Skip to content

Instantly share code, notes, and snippets.

@olegabr
Created December 9, 2016 12:13
Show Gist options
  • Save olegabr/7f5190c453bb63c71dabf151d2373c2f to your computer and use it in GitHub Desktop.
Save olegabr/7f5190c453bb63c71dabf151d2373c2f to your computer and use it in GitHub Desktop.
graylog2 docker-compose startup scripts and test commands

The idea is to collect logs from docker containers in the graylog2 server. It can be done only by using GELF UDP Input type. And I don't want to provide an access to the graylog2 web interface for security reasons. That is why I'm using only local interface binding for the REST API port 9000.

File udp-input-graylog.json is from here: http://stackoverflow.com/a/40636190/4256005 It is used to create the GELF UDP input on the server startup.

version: '2'
services:
mongo:
image: mongo:3
volumes:
- mongo_data:/data/db
elasticsearch:
image: elasticsearch:2
command: "elasticsearch -Des.cluster.name='graylog'"
volumes:
- elasticsearch_data:/usr/share/elasticsearch/data
graylog:
image: graylog2/server
environment:
GRAYLOG_PASSWORD_SECRET: 123456
GRAYLOG_ROOT_PASSWORD_SHA2: 8d969eef6ecad3c29a3a629280e686cf0c3f5d5a86aff3ca12020c923adc6c92
GRAYLOG_WEB_ENDPOINT_URI: http://127.0.0.1:9000/api
GRAYLOG_CONTENT_PACKS_AUTO_LOAD: grok-patterns.json,udp-input-graylog.json
GRAYLOG_CONTENT_PACKS_LOADER_ENABLED: "true"
GRAYLOG_CONTENT_PACKS_DIR: data/contentpacks
depends_on:
- mongo
- elasticsearch
links:
- mongo
- elasticsearch
ports:
- "127.0.0.1:9000:9000"
# - "1242/udp:1242/udp"
- "127.0.0.1:12201/udp:12201/udp"
volumes:
- log_data:/usr/share/graylog/data/journal
- ./udp-input-graylog.json:/usr/share/graylog/data/contentpacks/udp-input-graylog.json
volumes:
mongo_data:
elasticsearch_data:
log_data:
{
"name":"My docker UDP input",
"description":"A global UDP GELF input on port 12201",
"category":"Inputs",
"inputs":[
{
"title":"udp input",
"configuration":{
"override_source":null,
"recv_buffer_size":262144,
"bind_address":"0.0.0.0",
"port":12201,
"decompress_size_limit":8388608
},
"static_fields":{},
"type":"org.graylog2.inputs.gelf.udp.GELFUDPInput",
"global":true,
"extractors":[]
}
],
"streams":[],
"outputs":[],
"dashboards":[],
"grok_patterns":[]
}
@saifjunaid
Copy link

is this still working?i am not able to create an input during graylog startup

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment