Skip to content

Instantly share code, notes, and snippets.

@brav0charlie
Last active October 7, 2022 23:04
Show Gist options
  • Save brav0charlie/5e62725a4c7e93cf64d74995065dc402 to your computer and use it in GitHub Desktop.
Save brav0charlie/5e62725a4c7e93cf64d74995065dc402 to your computer and use it in GitHub Desktop.
Graylog 4.3 in Docker using docker-compose
# IMPORTANT NOTE: Make sure you replace the GRAYLOG_PASSWORD_SECRET on line 53 with one you generate. You must
# also replace the GRAYLOG_ROOT_PASSWORD_SHA2 on line 56 with one you generate. This stack will
# not load without these passwords defined.
#
# Data is persisted using the three volumes created below. Port 9200 is exposed on the Elasticsearch
# container allowing you to spin up a Grafana container to use for visulization as well.
#
version: '3'
services:
# MongoDB: https://hub.docker.com/_/mongo/
mongo:
image: mongo:4.2
container_name: mongo
hostname: mongo
volumes:
- mongo_data:/data/db
networks:
- graylog
# Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/7.10/docker.html
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
container_name: elasticsearch
volumes:
- es_data:/usr/share/elasticsearch/data
environment:
- http.host=0.0.0.0
- transport.host=localhost
- network.host=0.0.0.0
- "ES_JAVA_OPTS=-Dlog4j2.formatMsgNoLookups=true -Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
deploy:
resources:
limits:
memory: 1g
networks:
- graylog
ports:
- 9200:9200
# Graylog: https://hub.docker.com/r/graylog/graylog/
graylog:
image: graylog/graylog:4.3
container_name: graylog
hostname: graylog
environment:
# For encrypting new user passwords (Generate using 'pwgen -N 1 -s 96')
- GRAYLOG_PASSWORD_SECRET=<GENERATE ME USING COMMAND ABOVE>
# Root Password: generate using the command pipeline on the line below:
# echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
- GRAYLOG_ROOT_PASSWORD_SHA2=<GENERATE ME USING COMMAND ABOVE>
- GRAYLOG_HTTP_EXTERNAL_URI=http://127.0.0.1:9000/
entrypoint: /usr/bin/tini -- wait-for-it elasticsearch:9200 -- /docker-entrypoint.sh
networks:
- graylog
restart: always
depends_on:
- mongo
- elasticsearch
volumes:
- graylog_data:/usr/share/graylog/data
# Used for Geocoding IP addresses
# You can download this after creating an account here:
# https://dev.maxmind.com/geoip/geolite2-free-geolocation-data?lang=en
#- /path/on/host/to/GeoLite2-City.mmdb:/etc/graylog/server/GeoLite2-City.mmdb
ports:
# Graylog web interface and REST API
- 9000:9000
# Syslog TCP
- 1514:1514/tcp
# Syslog UDP
- 1514:1514/udp
# Syslog TCP
- 514:1514/tcp
# Syslog UDP
- 514:1514/udp
# GELF TCP
- 12201:12201/tcp
# GELF UDP
- 12201:12201/udp
volumes:
graylog_data:
driver: 'local'
mongo_data:
driver: 'local'
es_data:
driver: 'local'
networks:
graylog:
driver: bridge
name: graylog
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment