I’m trying to get Graylog working on a Mac with Docker. I did the following this morning:
- Downloaded the latest version of Docker for Mac, and started it
- Created a new directory, and created a docker-compose.yml file by copying the sample in the ‘Persisting Data’ section of the docs here: http://docs.graylog.org/en/2.3/pages/installation/docker.html
- Edited that file slightly to add support for the text logging port, 5555, via UDP by adding:
below the GELF UDP line.
4. Started the image
5. Logged in as admin, and created a UDP text listener bound to localhost on port 5555
6. Tried to use NC to push messages to the log as follows:
Eric-MBP:Docker ericw$ echo 'Hello Graylog!' | nc -u localhost 5555 Eric-MBP:Docker ericw$ echo 'This is a test' | nc -u localhost 5555 Eric-MBP:Docker ericw$ echo 'I am curious if it will work' | nc -u localhost 5555 Eric-MBP:Docker ericw$ echo 'Hello Graylog!' | nc localhost 5555 Eric-MBP:Docker ericw$ echo 'This is a test' | nc localhost 5555 Eric-MBP:Docker ericw$ echo 'I am curious if it will work' | nc localhost 5555
Graylog GUI shows 0 messages for the input on the input screen, and on the search screen. Based on a forum search, I also tried searching by absolute criteria, with a date range that included two days in the past and two days in the future, and get nothing.
Any clues as to what I might be doing wrong would be appreciated. Actual docker-compose.yml follows:
version: '2' services: # MongoDB: https://hub.docker.com/_/mongo/ mongodb: image: mongo:3 volumes: - mongo_data:/data/db # Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/5.5/docker.html elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch:5.5.1 volumes: - es_data:/usr/share/elasticsearch/data environment: - http.host=0.0.0.0 - transport.host=localhost - network.host=0.0.0.0 # Disable X-Pack security: https://www.elastic.co/guide/en/elasticsearch/reference/5.5/security-settings.html#general-security-settings - xpack.security.enabled=false - "ES_JAVA_OPTS=-Xms512m -Xmx512m" ulimits: memlock: soft: -1 hard: -1 mem_limit: 1g # Graylog: https://hub.docker.com/r/graylog/graylog/ graylog: image: graylog/graylog:2.3.0-1 volumes: - graylog_journal:/usr/share/graylog/data/journal environment: # CHANGE ME! - GRAYLOG_PASSWORD_SECRET=somepasswordpepper # Password: admin - GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918 - GRAYLOG_WEB_ENDPOINT_URI=http://127.0.0.1:9000/api links: - mongodb:mongo - elasticsearch depends_on: - mongodb - elasticsearch ports: # Graylog web interface and REST API - 9000:9000 # Syslog TCP - 514:514 # Syslog UDP - 514:514/udp # GELF TCP - 12201:12201 # GELF UDP - 12201:12201/udp # Text - 5555:5555/udp # Volumes for persisting data, see https://docs.docker.com/engine/admin/volumes/volumes/ volumes: mongo_data: driver: local es_data: driver: local graylog_journal: driver: local