How to Install Graylog2 on Ubuntu 12.04 LTS

Written by  Mick Pollard (@aussielunix)
Totally revamped by Ola Ekegren (@olaekegren)



Graylog2 is made up of a few different FOSS projects along with some homegrown stuff and brings them all together to give you lasers for your viewing pleasure !
You should be able to copypasta the below steps in a few minutes and end up with a working graylog2 0.10.0 (RC3/4) setup.

This is not intended to be used as is for deploying Graylog2 in a production environment but should give you enough help to get up and running quickly for evaluation purposes or a great starting point to your own deployment.

I have made some assumptions below:

  • You are running on Ubuntu 12.04 (Precise Pangolin) amd64
  •  It is a minimal install with only _openssh server_ selected
  • All of these separate components will be installed to a single VM/server
  •  You have super powers (sudo)
  • mongodb authentication is switched off  (This is off by default. You can choose to which way you want to go but for the purpose of evaluation leaving it off is easiest)



Mongodb is installed from the [10Gen repo]

The Elasticsearch [DEB]
( is uploaded to aussielunix PPA for convenience.

The Graylog2 packages used in this howto are produced by aussielunix and are signed by hes gpg key [D77A4DCC]

The packages were built using [fpm]
and [fpm-cookery]
and the package sources are [available]


These packages contain a couple of very small patches outlined below.

  • graylog2-web/config/mongoid.yml – hard code details for production – without any authentication
  • graylog2-declarative_authorization-0.5.2 – see
  • graylog2-server/graylog2.conf – set _mongodb_useauth = false_


Making it so

Add the 10gen & aussielunix APT repo and keys to use them.

echo 'deb precise main preview' | sudo tee /etc/apt/sources.list.d/aussielunix.list
echo "deb dist 10gen" | sudo tee -a /etc/apt/sources.list.d/10gen.list
sudo apt-key adv --keyserver --recv D77A4DCC
sudo apt-key adv --keyserver --recv 7F0CEB10
sudo apt-get update


Check if you have ruby installed

ruby -v

If you have a ruby version lover then 1.9 installed remove it with

sudo apt-get purge ruby1.8

Install ruby1.9.3 and bundler

sudo apt-get install ruby1.9.3
sudo gem install bundler

Then install half of the internet

sudo apt-get install mongodb-10gen elasticsearch graylog2-server graylog2-web

Tune some config files

sudo sed -i -e 's/# elasticsearch/ graylog2/' /etc/elasticsearch/elasticsearch.yml



Review and possibly tune some other config files

edit this with your favorite editor all files are fine by default exept general.yml that you need to change ”external_hostname:”


Start things up in order: elasticsearch, mongodb, graylog2-server

sudo service elasticsearch restart
sudo service mongodb restart
sudo service graylog2-server restart

Configure the local rsyslog server to talk to graylog2.

echo "*.* @localhost" | sudo tee -a /etc/rsyslog.d/30-graylog2.conf
sudo service rsyslog restart

Now you should start up graylog2-web. This is a rails application and can be run under any rack capable web server.
For testing, rails has a built in webserver called webrick, and this is what we will use for now.
I will leave it as an exercise for the reader to research how to run graylog2-web under their favourite webserver.


To run graylog2-web using the built in webrick:

sudo -u graylog2-web -i
script/rails server -e production

Browse to `http://hostname:3000` to test it out!

Hen you are done testing and happy how it works, exit with Ctrl-C and type ”exit”  to exit out from the graylog2-web user.


Now, lets add it to mod_passenger and apache2

sudo apt-get install apache2 build-essential libcurl4-openssl-dev libssl-dev zlib1g-dev apache2-prefork-dev libapr1-dev libaprutil1-dev
sudo gem install passenger
cd /var/lib/gems/1.9.1/gems/passenger-4.0.10/bin/     (version number can differ)
sudo ./passenger-install-apache2-module

When it’s done it shows something like this:

The Apache 2 module was successfully installed.
Please edit your Apache configuration file, and add these lines:
LoadModule passenger_module /var/lib/gems/1.9.1/gems/passenger-4.0.10/buildout/apache2/
 PassengerRoot /var/lib/gems/1.9.1/gems/passenger-4.0.10
 PassengerDefaultRuby /usr/bin/ruby1.9.1
After you restart Apache, you are ready to deploy any number of Ruby on Rails
applications on Apache, without any further Ruby on Rails-specific
Press ENTER to continue.

Remember those lines because you going to need it when you creating a config file for apache below.

Create the file /etc/apache2/conf.d/graylog2.conf and add with your favorite editor

LoadModule passenger_module /var/lib/gems/1.9.1/gems/passenger-4.0.10/buildout/apache2/
 PassengerRoot /var/lib/gems/1.9.1/gems/passenger-4.0.10
 PassengerDefaultRuby /usr/bin/ruby1.9.1
<VirtualHost *:80>
 # !!! Be sure to point DocumentRoot to 'public'!
 DocumentRoot /usr/share/graylog2-web/public
 <Directory /usr/share/graylog2-web/public>
  # This relaxes Apache security settings.
  AllowOverride all
  # MultiViews must be turned off.
  Options -MultiViews

Restart apache2

sudo service apache2 restart


Your all done!

Lämna ett svar