Public | Automated Build

Last pushed: 3 years ago
Short Description
This is a copy of the official Graylog Dockerfile with JVM DEBUG support enabled
Full Description

Graylog Docker container

This project creates a Docker container with full Graylog stack installed. The repository is a fork of the official
Graylog graylog2-images repository.


The only modification is the added DEBUG support for the JVM:

RUN sed -i 's/\(GRAYLOG_SERVER_JAVA_OPTS=".*\)"/\1 -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005"/' /opt/graylog/embedded/cookbooks/graylog/templates/default/sv-graylog-server-run.erb


You need a recent docker version installed, take a look here for instructions.

$ docker pull dfch/graylog2-images
$ docker run -t -p 9000:9000 -p 12201:12201 dfch/graylog2-images

This will create a container with all Graylog services running.


After starting the container, your Graylog instance is ready to use.
You can reach the web interface by pointing your browser to the IP address of your Docker host: http://<host IP>:9000

The default login is Username: admin Password: admin.

How to get log data in

You can create different kind of inputs under System->Inputs. You already exposed the default GELF port 12201 so it
is a good idea to start a GELF TCP input there. Here is a list of available
GELF integrations. To start another input you have to expose the right port e.g. to start a raw TCP input on port 5555
add to your docker command the -p 5555:5555 option.
Then you can send raw text to Graylog like echo 'first log message' | nc localhost 5555

Additional options

You can configure the most important aspects of your Graylog instance through environment variables. In order
to set a variable add a -e VARIABLE_NAME option to your docker run command. For example to set another admin password
start your container like this:

$ docker run -t -p 9000:9000 -p 12201:12201 -e GRAYLOG_PASSWORD=SeCuRePwD dfch/graylog2-images
Variable Name Configuration Option
GRAYLOG_PASSWORD Set admin password
GRAYLOG_TIMEZONE Set timezone (TZ) you are in
GRAYLOG_SMTP_SERVER Hostname/IP address of your SMTP server for sending alert mails

SMTP_SERVER can take options for authentication, make sure to use an SSL port:
GRAYLOG_SMTP_SERVER=" --port=465 --password=SecretPassword"

Persist data

In order to persist log data and configuration settings mount the Graylog data directory outside the container:

$ docker run -t -p 9000:9000 -p 12201:12201 -v /graylog/data:/var/opt/graylog/data -v /graylog/logs:/var/log/graylog graylog2/allinone

Other volumes to persist:

Path Description
/var/opt/graylog/data Elasticsearch for raw log data and MongoDB as configuration store
/var/log/graylog Internal logs for all running services
/opt/graylog/plugin Graylog server plugins

Multi container setup

The Omnibus package used for creating the container is able to split Graylog into several components.
This works in a Docker environment as long as your containers run on the same hardware respectively the containers
need to have direct network access between each other.
The first started container is the so called master, other containers can grab configuration options from here.

To setup two containers, one for the web interface and one for the server component do the following:

Start the master with Graylog server parts

$ docker run -t -p 12900:12900 -p 12201:12201 -p 4001:4001 -e GRAYLOG_SERVER=true dfch/graylog2-images

The configuration port 4001 is now accessible through the host IP address.

Start the web interface in a second container and give the host address as master to fetch configuration options

$ docker run -t -p 9000:9000 -e GRAYLOG_MASTER=<host IP address> -e GRAYLOG_WEB=true dfch/graylog2-images


To build the image from scratch run

$ docker build -t graylog .
Docker Pull Command
Source Repository