content:

Copy 
[graylog]
name=graylog
baseurl=https://packages.graylog2.org/repo/el/stable/6.1/$basearch/
gpgcheck=1
repo_gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-graylog

3. Continue to follow the process of installing the Data Node and Graylog services as defined in the section above.

Manual Installation on Linux Servers

You can manually install Graylog on Linux-based systems by downloading and extracting the Graylog tarball. We generally recommend you follow the process in the sections below.

Warning: Unless explicitly necessary, we do not recommend you install Graylog via tarball. Use of a supported operating system package is preferred!

Install JDK

Graylog requires Java 17 (e.g. OpenJDK). Refer to the OpenJDK documentation for more information on this process.

  1. Install OpenJDK.

    For Debian/Ubuntu:

    Copy 
    sudo apt-get install openjdk-17-jre
    sudo update-java-alternatives --set java-1.17.0-openjdk-amd64 --jre-headless

    For Red Hat (RHEL):

    Copy 
    sudo yum install java-17-openjdk-headless
    sudo update-alternatives --config java

    For SUSE: 

    Copy 
    sudo zypper install java-17-openjdk-headless
    sudo update-alternatives --config java

  2. Start the Graylog server: 

    Copy 
    cd /usr/share/graylog-server/bin/
    ./graylogctl start

Download Graylog

  1. Download the Graylog tarball from the official website:

    Copy 
    wget https://downloads.graylog.org/releases/graylog/6.1/graylog-6.1.0.tgz

  2. Extract the tarball:

    Copy 
    tar -xzf graylog-6.1.0.tgz
    sudo mv graylog-6.1.0 /usr/share/graylog

Further Reading

Explore the following additional resources and recommended readings to expand your knowledge on related topics: