Graylog Operations is a single package that includes the Graylog enterprise installation file.

Requirements

WarningGraylog does not support Elasticsearch versions 7.11 or later. Do not upgrade Elasticsearch, as doing so will break your instance! We also recommend using the server versions of these operating systems, not the desktop versions with the UI.

Graylog Operations has the following prerequisites:

Installation

DEB / APT

For installation on APT-based systems, such as Debian or Ubuntu, run the following commands:

Copy
sudo apt-get install apt-transport-https
wget https://packages.graylog2.org/repo/packages/graylog-<server_version>-repository_latest.deb
sudo dpkg -i graylog-<server_version>-repository_latest.deb
sudo apt-get update
sudo apt-get install graylog-enterprise

RPM / YUM / DNF

For installation on RPM-based systems, such as CentOS or Red Hat, run the following commands:

Copy
sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-<server_version>-repository_latest.rpm
sudo yum install graylog-enterprise

Edit the Configuration File

Read the instructions within the configuration file and edit as needed. The configuration file is at /etc/graylog/server/server.conf. Additionally, add password_secret and root_password_sha2, as these are mandatory, and Graylog will not start without them.

To create your root_password_sha2, run the following command:

Copy
echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1

To connect to Graylog, set https_bind_address to the public host name or a public IP address for the machine to which you can connect. Find more information about these settings in configuring the web interface.

HintIf you are operating a single-node setup, and you would like to use for the Graylog web interface and the Graylog REST API, use NGINX or Apache as a reverse proxy.

Starting Graylog

Start Graylog with the command based on your operating system below.

OS

Init System

Command

RedHat/CentOS/AlmaLinux/Rocky Linux 7-9

systemd

sudo systemctl start graylog-server

Debian 10 & 11, Ubuntu 20.04, 22.04

systemd

sudo systemctl start graylog-server

The packages are configured to not start any Graylog services during boot. You can use the following commands to start Graylog when the operating system boots up:

OS

Init System

Command

RedHat/CentOS/AlmaLinux/Rocky Linux 7-9

systemd

sudo systemctl enable graylog-server

Debian 10 & 11, Ubuntu 20.04, 22.04

systemd

sudo systemctl enable graylog-server

Cluster Setup

If you run a Graylog cluster, add the enterprise plugins to every Graylog node. Your load balancer must route /api/plugins/org.graylog.plugins.archive/ only to the Graylog master node. Future versions of Graylog will automatically forward these requests to the correct node.

Update Graylog Operations