I’m trying to get Graylog working on a Mac with Docker. I did the following this morning:
- Downloaded the latest version of Docker for Mac, and started it
- Created a new directory, and created a docker-compose.yml file by copying the sample in the ‘Persisting Data’ section of the docs here: http://docs.graylog.org/en/2.3/pages/installation/docker.html
- Edited that file slightly to add support for the text logging port, 5555, via UDP by adding:
Text
- 5555:5555/udp
below the GELF UDP line.
4. Started the image
5. Logged in as admin, and created a UDP text listener bound to localhost on port 5555
6. Tried to use NC to push messages to the log as follows:
Eric-MBP:Docker ericw$ echo 'Hello Graylog!' | nc -u localhost 5555
Eric-MBP:Docker ericw$ echo 'This is a test' | nc -u localhost 5555
Eric-MBP:Docker ericw$ echo 'I am curious if it will work' | nc -u localhost 5555
Eric-MBP:Docker ericw$ echo 'Hello Graylog!' | nc localhost 5555
Eric-MBP:Docker ericw$ echo 'This is a test' | nc localhost 5555
Eric-MBP:Docker ericw$ echo 'I am curious if it will work' | nc localhost 5555
Graylog GUI shows 0 messages for the input on the input screen, and on the search screen. Based on a forum search, I also tried searching by absolute criteria, with a date range that included two days in the past and two days in the future, and get nothing.
Any clues as to what I might be doing wrong would be appreciated. Actual docker-compose.yml follows:
version: '2'
services:
# MongoDB: https://hub.docker.com/_/mongo/
mongodb:
image: mongo:3
volumes:
- mongo_data:/data/db
# Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/5.5/docker.html
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:5.5.1
volumes:
- es_data:/usr/share/elasticsearch/data
environment:
- http.host=0.0.0.0
- transport.host=localhost
- network.host=0.0.0.0
# Disable X-Pack security: https://www.elastic.co/guide/en/elasticsearch/reference/5.5/security-settings.html#general-security-settings
- xpack.security.enabled=false
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
mem_limit: 1g
# Graylog: https://hub.docker.com/r/graylog/graylog/
graylog:
image: graylog/graylog:2.3.0-1
volumes:
- graylog_journal:/usr/share/graylog/data/journal
environment:
# CHANGE ME!
- GRAYLOG_PASSWORD_SECRET=somepasswordpepper
# Password: admin
- GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
- GRAYLOG_WEB_ENDPOINT_URI=http://127.0.0.1:9000/api
links:
- mongodb:mongo
- elasticsearch
depends_on:
- mongodb
- elasticsearch
ports:
# Graylog web interface and REST API
- 9000:9000
# Syslog TCP
- 514:514
# Syslog UDP
- 514:514/udp
# GELF TCP
- 12201:12201
# GELF UDP
- 12201:12201/udp
# Text
- 5555:5555/udp
# Volumes for persisting data, see https://docs.docker.com/engine/admin/volumes/volumes/
volumes:
mongo_data:
driver: local
es_data:
driver: local
graylog_journal:
driver: local