Default file locations

Updated on 15 Jun 2022
1 Minute to read

Print
Share
Dark

Light

Each installation flavor of Graylog will place configuration files into a specific location on the local files system. The goal of this section is to provide a short overview about the most common and most important default file locations.

DEB package

This paragraph covers Graylog installations on Ubuntu Linux, Debian Linux, and Debian derivates installed with the DEB package.

Graylog

	File system path
Configuration	`/etc/graylog/server/server.conf`
Logging configuration	`/etc/graylog/server/log4j2.xml`
Plugins	`/usr/share/graylog-server/plugin`
Binaries	`/usr/share/graylog-server/bin`
Scripts	`/usr/share/graylog-server/scripts`
JVM settings	`/etc/default/graylog-server`
Message journal files	`/var/lib/graylog-server/journal`
Log Files	`/var/log/graylog-server/`

Elasticsearch

Note

These are the most common file locations only. Please refer to the Elasticsearch documentation for a comprehensive list of default file locations.

	File system path
Configuration	`/etc/elasticsearch`
JVM settings	`/etc/default/elasticsearch`
Data files	`/var/lib/elasticsearch/data`
Log files	`/var/log/elasticsearch/`

MongoDB

	File system path
Configuration	`/etc/mongod.conf`
Data files	`/var/lib/mongodb/`
Log files	`/var/log/mongodb/`

RPM package

This covers Graylog installations on Fedora Linux, Red Hat Enterprise Linux, CentOS Linux, and other Red Hat Linux derivates installed within the RPM package.

Graylog

	File system path
Configuration	`/etc/graylog/server/server.conf`
Logging configuration	`/etc/graylog/server/log4j2.xml`
Plugins	`/usr/share/graylog-server/plugin`
Binaries	`/usr/share/graylog-server/bin`
Scripts	`/usr/share/graylog-server/scripts`
JVM settings	`/etc/sysconfig/graylog-server`
Message journal files	`/var/lib/graylog-server/journal`
Log Files	`/var/log/graylog-server/`

Elasticsearch

Note

These are only the most common file locations. Please refer to the Elasticsearch documentation for a comprehensive list of default file locations.

	File system path
Configuration	`/etc/elasticsearch`
JVM settings	`/etc/sysconfig/elasticsearch`
Data files	`/var/lib/elasticsearch/`
Log files	`/var/log/elasticsearch/`

MongoDB

	File system path
Configuration	`/etc/mongod.conf`
Data files	`/var/lib/mongodb/`
Log files	`/var/log/mongodb/`

Default Files for Forwarder Installation (RPM and DEB)

	File system path
Configuration	`/etc/graylog/forwarder/forwarder.conf`
Message journal files	`/var/lib/graylog-forwarder/data`
JVM settings	`/etc/graylog/forwarder/jvm.options`
Logging settings	`/etc/graylog/forwarder/log4j2.xml`

For more information please refer to the Forwarder.

Was this article helpful?

What's Next

Graylog REST API

On this page

DEB package
RPM package
Default Files for Forwarder Installation (RPM and DEB)