Graylog Docker - all input has the internal IP from the Docker

Graylog Central (peer support)
1

Hello,

I installed Graylog in Dockers. Have a nginx as proxy for SSL running. Every Message I get from other Systems has the source IP of my Docker (172.18.0.1). I’m reciving many Messages (syslog_udp) and I’m sure the Input is running. I can access the Web-Interface - and all seems to be fine.
My Config is:

Docker-compose:

version: "2"

services:
  # MongoDB: https://hub.docker.com/_/mongo/
  mongodb:
    image: mongo:3
    volumes:
      - mongo_data:/data/db
    restart: always
  # Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/6.x/docker.html
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.8.11
    volumes:
      - es_data:/usr/share/elasticsearch/data
    environment:
      - http.host=0.0.0.0
      - transport.host=localhost
      - network.host=0.0.0.0
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    mem_limit: 2g
    restart: always
  # Graylog: https://hub.docker.com/r/graylog/graylog/
  graylog:
    image: graylog/graylog:3.3
    environment:
      TZ: Europe/Berlin
    volumes:
      - graylog_data:/usr/share/graylog/data
      - ./config:/usr/share/graylog/data/config
      - ./plugins:/usr/share/graylog/plugin
      - ./node-id.gl1:/usr/share/graylog/config/node-id
    links:
      - mongodb:mongo
      - elasticsearch
    depends_on:
      - mongodb
      - elasticsearch
      - nginx
    ports:
      # Graylog web interface and REST API
      - 9000:9000
      # Syslog TCP
      - 514:1514
      # Syslog UDP
      - 514:1514/udp
      # GELF TCP
      - 12201:12201
      # GELF UDP
      - 12201:12201/udp
    restart: always

  nginx:
    environment:
      TZ: Europe/Berlin
    image: nginx:1.19-alpine
    ports:
      - 10.29.0.41:80:80
      - 10.29.0.41:443:443
    volumes:
      - ./nginx/default.conf:/etc/nginx/conf.d/default.conf:ro
      - ./cert/default.crt:/etc/nginx/default.crt:ro
      - ./cert/default.key:/etc/nginx/default.key:ro
      - ./logs:/var/log/nginx
    restart: always
# Volumes for persisting data, see https://docs.docker.com/engine/admin/volumes/volumes/
volumes:
  mongo_data:
    driver: local
  es_data:
    driver: local
  graylog_data:
    driver: local

Here are the Entrys of my graylog.conf:

http_bind_address = 0.0.0.0:9000
http_external_uri = http://srv-log01.company.com:9000/

My Input is configured like:

2020-09-27 17_39_06_Graylog Web Interface - Inputs
2020-09-27 17_39_06_Graylog Web Interface - Inputs601×1011 37.2 KB

Anyone a Idea?
Best regards
Martin

1 Like
2

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.