Can't get docker graylog up and running


(Casper Jensen) #1

Hi Guys!

We are trying to get graylog up and running on docker using this guide:
https:// hub.docker.com/r/graylog/graylog/

This is the content of the compose file

version: '2'
 services:
   # MongoDB: https   ://hub.docker.com/_/mongo/
   mongo:
     image: mongo:3
     volumes:
       - mongo_data:/data/db
   # Elasticsearch: https   ://www.elastic.co/guide/en/elasticsearch/reference/5.5/docker.html
   elasticsearch:
     image: docker.elastic.co/elasticsearch/elasticsearch:5.6.12
     volumes:
       - es_data:/usr/share/elasticsearch/data
     environment:
       - http.host=0.0.0.0
       - transport.host=localhost
       - network.host=0.0.0.0
       # Disable X-Pack security: https   ://www.elastic.co/guide/en/elasticsearch/reference/5.5/security-settings.html#general-security-settings
       - xpack.security.enabled=false
       - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
     ulimits:
       memlock:
         soft: -1
         hard: -1
     mem_limit: 1g
   # Graylog: https   ://hub.docker.com/r/graylog/graylog/
   graylog:
     image: graylog/graylog:2.4
     volumes:
       - ./graylog_journal:/usr/share/graylog/data/journal
       - ./graylog/config:/usr/share/graylog/data/config
     environment:
       # CHANGE ME!
       - GRAYLOG_PASSWORD_SECRET=somepasswordpepper
       # Password: admin
       - GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
       - GRAYLOG_HTTP_EXTERNAL_URI=http://127.0.0.1:9000/
     links:
       - mongo
       - elasticsearch
     ports:
       # Graylog web interface and REST API
       - 9000:9000
       # Syslog TCP
       - 514:514
       # Syslog UDP
       - 514:514/udp
       # GELF TCP
       - 12201:12201
       # GELF UDP
       - 12201:12201/udp
 
 # Volumes for persisting data, see https   ://docs.docker.com/engine/admin/volumes/volumes/
 volumes:
   mongo_data:
     driver: local
   es_data:
     driver: local
   graylog_journal:
     driver: local

Our issue is we keep getting these errors when doing docker-compose up

 graylog_1        | ERROR StatusLogger File not found in file system or classpath: /usr/share/graylog/data/config/log4j2.xml
 graylog_1        | ERROR StatusLogger Reconfiguration failed: No configuration found for '74a14482' at 'null' in 'null'
 graylog_1        | 02:15:02.399 [main] ERROR org.graylog2.bootstrap.CmdLineTool - Couldn't load configuration: Properties file /usr/share/graylog/data/config/graylog.conf doesn't exist!

Now we have followed the instruction to download the graylog.conf and log4j2.xml from:

    wget https   ://raw.githubusercontent.com/Graylog2/graylog-docker/3.0/config/graylog.conf
    wget https   ://raw.githubusercontent.com/Graylog2/graylog-docker/3.0/config/log4j2.xml

and the file is pressent in the requested folder:

 i4admin@docker01:/usr/share/graylog/data/config$ ls
 graylog.conf  log4j2.xml

We did find this article:
https ://github.com/Graylog2/graylog2-server/issues/2996

and we did correct the docker compose file according to this post:

I had the same problem despite of following docs. I notice there are missing points at the beginning of each line:

 ```
    volumes:
       - ./graylog/data/journal:/usr/share/graylog/data/journal
       - ./graylog/config:/usr/share/graylog/data/config
 ```

But that didn’t take care of the error.

We need help!

Thanks


(Casper Jensen) #2

oh and the spaces after https is because the forum wouldn’t lets us post more then 2 links. they are ofcause not there in the file


(Jan Doberstein) #3

the easiest way to paste configuration and logfiles is to put them in a code block and not a quote …

```
Your text here
```

I have actually just copy and pasted the content from the documentation: http://docs.graylog.org/en/2.5/pages/installation/docker.html#persisting-data

That is working without any issues. So please verify that you have taken the part from the documentation


Can't search anymore in graylog error cannot GET http:
(system) closed #4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.