Setup
Graylog Enterprise comes as a single package that includes Graylog Server and the following plugins:
- Enterprise plugin
- Integrations plugin
- Enterprise Integrations plugin
If youβre already running an open source instance, you can install these plugins separately to convert it to an Enterprise instance.
Requirementsβ
Warning
We caution you not to install or upgrade Elasticsearch to 7.11 and later! It is not supported. If you do so, it will break your instance!
Graylog Enterprise has the following prerequisites:
- Some modern Linux distribution (Debian Linux, Ubuntu Linux, or CentOS recommended)
- Elasticsearch 6.8, 7.7 up to 7.10
- MongoDB 3.6, 4.0, 4.2 or 4.4
- Oracle Java SE 8 (OpenJDK 8 also works; latest stable update is recommended)
Installationβ
DEB / APTβ
For installation on apt-based systems (such as Debian or Ubuntu), run the following commands:
$ sudo apt-get install apt-transport-https
$ wget https://packages.graylog2.org/repo/packages/graylog-4.1-repository_latest.deb
$ sudo dpkg -i graylog-4.1-repository_latest.deb
$ sudo apt-get update
$ sudo apt-get install graylog-enterprise
RPM / YUM / DNFβ
For installation on rpm-based systems (such as CentOS or Redhat), run the following commands:
$ sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-4.1-repository_latest.rpm
$ sudo yum install graylog-enterprise
Edit the Configuration Fileβ
Read the instructions within the configuration file and edit as needed. It is located at: /etc/graylog/server/server.conf. Additionally add password_secretand root_password_sha2
as these are mandatory and Graylog will not start without them .
To create your root_password_sha2run the following command:
$ echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
To be able to connect to Graylog you should set http_bind_addressto the public host name or a public IP address of the machine you can connect to. More information about these settings can be found in Configuring the web interface.
Note
If youβre operating a single-node setup and would like to use HTTPS for the Graylog web interface and the Graylog REST API, itβs possible to use NGINX or Apache as a reverse proxy.
Starting Graylogβ
Graylog can be started with the following commands. Make sure to use the correct command for your operating system.
| OS | Init System | Command |
|---|---|---|
| CentOS 6 | SysV | sudo service graylog-server start |
| CentOS 7, 8 | systemd | sudo systemctl start graylog-server |
| Debian 7 | SysV | sudo service graylog-server start |
| Debian 8 & 9, Ubuntu 16.04, 18.04, 20.04 | systemd | sudo systemctl start graylog-server |
The packages are configured to not start any Graylog services during boot. You can use the following commands to start Graylog when the operating system is booting.
| OS | Init System | Command |
|---|---|---|
| CentOS 6 | SysV | sudo update-rc.d graylog-server defaults 95 10 |
| CentOS 7, 8 | systemd | sudo systemctl enable graylog-server |
| Debian 7 | SysV | sudo update-rc.d graylog-server defaults 95 10 |
| Debian 8 & 9, Ubuntu 16.06, 18.04, 20.04 | systemd | sudo systemctl enable graylog-server |
Cluster Setupβ
If you run a Graylog cluster you need to add the enterprise plugins to every Graylog node. Additionally your load-balancer must route /api/plugins/org.graylog.plugins.archive/only to the Graylog master node. Future versions of Graylog will forward these requests automatically to the correct node.