Backup Graylog Docker

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident:
Goodnight,

I’m starting to use Graylog and I’m still learning about it, I would like to know if there is a complete step by step to perform a backup and restore of Graylog Docker. As I researched, I found just performing a mongodump, would there be any other way and what would be the correct way to backup mongo, elastcsearch and Docker graylog as well.
I use graylog via docker-compose with persistent data, it is running on a server and I would like to back up all the data to restore on another server if the main one has a problem.
Are there any more automated options for backup or just manually doing the elasticsearch mongodump and dump?

Thank you very much in advance.

2. Describe your environment:

  • OS Information:
    docker compose installed on OS CentOS
  • Package Version:
    5.0
  • Service logs, configurations, and environment variables:

3. What steps have you already taken to try and solve the problem?
I tried to use mongodump inside the container, then I copied the graylog folder that is inside /bin/dump/graylog to another server, then I did a mongo restore with the copied data but the graylog showed a permission error.
The permissions check for the following request failed,
while trying to access /.
There was an error fetching a resource: Forbidden. Additional information: Not authorized to access resource id

4. How can the community help?
Are there any more automated options for backup or just manually doing the elasticsearch mongodump and dump?

Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]

Hello && Welocme @Silva

When you stated ALL data, are you refering to Logs , ect…? MongoDb holds all the metadata, so any configuration, inputs, users, authentication, etc… Elasticsearch/Opensearch holds the logs/messages. If this is true, then what would need to happen to save all the logs /configurations is execute MongoDb dump and backup/restore with ES/OS.

I also have Graylog Docker, IP address may change but its the same steps. Much easier on just a Virtual machine. If the idea is create a new Graylog server with same settings there are othere options.
.

Good afternoon gsmith.

About mongodump I managed to do it without problems, I just can’t make the elasticsearch snapshot, I’m not finding the indicated paths inside the container, I can’t find the elasticsearch.yml because the path seems to be different inside the container. Could you help me with more details about elasticsearch backup and restore?

Thank you very much

Hey @Silva

Ill do my best, I have not done it on Docker yet. Couple things need to happen. to ensure less issues make sure you migrating to same version, once that completed then do any upgrades. Every setup is different and I found this to be the easiest path.

Configure elasticsearch.yaml file add something like this line. Basically where you want you repo and Elasticsearch has access.

path: ["/etc/elasticsearch/my_backup"]

Then excute the follow to register the repo. make sure what on Elasticsearch yaml file is the same here.

curl -X PUT "<es_node>:9200/_snapshot/my_repo?pretty" -H 'Content-Type: application/json' -d'
{
"type": "fs",
"settings": {
"location": "/etc/elasticsearch/my_repo"
}
}
'

Once completed run the following.

curl -X PUT "<es_node>:9200/_snapshot/my_repo/snapshot_1?wait_for_completion=true&pretty"

This demo is from here

hope that helps

good afternoon blacksmith

I’m trying to perform this procedure you sent, but I’m having trouble finding the path /etc/elasticsearch/. Inside the Container I don’t find this path and neither in the elasticsearch volume. Can you explain where I will find this path to change yalm?

Thank you very much

Hey @Silva

You would need to make the ENV.
You could use “find”, “locate”, “whereis”, etc… on that server, just an idea.
Example:

root@ansible:/usr/local/bin# locate opensearch.yml
/etc/opensearch/opensearch.yml
/etc/opensearch/opensearch.yml.backup
/usr/local/bin/custom-opensearch.yml
/var/lib/docker/overlay2/1f4c03a230ea04fe94dd1924fb2e4eb47b4333c82a9064a0c51314c5fd0fae6b/diff/usr/share/opensearch/config/opensearch.yml
/var/lib/docker/overlay2/1f4c03a230ea04fe94dd1924fb2e4eb47b4333c82a9064a0c51314c5fd0fae6b/diff/usr/share/opensearch/config/opensearch-security/opensearch.yml.example
/var/lib/docker/overlay2/2d481f834fc55c8cb554b6bbe7fc2a783daea377b14a0748b3f0cc7f87fc6f47/diff/usr/share/opensearch/config/opensearch.yml
/var/lib/docker/overlay2/86fecc1421cc064e64cc0f4f39cff77af03f2b183deb194c8215f39fe8122378/diff/usr/share/opensearch/config/opensearch.yml
/var/lib/docker/overlay2/8b1b316a3ecd19fb0eab1ffaef522a6992eb1708bef65f1aca84eddfc9045212/diff/usr/share/opensearch/config/opensearch.yml
/var/lib/docker/overlay2/8b1b316a3ecd19fb0eab1ffaef522a6992eb1708bef65f1aca84eddfc9045212/diff/usr/share/opensearch/config/opensearch-security/opensearch.yml.example
root@ansible:/usr/local/bin#

Couple example you might be able to use here

Edit: something like this in your compose file.

- ./custom-opensearch.yml:/usr/share/opensearch/config/opensearch.yml

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.