Graylog2-server is an open-source log management platform that enables centralized collection, analysis, and visualization of machine data for enhanced security operations.
Free and open log management
Graylog2-server is primarily used by security analysts and IT operations teams to aggregate and analyze logs from various sources in real time, helping detect security incidents and operational issues. It serves as a scalable SIEM tool that facilitates log correlation, alerting, and dashboarding to improve incident response and compliance monitoring.
Ensure that Elasticsearch and MongoDB versions are compatible with the Graylog2-server version used. Properly secure the Graylog web interface and APIs with strong authentication and role-based access control to prevent unauthorized access. Regularly update the tool to benefit from security patches and new features.
Download the latest Graylog2-server release from the official website or GitHub releases.
Install Java 8 or higher as a prerequisite.
Install and configure MongoDB for metadata storage.
Install and configure Elasticsearch for log data indexing.
Extract the Graylog2-server package to the desired directory.
Edit the graylog.conf configuration file to set up server parameters and connections.
Start the Elasticsearch and MongoDB services.
Launch Graylog2-server using the provided startup script.
Access the Graylog web interface via the configured port in a browser.
Configure inputs to start ingesting logs from various sources.graylogctl start
Starts the Graylog server service.
graylogctl stop
Stops the Graylog server service.
graylogctl status
Displays the current status of the Graylog server.
graylogctl restart
Restarts the Graylog server service.
curl -XPOST 'http://localhost:9000/api/system/inputs' -H 'Content-Type: application/json' -d '{"title":"Syslog UDP","type":"org.graylog2.inputs.syslog.udp.SyslogUDPInput","configuration":{"port":514}}'
Creates a new Syslog UDP input to start receiving syslog messages on port 514.