In this guide, we will take you through the steps to Install Graylog on CentOS 8 / RHEL 8 with OpenSearch and MongoDB. Graylog is an open-source log management system that allows System Administrators/Developers to aggregate up to terabytes of log data, from multiple log sources. It is highly scalable to fit any Infrastructure.
Graylog comes with an intuitive UI, fast and powerful search feature, alerting and reporting. It lets you group systems into streams for ease of log searching and proper management. Graylog UI is simple and intuitive with complete user management and support for LDAP.
Similar articles: How To Forward Logs to Grafana Loki using Promtail
Graylog requires Java, OpenSearch, and MongoDB. OpenSearch is responsible for logs storage. We will begin with the installation of the dependencies then Graylog.
Note: This is a single server installation of Graylog on CentOS 8 / RHEL 8. For multi-cluster setup, consult official Graylog documentation.
1. Configure SELinux
If you’re using SELinux on your system, set the following settings:
sudo yum -y install curl vim policycoreutils python3-policycoreutils
sudo setsebool -P httpd_can_network_connect 1
sudo semanage port -a -t http_port_t -p tcp 9000
sudo semanage port -a -t http_port_t -p tcp 9200
sudo semanage port -a -t mongod_port_t -p tcp 27017
2. Install OpenSearch
Add OpenSearch repository:
sudo curl -SL https://artifacts.opensearch.org/releases/bundle/opensearch/2.x/opensearch-2.x.repo -o /etc/yum.repos.d/opensearch-2.x.repo
Then install OpenSearch:
sudo yum -y install vim opensearch
Configure OpenSearch for Graylog
You need to modify the OpenSearch configuration file and set the cluster name to graylog, Additionally, you need to uncomment (remove the # as first character) the line, and add action.auto_create_index: false
to the configuration file:
The file to edit is /etc/opensearch/opensearch.yml. Set below parameters
$ sudo vi /etc/opensearch/opensearch.yml
cluster.name: graylog
action.auto_create_index: false
node.name: ${HOSTNAME}
discovery.type: single-node
network.host: 0.0.0.0
plugins.security.disabled: true
Edit JVM options and update the Xms & Xmx settings with half of the installed system memory.
$ sudo vim /etc/opensearch/jvm.options
-Xms1g
-Xmx1g
If your system doesn’t have adequate memory you can adjust max and min ram values to 512MB.
-Xms512m
-Xmx512m
Update kernel parameters at runtime.
sudo sysctl -w vm.max_map_count=262144
echo 'vm.max_map_count=262144' >> sudo /etc/sysctl.conf
Start and enable OpenSearch service.
sudo systemctl daemon-reload
sudo systemctl enable --now opensearch
Confirm service status:
$ systemctl status opensearch
● opensearch.service - OpenSearch
Loaded: loaded (/usr/lib/systemd/system/opensearch.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2023-11-26 20:33:52 UTC; 6s ago
Docs: https://opensearch.org/
Main PID: 2461 (java)
Tasks: 59 (limit: 22612)
Memory: 1.2G
CGroup: /system.slice/opensearch.service
└─2461 /usr/share/opensearch/jdk/bin/java -Xshare:auto -Dopensearch.networkaddress.cache.ttl=60 -Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.he>
Nov 26 20:33:35 rocky8.mylab.io systemd[1]: Starting OpenSearch...
Nov 26 20:33:52 rocky8.mylab.io systemd[1]: Started OpenSearch.
The default OpenSearch file locations are:
File system path | |
---|---|
Configuration | /etc/opensearch |
JVM settings | /etc/opensearch/jvm.options |
Data files | /var/lib/opensearch |
Log files | /var/log/opensearch/ |
3. Install MongoDB on RHEL 8 / CentOS 8
MongoDB is used for storing Graylog related configurations. Add MongoDB 6.x repository.
sudo tee /etc/yum.repos.d/mongodb-org-6.0.repo<<EOF
[mongodb-org-6.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/\$releasever/mongodb-org/6.0/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-6.0.asc
EOF
Install MongoDB server into the system.
sudo yum install -y mongodb-org
Enable and start mongod service after the installation.
sudo systemctl enable --now mongod
MongoDB paths:
File system path | |
---|---|
Configuration | /etc/mongod.conf |
Data files | /var/lib/mongo/ |
Log files | /var/log/mongodb/ |
Status of the service should be running.
$ systemctl status mongod
● mongod.service - MongoDB Database Server
Loaded: loaded (/usr/lib/systemd/system/mongod.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2023-11-26 20:38:35 UTC; 56s ago
Docs: https://docs.mongodb.org/manual
Main PID: 3273 (mongod)
Memory: 72.8M
CGroup: /system.slice/mongod.service
└─3273 /usr/bin/mongod -f /etc/mongod.conf
Nov 26 20:38:35 rocky8.mylab.io systemd[1]: Started MongoDB Database Server.
Nov 26 20:38:35 rocky8.mylab.io mongod[3273]: {"t":{"$date":"2023-11-26T20:38:35.700Z"},"s":"I", "c":"CONTROL", "id":7484500, "ctx":"-","msg":"Environment variable MONGODB_CONFIG_OVERRIDE_NOFORK >
4. Install Graylog on RHEL 8 / CentOS 8
Now install the Graylog repository configuration:
sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-5.2-repository_latest.rpm
Graylog rpm packages are available on added repository.
sudo yum install graylog-server
I got version from the installation.
$ rpm -qi graylog-server
Name : graylog-server
Version : 5.2.1
Release : 1
Architecture: x86_64
Install Date: Sun 26 Nov 2023 08:42:16 PM UTC
Group : optional
Size : 389469927
License : SSPL
Signature : RSA/SHA256, Wed 15 Nov 2023 10:18:46 AM UTC, Key ID d44c1d8db1606f22
Source RPM : graylog-server-5.2.1-1.src.rpm
Build Date : Wed 15 Nov 2023 10:18:10 AM UTC
Build Host : ba6ba0df6a61
Relocations : /
Packager : Graylog, Inc. <[email protected]>
Vendor : graylog
URL : https://www.graylog.org/
Summary : Graylog server
You need to set add password_secret and root_password_sha2 variables under /etc/graylog/server/server.conf. These settings are mandatory and without them, Graylog will not start!
Use the following command to create your root_password_sha2
:
echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
Set generated value in root_password_sha2
$ sudo vi /etc/graylog/server/server.conf
root_username = admin
root_password_sha2 = <Sha2Passowrd>
Generate password_secret.
$ sudo yum -y install epel-release
$ sudo yum -y install pwgen
$ pwgen -N 1 -s 96
ny5eSSuHe03DWW7hGOGMPaVOlbBeZX48OqvTIO7J56rBwh0r99wB1bQwecjyID9S5XrCkzVcPBG0jLPcWiit1Vz1nPse6yBq
$ sudo vi /etc/graylog/server/server.conf
password_secret = ny5eSSuHe03DWW7hGOGMPaVOlbBeZX48OqvTIO7J56rBwh0r99wB1bQwecjyID9S5XrCkzVcPBG0jLPcWiit1Vz1nPse6yBq
To be able to connect to Graylog you should set http_bind_address
to the public host name or a public IP address of the machine you can connect to.
http_bind_address = 0.0.0.0:9000
Set the IP address of your OpenSearch server.
elasticsearch_hosts = http://127.0.0.1:9200
The last step is to enable Graylog during the operating system’s startup:
sudo systemctl daemon-reload
sudo systemctl enable --now graylog-server.service
Access Graylog dashboard on http://serverip_or_hostname:9000/

Login with username admin and root password set inside server.conf.

5. Configure Nginx Proxy (Optional)
We installed Graylog with OpenSearch on CentOS 8 / RHEL 8. Read next article on:
Then learn how to ingest messages into your Graylog and extract the messages with extractors or use the Pipelines to work with the messages.
Other interesting guides:
- Install Graylog Server on Debian with Let’s Encrypt
- Install and Configure NFS Server on CentOS 8 / RHEL 8
- How To Install Visual Studio Code On CentOS 8 / RHEL 8
- How to Install Jenkins on CentOS 8 / RHEL 8
Cannot login with generated root password.
What’s the error when trying to login?