How to run Graylog on Ubuntu Server in Hyper-V

I wanted to set up Graylog log management tool on an Ubuntu Server running in Hyper-V. It has been a while since the last time I did this, and couple of things have changed…

Introduction

Graylog is a log management tool that I first discovered a couple of years ago. I appreciate logging and monitoring while developing software for both capturing errors and seeing if anyone is actually using/testing the features you implemented. Having a centralized log management tool is very convenient to have an entire team aware of what is going on in software projects. Graylog is easy to set up and it has a nice dashboard with a powerful way of querying logs.

When I first set up Graylog it was called Graylog2 and it was still in pre-release phase. I knew I want to run an Ubuntu Server instance in an Azure VM. Since I’m a windows developer, setting up all the dependencies through bash is not something I enjoy, but luckily I found a cool script by @mrlesmithjr on his blog. The process was pretty straightforward, and in couple of minutes I had Graylog2 running in an Azure VM. After that, all I had to was open the correct port and add GELF log4net provider to my project, and logs started streaming in.

Two years later, or now, I wanted to do the same thing, but of course the new versions of Graylog and its dependencies came out. So in order to run the latest and greatest I went back to the script I used the first time. Unfortunately, the author stopped the maintenance because he switched to a different way of managing software tools - using Ansible. This is not something I am interested investing in at the moment. All I wanted was a Graylog server on my Hyper-V VM. How hard can that be?

Graylog running in Hyper-V

When you go to the Graylog’s download page you get a number of options to choose from. But if you are a .NET developer you’ll see a lot of things you have never heard of. Feel free to explore a bit because you never know what you might find interesting. But to proceed with the mission of running Graylog in Hyper-V, OVA is what you want.

OVA is an open standard for distributing virtual appliances. When you click the link on Graylog’s download page, you’ll see more details on how to use it inside VirtualBox. You will also need to download VirtualBox in order to create a .VHD disk image that you will use in Hyper-V.

Quick google search showed me how to get from .OVA to .VHD. You should rename the .OVA extension to .TAR and extract the archive in a folder (e.g. C:\vm).

After that just run the following command to get the .VHD disk image.

1
C:\Program Files\Oracle\VirtualBox>VBoxManage.exe clonehd --format vhd C:\vm\graylog-disk1.vmdk C:\vm\graylog.vhd

As a final step all you need to do is create a new Virtual Machine in Hyper-V, and attach the .VHD file. Make sure your VM has enough RAM (4GB is recommended).

Conclusion

To recap:

  1. Download Graylog
  2. Download VirtualBox
  3. Rename extension .OVA to .TAR and extract to C:\vm
  4. Run C:\Program Files\Oracle\VirtualBox>VBoxManage.exe clonehd –format vhd C:\vm\graylog-disk1.vmdk C:\vm\graylog.vhd
  5. Create a VM with 4GB of RAM in Hyper-V and attach .VHD that you created