reference
https://go2docs.graylog.org/5-2/what_is_graylog/what_is_graylog.htm
install
echo "vm.max_map_count=262144" >> /etc/sysctl.conf
sysctl -p
mkdir -p /data/{mongo_data,elasticsearch_data,graylog_data}
cat > docker-compsoe.yml << EOF
version: '3'
services:
mongo:
image: mongo:5.0.13
container_name: mongo
volumes:
- /data/mongo_data:/data/db
networks:
- graylog
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
container_name: elasticsearch
ports:
- 9200:9200
volumes:
- /data/elasticsearch_data:/usr/share/elasticsearch/data
environment:
- http.host=0.0.0.0
- transport.host=localhost
- network.host=0.0.0.0
- "ES_JAVA_OPTS=-Dlog4j2.formatMsgNoLookups=true -Xms512m -Xmx512m"
ulimits:
nofile:
soft: 65535
hard: 65535
memlock:
soft: -1
hard: -1
deploy:
resources:
limits:
memory: 1g
networks:
- graylog
graylog:
image: graylog/graylog:5.1
container_name: graylog
volumes:
- /data/graylog_data:/usr/share/graylog/data
environment:
- GRAYLOG_PASSWORD_SECRET=somepasswordpepper
# Password: admin
- GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
- GRAYLOG_HTTP_EXTERNAL_URI=http://192.168.2.96:29000/
entrypoint: /usr/bin/tini -- wait-for-it elasticsearch:9200 -- /docker-entrypoint.sh
networks:
- graylog
restart: always
depends_on:
- mongo
- elasticsearch
ports:
# Graylog web interface and REST API
- 29000:9000
# Syslog TCP
- 1514:1514
# Syslog UDP
- 1514:1514/udp
# GELF TCP
- 12201:12201
# GELF UDP
- 12201:12201/udp
networks:
graylog:
driver: bridge
EOF
docker compose up -d