Upgrade Graylog on Debian

This guide describes the recommended way to install Graylog on Debian Linux 10 (Buster), 11 (Bullseye), and 12 (Bookworm). All links and packages are present at the time of writing.

Warning: This guide does not cover security settings! The server administrator must make sure the Graylog server is not publicly exposed and is following security best practices.

Prerequisites

The following tasks must be completed before upgrading the Graylog server. If they are not completed, problems may occur. Once the prerequisites are satisfied, then you may proceed with the upgrade process.

  • Review the release notes of the version(s) of Graylog that you will upgrade to. You can find release notes for Graylog 6.1 in the documentation.

  • You may also need to perform manual edits to the Graylog server.conf configuration file before restarting the Graylog server. Information on manual tasks required by a version of Graylog can be found in the changelogs and the Upgrading Graylog pages in the documentation.

  • Ensure that you back up both the MongoDB and OpenSearch database states prior to upgrading any component of the Graylog stack to create a rollback option.

  • In preparation for upgrading Graylog, you must first satisfy any software prerequisites. MongoDB and OpenSearch must be running at least the minimum required version for the version of Graylog to which you wish to upgrade. Please refer to the following chart to determine your version compatibility requirements:

WarningWe caution you not to install or upgrade to Elasticsearch 7.11+ or OpenSearch 2.16+! These versions are not supported. Installing them will break your instance!

Graylog Version Minimum MongoDB Version Maximum MongoDB Version Minimum Elasticsearch Version Maximum Elasticsearch Version Minimum OpenSearch Version Maximum OpenSearch Version
4.0.x 3.6 4.2 6.8 or 7.0 7.1 Not Supported Not Supported
4.1.x 3.6 4.4 6.8 or 7.0 7.1 Not Supported Not Supported
4.2.x 3.6 4.4 6.8 or 7.0 7.10.2 Not Supported Not Supported
4.3.x 3.6 5.0 6.8 or 7.0 7.10.2 1.1.x (or 1.3.x for Graylog Security) 1.3.x

5.0.x

5.0.7

6.x

7.10.2

7.10.2

1.1.x (or 1.3.x for Graylog Security)

2.13.x

5.1.x

5.0.7

6.x

7.10.2

7.10.2

1.1.x (or 1.3.x for Graylog Security)

2.13.x

5.2.x

5.0.7

6.x

7.10.2

7.10.2

1.1.x (or 1.3.x for Graylog Security)

2.13.x

6.0.x

5.0.7

7.x

7.10.2

7.10.2

1.1.x (or 1.3.x for Graylog Security)

2.15.x

6.1.x

5.0.7

7.x

7.10.2

7.10.2

1.1.x (or 1.3.x for Graylog Security)

2.15.x

Upgrading Multiple Versions of Graylog

Do not skip a major version when upgrading Graylog. For example, to upgrade from 3.3 to 4.3, first upgrade to the major version 4.0 and then to 4.3. See Upgrade Path for more information on this process.

Additionally, when upgrading through multiple versions of Graylog, ensure that you restart the Graylog service each time an upgrade is performed. You can confirm your new version has installed successfully by verifying the ServerBootstrap message indicates a successful start up in the server.log file:

2024-08-25T00:01:50.883Z INFO [ServerBootstrap] Graylog server up and running.

Software Verification

In order to verify that you are running the desired version of either of the dependencies mentioned above, enter the following command, replacing the name of each application with the one you want to verify:

Copy
sudo apt list --installed | grep 'mongo\|opensearch\|graylog'

Upgrading Graylog on Debian

Complete the following steps to upgrade your Graylog instance using your package manager of choice (e.x. APT_GET):

1. Shutdown the Graylog node.

Copy
sudo systemctl stop graylog-server

2. Monitor the status of the Graylog node.

Copy
ps -aefww | grep graylog

3. Once the Graylog node is down, update the local package cache.

Copy
sudo apt-get update

4. Display available versions of Graylog.

Copy
sudo apt-cache policy graylog-server graylog-enterprise

5. Use the system tools to upgrade the Graylog package(s).

  • If the version is not specified in the command, then the latest version in the repository will be installed.

  • If you have a lock on the Graylog package, you may then be prompted to remove it before allowing the upgrade to execute.

For Graylog Open:

Copy
wget https://packages.graylog2.org/repo/packages/graylog-6.1-repository_latest.deb
sudo dpkg -i graylog-6.1-repository_latest.deb
sudo apt-get update
sudo apt-get install graylog-server

For Graylog Enterprise: 

Copy
wget https://packages.graylog2.org/repo/packages/graylog-6.1-repository_latest.deb
sudo dpkg -i graylog-6.1-repository_latest.deb
sudo apt-get update
sudo apt-get install graylog-enterprise

To display installed graylog-* packages:

Copy
sudo apt list --installed | grep graylog

6. Make any necessary changes to Graylog configuration file(s) as indicated by version.

7. Mark the package on-hold so that package updates do not accidentally upgrade the Graylog server.

For Graylog Open:

Copy
sudo apt-mark hold graylog-server

For Graylog Enterprise:

Copy
sudo apt-mark hold graylog-enterprise

8. Finally, restart the Graylog node.

Copy
sudo systemctl restart graylog-server