Graylog2 Docker container
This project creates a Docker container with full Graylog2 stack installed.
You need a recent
docker version installed, take a look here for instructions.
$ docker pull swcc/docker-graylog2 $ docker run -t -p 9000:9000 -p 12201:12201 swcc/docker-graylog2
This will create a container with all Graylog2 services running.
After starting the container, your Graylog2 instance is ready to use.
You can reach the web interface by pointing your browser to the IP address of your Docker host:
The default login is Username:
How to get log data in
You can create different kind of inputs under System->Inputs. You already exposed the default GELF port 12201 so it
is a good idea to start a GELF TCP input there. Here is a list of available
GELF integrations. To start another input you have to expose the right port e.g. to start a raw TCP input on port 5555
add to your docker command the
-p 5555:5555 option.
Then you can send raw text to Graylog2 like
echo 'first log message' | nc localhost 5555
You can configure the most important aspects of your Graylog2 instance through environment variables. In order
to set a variable add a
-e VARIABLE_NAME option to your
docker run command. For example to set another admin password
start your container like this:
$ docker run -t -p 9000:9000 -p 12201:12201 -e GRAYLOG2_PASSWORD=SeCuRePwD swcc/docker-graylog2
|Variable Name||Configuration Option|
|GRAYLOG2_PASSWORD||Set admin password|
|GRAYLOG2_TIMEZONE||Set timezone you are in|
|GRAYLOG2_SMTP_SERVER||Hostname/IP address of your SMTP server for sending alert mails|
You can mount the data and log directories to store your data outside of the container:
$ docker run -t -p 9000:9000 -p 12201:12201 -v /graylog2/data:/var/opt/graylog2/data -v /graylog2/logs:/var/log/graylog2 swcc/docker-graylog2
Multi container setup
The Omnibus package used for creating the container is able to split Graylog2 into several components.
This works in a Docker environment as long as your containers run on the same hardware respectively the containers
need to have direct network access between each other.
The first started container is the so called
master, other containers can grab configuration options from here.
To setup two containers, one for the web interface and one for the server component do the following:
master with Graylog2 server parts
$ docker run -t -p 12900:12900 -p 12201:12201 -p 4001:4001 -e GRAYLOG2_SERVER=true swcc/docker-graylog2
The configuration port 4001 is now accessible through the host IP address.
Start the web interface in a second container and give the host address as
master to fetch configuration options
$ docker run -t -p 9000:9000 -e GRAYLOG2_MASTER=<host IP address> -e GRAYLOG2_WEB=true swcc/docker-graylog2
To build the image from scratch run
$ docker build -t graylog2 .