This docker-compose.yml
runs all the required processes for a Graylog setup on multiple docker containers.
The following processes are run in their own docker containers
- mongodb 3.0.4
- elasticsearch 1.7.4
- graylog 1.3.3
- graylog-web 1.3.3
This setup assumes you already have docker-compose and docker (using boot2docker) installed.
git clone git@github.com:micahhausler/graylog-compose.git
cd graylog-compose
docker-compose build
docker-compose up
Open https://192.168.59.103:9443/ and use the login. (It may take a minute for the graylog server to come online)
username: admin
password: password
Then go to the Content Packs page, upload the provided content pack, and then click "Apply content".
You can now go to the Inputs page and see that the Docker GELF input has been entered to consume logspout mesages from Docker (using the GELF module).
Go to the Streams page to see the example streams that have been created. Clock on each one to see past messages.
[Hint: Open an incognito window and enter an invalid password in the Graylog login page. This will generate some content for you to see in your streams and dashboard.]
Go to the Dashboards page to see an example dashboard with graphs based on the 2 preconfigured streams.
Go to the Graylog Plugin page to see available plugins. Simply drop them in the plugin/
directory in the project, and they'll be loaded when you restart Graylog.
Go to the Graylog API-Explorer http://192.168.59.103:12900/api-browser From here, you can play around with their swagger api explorer.
If you're using docker-machine
instead of boot2docker, edit the line
rest_transport_uri= http://192.168.59.103:12900/
in graylog/server.conf
and change it to your docker machine's IP. You'll need to restart everything for this to take effect by running
docker-compose stop
docker-compse rm -f
docker-compose up
This is NOT a production-ready setup for graylog. You'll need add TLS to Mongo, Elasticsearch, and the graylog server, as well as fine-tune each service for your own needs. This list of measures is not comprehensive.
Be sure to:
- change the
password_secret
ingraylog/server.conf
and also add it tograylog_web/graylog-web-interface.conf
'sapplication.secret
parameter - change the
root_password_sha2
ingraylog/server.conf
- Add authentication to mongo, enter the parameters in
graylog/server.conf
MIT License