1. Describe your incident:
I am new to Graylog. I’m looking to set it up to collect all the logs from my home lab and network. My preference is to use docker-compose. The Virtual Machine I’m using has a small virtual drive for the OS, and a 1TB hard disk that I want to be used for all the Graylog volumes. Ordinarily I’d use bind mounts to map hard drive locations into the docker containers, but I’ve been running into various issues, which I think might come down to the documented issue with bind mounts not working properly. I’m wondering what the best workaround would be? I don’t want to use the default docker volume location (due to space restrictions), and I don’t want to move the default docker data-root to the 1TB hard drive (as I have other docker containers that I don’t want to interfere with). Is there a fix or am I scuppered?
2. Describe your environment:
-
OS Information: Ubuntu Server 24.04 LTS
-
Package Version: Docker 29.2.1
-
Service logs, configurations, and environment variables:
Docker compose:
services:
# MongoDB: https://hub.docker.com/_/mongo/
mongodb:
image: "mongo:7.0"
restart: "on-failure"
networks:
- graylog
volumes:
- "/mnt/docker/graylog/mongodb:/data/db"
- "/mnt/docker/graylog/configdb:/data/configdb"
# For DataNode setup, graylog starts with a preflight UI, this is a change from just using OpenSearch/Elasticsearch.
# Please take a look at the README at the top of this repo or the regular docs for more info.
# Graylog Data Node: https://hub.docker.com/r/graylog/graylog-datanode
# ⚠️ Make sure this is set on the host before starting:
# echo "vm.max_map_count=262144" | sudo tee -a /etc/sysctl.conf
# sudo sysctl -p
datanode:
image: "${DATANODE_IMAGE:-graylog/graylog-datanode:7.0}"
hostname: "datanode"
environment:
GRAYLOG_DATANODE_NODE_ID_FILE: "/var/lib/graylog-datanode/node-id"
# GRAYLOG_DATANODE_PASSWORD_SECRET and GRAYLOG_PASSWORD_SECRET MUST be the same value
GRAYLOG_DATANODE_PASSWORD_SECRET: "${GRAYLOG_PASSWORD_SECRET:?Please configure GRAYLOG_PASSWORD_SECRET in the .env file}"
GRAYLOG_DATANODE_MONGODB_URI: "mongodb://mongodb:27017/graylog"
ulimits:
memlock:
hard: -1
soft: -1
nofile:
soft: 65536
hard: 65536
ports:
- "127.0.0.1:8999:8999/tcp" # DataNode API
- "127.0.0.1:9200:9200/tcp"
- "127.0.0.1:9300:9300/tcp"
networks:
- graylog
volumes:
- "/mnt/logs/datanode:/var/lib/graylog-datanode"
restart: "on-failure"
# Graylog: https://hub.docker.com/r/graylog/graylog-enterprise
graylog:
hostname: "server"
image: "${GRAYLOG_IMAGE:-graylog/graylog:7.0}"
depends_on:
mongodb:
condition: "service_started"
datanode:
condition: "service_started"
entrypoint: "/usr/bin/tini -- /docker-entrypoint.sh"
environment:
GRAYLOG_NODE_ID_FILE: "/usr/share/graylog/data/data/node-id"
# GRAYLOG_DATANODE_PASSWORD_SECRET and GRAYLOG_PASSWORD_SECRET MUST be the same value
GRAYLOG_PASSWORD_SECRET: "${GRAYLOG_PASSWORD_SECRET:?Please configure GRAYLOG_PASSWORD_SECRET in the .env file}"
GRAYLOG_ROOT_PASSWORD_SHA2: "${GRAYLOG_ROOT_PASSWORD_SHA2:?Please configure GRAYLOG_ROOT_PASSWORD_SHA2 in the .env file}"
GRAYLOG_HTTP_BIND_ADDRESS: "0.0.0.0:9000"
GRAYLOG_HTTP_EXTERNAL_URI: "http://localhost:9000/"
GRAYLOG_MONGODB_URI: "mongodb://mongodb:27017/graylog"
ports:
- "127.0.0.1:5044:5044/tcp" # Beats
- "127.0.0.1:5140:5140/udp" # Syslog
- "127.0.0.1:5140:5140/tcp" # Syslog
- "127.0.0.1:5555:5555/tcp" # RAW TCP
- "127.0.0.1:5555:5555/udp" # RAW UDP
- "127.0.0.1:9000:9000/tcp" # Server API
- "127.0.0.1:12201:12201/tcp" # GELF TCP
- "127.0.0.1:12201:12201/udp" # GELF UDP
#- "127.0.0.1:10000:10000/tcp" # Custom TCP port
#- "127.0.0.1:10000:10000/udp" # Custom UDP port
- "127.0.0.1:13301:13301/tcp" # Forwarder data
- "127.0.0.1:13302:13302/tcp" # Forwarder config
networks:
- graylog
volumes:
# IMPORTANT: bind mounts (e.g., "./data:/usr/share/graylog/data") currently
# don't work correctly. You have to use volume mounts.
# See: https://github.com/Graylog2/docker-compose/issues/99#issuecomment-3800898829
- "/mnt/logs/data:/usr/share/graylog/data"
restart: "on-failure"
networks:
graylog:
driver: "bridge"
volumes:
mongodb_data:
mongodb_config:
graylog-datanode:
graylog_data:
Errors:
2026-02-09T19:12:29.236813752Z 2026-02-09T19:12:29.235427190Z main ERROR Reconfiguration failed: No configuration found for '73d4cc9e' at 'null' in 'null'
2026-02-09T19:13:30.392112422Z 2026-02-09T19:13:30.390590998Z main ERROR Reconfiguration failed: No configuration found for '73d4cc9e' at 'null' in 'null'
2026-02-09T19:14:31.540665018Z 2026-02-09T19:14:31.539289577Z main ERROR Reconfiguration failed: No configuration found for '73d4cc9e' at 'null' in 'null'
2026-02-09T19:15:32.719555998Z 2026-02-09T19:15:32.718138069Z main ERROR Reconfiguration failed: No configuration found for '73d4cc9e' at 'null' in 'null'
2026-02-09T19:16:33.862869443Z 2026-02-09T19:16:33.861399008Z main ERROR Reconfiguration failed: No configuration found for '73d4cc9e' at 'null' in 'null'
2026-02-09T19:17:35.036342919Z 2026-02-09T19:17:35.034790228Z main ERROR Reconfiguration failed: No configuration found for '73d4cc9e' at 'null' in 'null'
3. What steps have you already taken to try and solve the problem?
I have tried to change the permissions on the folders to 1100:1100, and I’ve doen chmod 755 on them all too.
4. How can the community help?
I note that there’s an open issue at 7.0 fails to generate config files for graylog container · Issue #99 · Graylog2/docker-compose · GitHub which seems relevant - there are no config files in the folders, but I can’t figure out what the workaround was. Please can someone point me in the right direction?
Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]