reference
https://go2docs.graylog.org/5-2/what_is_graylog/what_is_graylog.htm
install
echo "vm.max_map_count=262144" >> /etc/sysctl.conf
sysctl -p
cat > docker-compsoe.yml << EOF
version: '3'
services:
mongo:
image: mongo:5.0.13
container_name: mongo
volumes:
- mongo_data:/data/db
networks:
- graylog
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
container_name: elasticsearch
ports:
- 9200:9200
volumes:
- elasticsearch_data:/usr/share/elasticsearch
environment:
- http.host=0.0.0.0
- transport.host=localhost
- network.host=0.0.0.0
- discovery.type=single-node
- "ES_JAVA_OPTS=-Dlog4j2.formatMsgNoLookups=true -Xms512m -Xmx512m"
ulimits:
nofile:
soft: 65535
hard: 65535
memlock:
soft: -1
hard: -1
deploy:
resources:
limits:
memory: 1g
networks:
- graylog
graylog:
image: graylog/graylog:5.1
container_name: graylog
volumes:
- graylog_data:/usr/share/graylog/data
environment:
- GRAYLOG_PASSWORD_SECRET=somepasswordpepper
# Password: admin , use command -> echo -n admin | openssl dgst -sha256
- GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
- GRAYLOG_HTTP_EXTERNAL_URI=http://192.168.2.96:29000/
entrypoint: /usr/bin/tini -- wait-for-it elasticsearch:9200 -- /docker-entrypoint.sh
networks:
graylog_net
ipv4_address: 172.18.10.2
restart: always
depends_on:
- mongo
- elasticsearch
ports:
# Graylog web interface and REST API
- 29000:9000
# Syslog TCP
- 1514:1514
# Syslog UDP
- 1514:1514/udp
# GELF TCP
- 12201:12201
# GELF UDP
- 12201:12201/udp
# persist volumes /var
volumes:
mongo_data:
name: mongo_data
elasticsearch_data:
name: elasticsearch_data
graylog_data:
name: graylog_data
networks:
graylog:
driver: bridge
name: graylog_net
ipam:
driver: default
config:
- subnet: 172.18.10.0/24
gateway: 172.18.10.1
EOF
docker compose up -d