Setup

Updated on 24 May 2022
2 Minutes to read

Print
Share
Dark

Light

Graylog Operations comes as a single package that includes Graylog Server and the following plugins:

Operations plugin
Integrations plugin
Operations Integrations plugin

If you’re already running an open source instance, you can install these plugins separately to convert it to an Operations instance.

Requirements

Warning

We caution you not to install or upgrade Elasticsearch to 7.11 and later! It is not supported. If you do so, it will break your instance!

Graylog Operations has the following prerequisites:

Some modern Linux distribution (Debian Linux, Ubuntu Linux, or CentOS recommended)
Elasticsearch 6.8, 7.7 up to 7.10
MongoDB 3.6, 4.0, 4.2 or 4.4
Oracle Java SE 8 (OpenJDK 8 also works; latest stable update is recommended)

Installation

DEB / APT

For installation on apt-based systems (such as Debian or Ubuntu), run the following commands:

sudo apt-get install apt-transport-https
wget https://packages.graylog2.org/repo/packages/graylog-<server_version>-repository_latest.deb
sudo dpkg -i graylog-<server_version>-repository_latest.deb
sudo apt-get update
sudo apt-get install graylog-enterprise

RPM / YUM / DNF

For installation on rpm-based systems (such as CentOS or Redhat), run the following commands:

sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-<server_version>-repository_latest.rpm
sudo yum install graylog-enterprise

Edit the Configuration File

Read the instructions within the configuration file and edit as needed. It is located at: /etc/graylog/server/server.conf. Additionally add password_secretand root_password_sha2
as these are mandatory and Graylog will not start without them .

To create your root_password_sha2run the following command:

echo -n "Enter Password: " &amp;&amp; head -1 &lt;/dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1

To be able to connect to Graylog you should set http_bind_addressto the public host name or a public IP address of the machine you can connect to. More information about these settings can be found in Configuring the web interface.

Note

If you’re operating a single-node setup and would like to use HTTPS for the Graylog web interface and the Graylog REST API, it’s possible to use NGINX or Apache as a reverse proxy.

Starting Graylog

Graylog can be started with the following commands. Make sure to use the correct command for your operating system.

OS	Init System	Command
CentOS 6	SysV	`sudo service graylog-server start`
CentOS 7, 8	systemd	`sudo systemctl start graylog-server`
Debian 7	SysV	`sudo service graylog-server start`
Debian 8 & 9, Ubuntu 16.04, 18.04, 20.04	systemd	`sudo systemctl start graylog-server`

The packages are configured to not start any Graylog services during boot. You can use the following commands to start Graylog when the operating system is booting.

OS	Init System	Command
CentOS 6	SysV	`sudo update-rc.d graylog-server defaults 95 10`
CentOS 7, 8	systemd	`sudo systemctl enable graylog-server`
Debian 7	SysV	`sudo update-rc.d graylog-server defaults 95 10`
Debian 8 & 9, Ubuntu 16.06, 18.04, 20.04	systemd	`sudo systemctl enable graylog-server`

Cluster Setup

If you run a Graylog cluster you need to add the enterprise plugins to every Graylog node. Additionally your load-balancer must route /api/plugins/org.graylog.plugins.archive/only to the Graylog master node. Future versions of Graylog will forward these requests automatically to the correct node.

Update Graylog Operations

Was this article helpful?

What's Next

Update Enterprise

On this page

Requirements
Installation
Cluster Setup
Update Graylog Operations