Automate Graylog & Elasticsearch service


I have installed the .tgz of graylog & elasticsearch on a Raspberry Pi 4B in Ubuntu 20.04.2 LTS.
I have Graylog 4.x working with elasticsearch 7.x and mongodb 4.2.
Mongodb is starting automatically at each start of the raspberry because there is packages for arm in mongdb, so it’s working well.

It’s working well when i start them manually with the command :
./elasticsearch -d and ./graylogctl start

No problem i have graylog working well.

Now i just want to get this elasticsearch & graylog running automatically. I can’t always be on the raspberry, he has to work alone !

I don’t know if you can help me but i’m really in need!

HI @Veak
these are official systemd service unit files, which is used to start graylog and elasticsearch. Use it as a example.

  1. Create files /etc/systemd/system/graylog-server.service and /etc/systemd/system/elasticsearch.service.
  2. Update files for your environments, like paths in ExecStart parameter.
  3. Update systemd using command: sudo systemctl daemon-reload
  4. Enable services to start on startup: sudo systemctl enable graylog-server.service sudo systemctl enable elasticsearch.service
Description=Graylog server



# When a JVM receives a SIGTERM signal it exits with 143.

# Make sure stderr/stdout is captured in the systemd journal.





ExecStart=/usr/share/elasticsearch/bin/systemd-entrypoint -p ${PID_DIR}/ --quiet

# StandardOutput is configured to redirect to journalctl since
# some error messages may be logged in standard output before
# elasticsearch logging system is initialized. Elasticsearch
# stores its logs in /var/log/elasticsearch and does not use
# journalctl by default. If you also want to enable journalctl
# logging, you can simply remove the "quiet" option from ExecStart.

# Specifies the maximum file descriptor number that can be opened by this process

# Specifies the maximum number of processes

# Specifies the maximum size of virtual memory

# Specifies the maximum file size

# Disable timeout logic and wait until process is stopped

# SIGTERM signal is used to stop the Java process

# Send the signal only to the JVM rather than its control group

# Java process is never killed

# When a JVM receives a SIGTERM signal it exits with code 143

# Allow a slow startup before the systemd notifier module kicks in to extend the timeout


# Built for packages-7.10.2 (packages)

This screen is the configuration of the elasticsearch.service :

I did the steps that you told me.
As you can see, i have this error but i don’t know what am i supposed to do.
Do you have any idea?
Thank you very much

It’s hard to say, what’s wrong. But to start it correctly, you need to create user and group elastisearch, setup correct permissions for directories, create directory /var/run/elasticsearch for PID and so on.
Another problem is your missing parameter -p pid:
elasticsearch -d -p ${PID_DIR}/

Your changed directory is also wierd, you put all elasticsearch data to /etc direcotory, which is not a good idea I think.

Good example if how to install from tgz package to distribution should be Arch linux PKGBUILD.

Also check elasticsearch log for more error description.

So I might be wrong here, but you should be able to use the .deb packages to deploy Graylog (and Elasticsearch) since the packages are noarch. Those packages will contain all the systemd unit files and should just work ™️.

I tried to do what you said, but as you can see in the screen, there is the error from java again…
I would love to know how to make running this PKGBUILD on my raspberry (if it can make all the things working correctly). But i’ve never used it, so i don’t really know how to process. Even if i’ve just tried to watch on the internet how to use that i’m still lost…

I already tried to do it, but unfortunaly it’s not working because i’m on arm & not on amd…
I would really love to get a package on ARM made by Graylog to make all the things working properly…
(I already tried to say that on the github from your company) but it looks like that your developpers don’t want to do it… I don’t know why

Hi @Veak,
@aaronsachs has right.

You can use official steps to install elastic, mongo and graylog from apt repository using Ubuntu installation steps to Raspberry ARM64, only some minor changes is required. You don’t need to use tgz installation, so services will start on startup, no manual steps needed.

I’ve one spare Raspberry Pi 3, so I’ve sucessfuly tested and installed Elasticsearch 7.10.2, MongoDB 4.4 and Graylog 4.0 on Ubuntu server 20.04 ARM64 image.

I have followed official steps, and only changes these ones:

  1. MongoDB - I’ve changed repo for version 4.4 and Ubuntu 20.04
  • wget -qO - | sudo apt-key add -
  • echo "deb [ arch=amd64,arm64 ] focal/mongodb-org/4.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list
  • sudo apt-get update
  • sudo apt-get install -y mongodb-org
  • sudo systemctl start mongod
  1. Graylog - changed apt repo string in graylog.list, so it can install on arm64
  • wget
  • sudo dpkg -i graylog-4.0-repository_latest.deb
  • sudo vim /etc/apt/sources.list.d/graylog.list
deb [ arch=amd64 ] stable 4.0
  • sudo apt-get update && sudo apt-get install graylog-server


1 Like

Thank you very much for all the things shoothub !
I’m trying right now to follow your steps, looks like it’s working !!!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.