How To Install Graylog on RHEL / CentOS / Oracle / Rocky / AlmaLinux 8

An open-source log management solution called Graylog enables you to gather, store, and examine computer logs in one place.

This guide takes you through the installation of Graylog with Elasticsearch. More information can be found on Graylog Official website HERE!


1.   Install EPEL Repository

      #   yum install -y epel-release

2.    Install additional packages

      #    yum install -y java-11-openjdk java-11-openjdk-devel
      #    yum install -y pwgen wget curl perl-Digest-SHA

3.  Install Elasticsearch

Elasticsearch is an open-source, distributed real-time search and analytics engine that is versatile and strong. Java is the programming language used to create Elasticsearch. More information can be found on Elasticsearch Official website

     i) Install Java

      #     yum install -y java-11-openjdk java-11-openjdk-devel

     ii) Configure Elasticsearch yum repository

      #    rpm –import
      #    cd /etc/yum.repos.d/
      #    vi elasticsearch.repo

Copy paste below content into the file.

     name=Elasticsearch repository for 8.x packages

     iii) Install Elasticsearch

      #    yum install –enablerepo=elasticsearch elasticsearch

If you have issue with yum install, you can download and install the packages manually:

      #    cd /tmp
      #    wget
      #    wget
      #    shasum -a 512 -c elasticsearch-8.2.3-x86_64.rpm.sha512
      #    rpm –install elasticsearch-8.2.3-x86_64.rpm

     iv) Start and enable elastic search service:

      #    systemctl daemon-reload
      #    systemctl enable elasticsearch
      #    systemctl start elasticsearch
      #    systemctl status elasticsearch

Elasticsearch is now installed on your machine: You can view configuration using command below:

      #    curl -X GET “localhost:9200/?pretty”

4.  Configure Elasticsearch for Graylog

Modify the Elasticsearch configuration file (/etc/elasticsearch/elasticsearch.yml) and set the cluster name to graylog and uncomment action.auto_create_index: false to enable the action:

      #    tee -a /etc/elasticsearch/elasticsearch.yml > /dev/null < graylog
action.auto_create_index: false

5.   Restart Elasticsearch service

      #    systemctl restart elasticsearch

6.  Install MongoDB Community Edition

A NoSQL database program based on documents is called MongoDB. It permits data to be saved in various ways in various documents, unlike MySQL. The data format is flexible and allows for different fields in various texts.
More information can be found on the official MongoDB website

     i) Add MongoDB Repository

      #     /etc/yum.repos.d/mongodb-org-5.0.repo

Add the following content into the file:

name=MongoDB Repository

     ii) Install MongoDB

      #    yum install -y mongodb-org

     iii) Start and enable MongoDB

      #    systemctl daemon-reload
      #    systemctl enable mongod.service
      #    systemctl start mongod.service
      #    systemctl status mongod.service

MongoDB is now installed in your server.

NOTE: If you have issue with yum, you can also download the .rpm files directly from the official website HERE

For quick start and tutorials, kindly use the MongoDB Tutorials

7)  Configure GrayLog yum repository.

      #    rpm -Uvh

8)  Install GrayLog

      #    yum install -y graylog-server graylog-enterprise-plugins graylog-integrations-plugins graylog-enterprise-integrations-plugins

9)  Edit the GrayLog Configuration File

First, create a password hash

      #    echo -n “Enter Password: ” && head -1 </dev/stdin | tr -d ‘\n’ | sha256sum | cut -d” ” -f1

Copy the hash generate above for your password.

Open and edit the Graylog config file

      #     vi /etc/graylog/server/server.conf

Edit below parameters

http_bind_address =
password_secret = <YourPasswordHash>
root_password_sha2 = <YourPasswordHash>

10)  Enable and start Graylog service:

      #    systemctl daemon-reload
      #    systemctl enable graylog-server.service
      #    systemctl start graylog-server.service
      #    systemctl status graylog-server.service

11)  Open firewall ports:

      #    firewall-cmd –add-port={9000/tcp,9200/tcp,27017/tcp,80/tcp,514/udp} –permanent

You have installed Graylog server. You can access it using the URL http://serverip-or-hostname:9000/

IMPORTANT: If you using SELinux, Kindly consider running the commands below

      #   setsebool -P httpd_can_network_connect 1
      #  semanage port -a -t http_port_t -p tcp 9000
      #  semanage port -a -t http_port_t -p tcp 9200
      #  semanage port -a -t mongod_port_t -p tcp 27017

For Quick Start and Usage tutorials kindly get it HERE


Leave a reply

Your email address will not be published. Required fields are marked *


©2023 ZMATECH: Innovative solutions for your IT challenges.


We're not around right now. But you can send us an email and we'll get back to you, asap.


Log in with your credentials

Forgot your details?