Forwarder Installation

Introduction

The Forwarder is distributed in similar packaging and installation methods as the Graylog server. You can choose between operating system packages, docker, and binary tar installation methods for the Forwarder. Each installation method is described below in more detail.

Binary Installation

The binary installation can be performed by downloading the binaries and manually installing them on disk.

The latest Forwarder binaries can be obtained from the Downloads page by choosing the TGZ option.

Operating System Package Installation

The most common installation method is to use the Linux operating system packages. You can choose from DEB and RPM. If either of those tools is your method, be sure Java is available on your operating system. In addition, be sure to have access to a TLS certificate and an API token generated from Graylog.

Install via DEB

  1. Download the DEB package:

    $ sudo apt-get install apt-transport-https
    $ wget https://packages.graylog2.org/repo/packages/graylog-forwarder-repository_1-2_all.deb
    $ sudo dpkg -i graylog-forwarder-repository_1-2_all.deb
    $ sudo apt-get update
    
  2. Install the package:

    $ sudo apt-get install graylog-forwarder
    
  3. Create the certificate and update the config file:

    $ sudo vi /etc/graylog/forwarder/forwarder.conf
    
  4. Start the service:

    $ sudo systemctl start graylog-forwarder.service
    

RPM Install Instructions

  1. Install the Graylog repository configuration:

    $ sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-forwarder-repository-1-2.noarch.rpm
    
  2. Install the graylog-forwarder package:

    $ sudo yum install graylog-forwarder
    
  3. Create the certificate and update the configuration file:

    $ sudo vi /etc/graylog/forwarder/forwarder.conf
    
  4. Start the service:

    $ sudo systemctl start graylog-forwarder.service
    

Docker Installation

Additionally, your Forwarder is available as a Docker image. Regardless of your installation method, you’re required to create a digital certificate to ensure better security. The forwarder is also available as a docker image. To download the image, run the following command: docker pull graylog/graylog-forwarder:<release-version>.

To run the container, you will need to pass it the following environment variables:

$ GRAYLOG_FORWARDER_SERVER_HOSTNAME
$ GRAYLOG_FORWARDER_GRPC_API_TOKEN

You’ll also need to mount the certificate file as a volume. Here is an example command:

$ docker run -e GRAYLOG_FORWARDER_SERVER_HOSTNAME=ingest.<SERVER NAME> -e GRAYLOG_FORWARDER_GRPC_API_TOKEN=<INSERT_API_TOKEN_HERE> -v /path/to/cert/cert.pem:/etc/graylog/forwarder/cert.pem graylog/graylog-forwarder:<release-version>