- 08 Jul 2022
- 1 Minute to read
-
Print
-
DarkLight
Forwarder Installation
- Updated on 08 Jul 2022
- 1 Minute to read
-
Print
-
DarkLight
Introduction
The Forwarder is distributed in similar packaging and installation methods as the Graylog server. You can choose between operating system packages, docker, and binary tar installation methods for the Forwarder. Each installation method is described below in more detail.
Binary Installation
The binary installation can be performed by downloading the binaries and manually installing them on disk.
The latest Forwarder binaries can be obtained from the Downloads page by choosing the TGZ option.
Operating System Package Installation
The most common installation method is to use the Linux operating system packages. You can choose from DEB and RPM. If either of those tools is your method, be sure Java is available on your operating system (see System Requirements for appropriate Java version). In addition, be sure to have access to a TLS certificate and an API token generated from Graylog.
Install via DEB
- Download the DEB package:
sudo apt-get install apt-transport-https openjdk-11-jre-headless wget https://packages.graylog2.org/repo/packages/graylog-forwarder-repository_1-2_all.deb sudo dpkg -i graylog-forwarder-repository_1-2_all.deb sudo apt-get update
- Install the package:
sudo apt-get install graylog-forwarder
- Create the certificate and update the config file:
sudo vi /etc/graylog/forwarder/forwarder.conf
- Start the service:
sudo systemctl start graylog-forwarder.service
RPM Install Instructions
- Install the Graylog repository configuration:
sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-forwarder-repository-1-2.noarch.rpm
- Install the
graylog-forwarder
package:sudo yum install graylog-forwarder
- Create the certificate and update the configuration file:
sudo vi /etc/graylog/forwarder/forwarder.conf
- Start the service:
sudo systemctl start graylog-forwarder.service
Docker Installation
Additionally, your Forwarder is available as a Docker image. Regardless of your installation method, you’re required to create a digital certificate to ensure better security. The forwarder is also available as a docker image. To download the image, run the following command: docker pull graylog/graylog-forwarder:<release-version>
To run the container, you will need to pass it the following environment variables:
GRAYLOG_FORWARDER_SERVER_HOSTNAME
GRAYLOG_FORWARDER_GRPC_API_TOKEN
You’ll also need to mount the certificate file as a volume. Here is an example command:
docker run -e GRAYLOG_FORWARDER_SERVER_HOSTNAME=ingest.<SERVER NAME> -e GRAYLOG_FORWARDER_GRPC_API_TOKEN=<INSERT_API_TOKEN_HERE> -v /path/to/cert/cert.pem:/etc/graylog/forwarder/cert.pem graylog/graylog-forwarder:<release-version>