Public Repository

Last pushed: 2 years ago
Short Description
greylog2-server
Full Description

INSTALLATION

Run this container and expose ports you want log inputs being forwarded to. By default web-ui is running on port 9000.

docker run -i -t --privileged --name ENTERSOMENAMEHERE -p 9000:9000 -p 12201:12201 mikkopoyhonen/greylog2


CONFIGURING RSYSLOG TO FORWARD LOGS

Add thease strings to your 50-default.conf file in /etc/rsyslog.d folder:

FOR TCP:
$template GRAYLOGRFC5424,"<%PRI%>%PROTOCOL-VERSION% %TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID% %STRUCTURED-DATA% %msg%\n"
. @@graylog.example.org:514;GRAYLOGRFC5424

FOR UDP:
$template GRAYLOGRFC5424,"<%PRI%>%PROTOCOL-VERSION% %TIMESTAMP:::date-rfc3339% %HOSTNAME% %APP-NAME% %PROCID% %MSGID% %STRUCTURED-DATA% %msg%\n"
. @graylog.example.org:514;GRAYLOGRFC5424

Note that only difference between udp and tcp outputs are the amount of @@'s. Edit your graylog servers address and port listened to last string in configuration "@graylog.example.org:514;GRAYLOGRFC5424".

Now just create input in Greylog web-interface for syslog.

NOTE:

If the container is not syncing clock with the host machine you need to start the container with variable "docker run -t -p 9000:9000 -p 12201:12201 -e GRAYLOG_TIMEZONE=Europe/Tallin mikkopoyhonen/greylog2" where "Europe/Tallin" matches your timezone.

EXAMPLE PASSWORD CONFIGURATION:

$ docker run -t -p 9000:9000 -p 12201:12201 -e GRAYLOG_PASSWORD=SeCuRePwD graylog2/allinone

Docker Pull Command
Owner
mikkopoyhonen

Comments (1)
mikkopoyhonen
2 years ago

Variable Name Configuration Option
GRAYLOG_PASSWORD Set admin password
GRAYLOG_USERNAME Set username for admin user (default: admin)
GRAYLOG_TIMEZONE Set timezone (TZ) you are in
GRAYLOG_SMTP_SERVER Hostname/IP address of your SMTP server for sending alert mails
GRAYLOG_RETENTION Configure how long or how many logs should be stored
GRAYLOG_NODE_ID Set server node ID (default: random)
GRAYLOG_MASTER IP address of a remote master container (see multi container setup)
GRAYLOG_SERVER Run only server components
GRAYLOG_WEB Run web interface only