Install latest Graylog on CentOS 7


Follow through this guide to learn how to install latest Graylog on CentOS 7. Graylog is a leading open-source log management tool that provides real time collection, storage, analysis and enrichment of machine data. It makes it easy to search, explore and visualize on the analysed data.

Install latest Graylog on CentOS 7

As of this writing, the Graylog 3.2.4 is the latest stable release.

To install Graylog 3.2.4 on CentOS 7, there are a number of other components that needs to be installed along with it in order to get it up and running. These include;

  • MongoDB – Graylog uses MongoDB to store configuration metadata such as such as user information or stream configurations.
  • Elasticsearch – Is a search analytics engine that provides Graylog with a central log data storage. You can search any kind of document from Elasticsearch.

These components should be installed before installing Graylog on CentOS 7.

Run system update

yum update -y

Disabling SELinux

While I do not recommend disabling SELinux, since this guide is for demonstration purposes, SELinux is disabled. Note that a reboot is required to effect the changes.

sed -i 's/=enforcing/=disabled/g' /etc/selinux/config
systemctl reboot

According to Graylog, if you are using SELinux, consider doing the following;

  • Allow the web server to access the network:
    sudo setsebool -P httpd_can_network_connect 1
  • To allow access to each port individually:
    • Graylog REST API and web interface:
      sudo semanage port -a -t http_port_t -p tcp 9000
    • Elasticsearch (only if the HTTP API is being used):
      sudo semanage port -a -t http_port_t -p tcp 9200
  • Allow using MongoDB’s default port (27017/tcp):
    sudo semanage port -a -t mongod_port_t -p tcp 27017

You can install policycoreutils-python package installed to manage SELinux.

yum install policycoreutils-python

Install MongoDB on CentOS 7

Create MongoDB YUM repository.

cat > /etc/yum.repos.d/mongodb-org.repo << 'EOL'
name=MongoDB Repository

Once the repos are in place, install MongoDB.

yum install mongodb-org

You can also check our other guide on installing MongoDB on CentOS 8;

Install MongoDB Community Edition on CentOS 8

 Start MongoDB and enable it to run on boot.

systemctl daemon-reload
systemctl enable --now mongod.service

Checking the status;

systemctl status mongod
● mongod.service - MongoDB Database Server
   Loaded: loaded (/usr/lib/systemd/system/mongod.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2020-04-01 22:08:56 EAT; 13min ago
 Main PID: 1449 (mongod)
   CGroup: /system.slice/mongod.service
           └─1449 /usr/bin/mongod -f /etc/mongod.conf

Apr 01 22:08:55 systemd[1]: Starting MongoDB Database Server...
Apr 01 22:08:55 mongod[1446]: about to fork child process, waiting until server is ready for connections.
Apr 01 22:08:55 mongod[1446]: forked process: 1449
Apr 01 22:08:56 mongod[1446]: child process started successfully, parent exiting
Apr 01 22:08:56 systemd[1]: Started MongoDB Database Server.

Install Elasticsearch 6.x on CentOS 7

Graylog doesn’t work with Elasticsearch 7.x yet. Hence install Elasticsearch 6.x.

Install Java 8 on CentOS 7

Elasticsearch is built using Java, and requires at least Java 8 in order to run. Hence, before you can install Elasticsearch, you need to install Java 8.

yum install java-1.8.0-openjdk-headless

You can verify Java Version using the java -version command.

java -version
openjdk version "1.8.0_212"
OpenJDK Runtime Environment (build 1.8.0_212-b04)
OpenJDK 64-Bit Server VM (build 25.212-b04, mixed mode)

You can also check our other guides on installing Java.

Install Oracle Java 12 on CentOS 7/Fedora 29

Install Oracle Java 11 on Fedora 29/CentOS 7

Install Elasticsearch 6.x

Create Elasticsearch 6.x YUM repository.

cat > /etc/yum.repos.d/elasticsearc-6.repo << EOL
name=Elasticsearch repository for 6.x packages

Import Elasticsearch PGP repo signing key.

rpm --import

Install Elasticsearch 6.x

yum install elasticsearch

Configure Elasticsearch

In its basic configuration,edit Elasticsearch configuration file, /etc/elasticsearch/elasticsearch.yml and set cluster name to graylog.

vim /etc/elasticsearch/elasticsearch.yml
# ---------------------------------- Cluster -----------------------------------
# Use a descriptive name for your cluster:
# graylog

Save and quit the configuration file.

Also, set Elasticsearch heap size by editing the file, /etc/elasticsearch/jvm.options, and setting the values for Xms (minimum heap size) and Xmx (maximum heap size) based on the amount of RAM available on your server. In this demo, we set it to 512MB.

vim /etc/elasticsearch/jvm.options
# Xms represents the initial size of total heap space
# Xmx represents the maximum size of total heap space


Save and exit the file.

Restart Elasticsearch and enable it to run on system boot.

sudo systemctl daemon-reload
systemctl enable --now elasticsearch

To verify that all is well with Elasticsearch, run the command below after it has fully started.

curl -X GET http://localhost:9200
  "name" : "UgS10LT",
  "cluster_name" : "graylog",
  "cluster_uuid" : "L4zXgLruSJOx7QaDHbcDPQ",
  "version" : {
    "number" : "6.8.8",
    "build_flavor" : "default",
    "build_type" : "rpm",
    "build_hash" : "2f4c224",
    "build_date" : "2020-03-18T23:22:18.622755Z",
    "build_snapshot" : false,
    "lucene_version" : "7.7.2",
    "minimum_wire_compatibility_version" : "5.6.0",
    "minimum_index_compatibility_version" : "5.0.0"
  "tagline" : "You Know, for Search"

Installing latest Graylog (3.2.4) on CentOS 7

Once both MongoDB and Elasticsearch are installed, proceed to install Graylog 3.2.4 on CentOS 7.

Add Graylog 3.2.x RPM repository

Run the command below to install Graylog 3.2.x RPM repository.

rpm -Uvh

Install Graylog 3.2.4

You can verify the available version.

yum info graylog-server
Available Packages
Name : graylog-server
Arch : noarch
Version : 3.2.4
Release : 1
Size : 117 M
Repo : graylog/x86_64
Summary : Graylog server
License : GPLv3
Description : Graylog server

Next, install Graylog 3.2.4 server.

yum install graylog-server
Dependencies Resolved

 Package                                  Arch                             Version                             Repository                         Size
 graylog-server                           noarch                           3.2.4-1                             graylog                           117 M

Transaction Summary
Install  1 Package

Total download size: 117 M
Installed size: 117 M
Is this ok [y/d/N]: y

Configuring Graylog on CentOS 7

There are a few basic configurations that needs to be done. These include setting the password secret and the root user (admin) password hash.

To generate password secret, you can use the pwgen random password generator. To install pwgen, run the command below;

yum install epel-release
yum install pwgen

Next, generate the password secret by running the pwgen as shown below.

pwgen -N 1 -s 96

To generate admin user password hash run the command below replacing the string, YouStrongPAsswordhere, accordingly.

echo -n "YouStrongPAsswordhere" | sha256sum | cut -d" " -f1

Next, open the Graylog server configuration file for editing.

vim /etc/graylog/server/server.conf
password_secret = nfkjDdTJCjfQOoRIJMHz0VCeKshJV2dncP9dJVW8m593BCsOjw58fHosjbmfX6KIvr1kNuecA53YgJ8u8HHDpTTvLnTOj36F
root_password_sha2 = f7d3685715939842749dd27b38d0ddb9706d4e4445304ef9eee093780eab5df8

If you need to publicly access Graylog, set the correct IP address for Graylog server for the http_bind_address parameter.

# Default:
#http_bind_address =
#http_bind_address = [2001:db8::1]:9000
http_bind_address =

If you are running a single node Elasticsearch, be sure to set the value for elasticsearch_shards to 1.

#elasticsearch_shards = 4
elasticsearch_shards = 1

If firewalld is running, be sure to open TCP port 9000 to allow external access.

firewall-cmd --add-port=9000/tcp --permanent
firewall-cmd --reload

In its basic settings, that is just is about Graylog configuration.

Running Graylog

Run the commands below to start and enable Graylog server to run on system reboot.

systemctl enable --now graylog-server

Access Graylog Web Interface

Now that Graylog server is running, you can access it via the browser using the address: http://<server-IP_server_hostname>:9000.

The default username is admin and the password is the one generated above.

Install latest Graylog on CentOS 7

Upon successful login, you get to Graylog Server dashboard with steps on how to ingest data into Graylog outlined. Click Dismiss guide to close the guide.

Install latest Graylog on CentOS 7

Fantastic!! Latest Graylog is up and running on your CentOS 7 server. That brings us to the end of our guide on how to install latest Graylog on CentOS 7.


Installing Graylog

Related Tutorials

Monitor Squid Access Logs with Graylog Server

Create Squid Logs Extractors on Graylog Server

Monitor Squid logs with Grafana and Graylog

Install Prometheus Node Exporter on CentOS 8


We're passionate about sharing our knowledge and experiences with you through our blog. If you appreciate our efforts, consider buying us a virtual coffee. Your support keeps us motivated and enables us to continually improve, ensuring that we can provide you with the best content possible. Thank you for being a coffee-fueled champion of our work!

Photo of author
I am the Co-founder of, Linux and the whole FOSS enthusiast, Linux System Admin and a Blue Teamer who loves to share technological tips and hacks with others as a way of sharing knowledge as: "In vain have you acquired knowledge if you have not imparted it to others".

Leave a Comment