Install Graylog

Install Java
Install MongoDB
Install Elastic Search giving the cluster name of graylog

Install Graylog:

cat > /tmp/graylog.list << EOF
deb https://packages.graylog2.org/repo/debian/ stable 2.3
EOF
 
sudo mv /tmp/graylog.list /etc/apt/sources.list.d/
 
wget -q -O - https://packages.graylog2.org/repo/debian/keyring.gpg | sudo apt-key add -
 
sudo apt-get update
 
sudo apt-get install -y pwgen authbind graylog-server
 
sudo systemctl daemon-reload
sudo systemctl enable graylog-server.service
 
sudo sed -i "s/password_secret =/password_secret = $(pwgen -N 1 -s 96)/g" /etc/graylog/server/server.conf
sudo sed -i "s/root_password_sha2 =/root_password_sha2 = $(echo -n password | shasum -a 256 | awk '{ print $1 }')/g" /etc/graylog/server/server.conf
 
sudo sed -i "s/#elasticsearch_max_time_per_index = 1d/elasticsearch_max_time_per_index = 1w/g" /etc/graylog/server/server.conf
sudo sed -i "s/elasticsearch_max_number_of_indices = 20/elasticsearch_max_number_of_indices = 8/g" /etc/graylog/server/server.conf
 
sudo swapoff -a
 
sudo systemctl start graylog-server.service

Install Web Server

Lastly, configure NGINX to be a reverse proxy for Graylog:

cat >> /tmp/graylog << EOF
server
{
  listen      80 default_server;
  listen      [::]:80 default_server ipv6only=on;
  server_name $(hostname -f);
 
  location /
  {
        proxy_set_header    Host \$http_host;
        proxy_set_header    X-Forwarded-Host \$host;
        proxy_set_header    X-Forwarded-Server \$host;
        proxy_set_header    X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header    X-Graylog-Server-URL http://$(hostname -f)/api;
        proxy_pass          http://127.0.0.1:9000;
  }
}
EOF
 
sudo mv /tmp/graylog /etc/nginx/sites-available/
sudo rm /etc/nginx/sites-enabled/default
sudo ln -s /etc/nginx/sites-available/graylog /etc/nginx/sites-enabled/graylog
 
sudo service nginx reload