Problems with Graylog Docker image


(Good Peoples Connected) #1

can somebody point me to a step by step docker instalation of graylog ! i been struggling with this server for a good minute :slight_smile:


(Jochen) #2

Maybe you should invest more than 60 seconds?

Did you follow the documentation at http://docs.graylog.org/en/2.2/pages/installation/docker.html?
If so, which step doesn’t work for you?


(Good Peoples Connected) #3

i may be dumb :slight_smile: following the docs but to much go there for this and go there for that ? been looking around, not a single step by step docker tutorial install why ?


(Jochen) #4

What exactly are you missing? At which point do you struggle?

If you’re looking for a monolithic Graylog installation with all its dependencies, take a look at the virtual machine appliance: http://docs.graylog.org/en/2.2/pages/installation/virtual_machine_appliances.html


(Good Peoples Connected) #5

thanks for trying to help ! i may have played with to much environnement variables ! i don’t want to use the virtual machine appliance, i already got a vm running as a vpn server connecting a brunch of routers i need to get logs from. i will start all over the configuration. but where is the tutorial from a to z :slight_smile:


#6

that’s my docker-compopse.yml file contents for my graylog 2.3-beta with es 5.*:

version: '2'
services:
 mongo:
  image: "mongo"
  volumes:
   - /graylog/data/mongo:/data/db
   - /graylog/data/mongobackup:/backup
  restart: always 
 elasticsearch:
  image: "elasticsearch:5.4.0-alpine"
  command: "-Ecluster.name=graylog"
  restart: always
  volumes:
   - /graylog/data/elasticsearch:/usr/share/elasticsearch/data
   - /graylog/plugins/elasticsearch:/usr/share/elasticsearch/plugins
  ports:
   - 9300:9300
   - 9200:9200
  cpuset: 3-5
  mem_limit: 1536m
 server:
  image: "graylog2/server:2.3.0-beta.1-2"
  volumes: 
   - /graylog/data/journal:/usr/share/graylog/data/journal
   - /graylog/config:/usr/share/graylog/data/config:ro
  restart: always
  cpuset: 0-2
  mem_limit: 2g
  environment:
   GRAYLOG_PASSWORD_SECRET: "<redacted>"
   GRAYLOG_ROOT_PASSWORD_SHA2: "<redacted>"
   GRAYLOG_REST_TRANSPORT_URI: "http://192.168.0.135:12900"
  ports:
   - 5044:5044
   - 9000:9000
   - 12900:12900
   - 514:514/udp
   - 514:514
   - 12201:12201/udp
   - 12201:12201
 kibana:
  image: "kibana:5.4.2"
  volumes:
   - /docker/kibana/:/kibana/config
  restart: always
#  ports:
#    - 5601:5601
  depends_on:
   - elasticsearch
auth:
 image: "beevelop/nginx-basic-auth"
 restart: always
 environment:
  HTPASSWD: 'admin:<redacted>'
  FORWARD_PORT: 5601
 links:
  - kibana:web
 ports:
  - 5601:80
 depends_on:
  - kibana

as you can see it contains kibana for pretty and light graphs and dashboards, kibana in this case is secured by http-auth proxy, also, as you probably noticed, you’ll have to generate passwords, for me (50-500 msg/s) given memory constraints are enough, YMMV :slight_smile:


(Good Peoples Connected) #7

your set up look nice ! did you ever write about it on a blog or something ? i read we can also make logstash work alongside graylog . Sorry i need thing to be more verbose since i’m a french guy :slight_smile:


#8

nope, i haven’t write about it anywhere, just here, i’m not a blogger kind of guy:) of course you can use logstash to convert some log messages to graylog readable format, i used it to convert cisco netflow to gelf, when i was using 1.3, now we don’t have cisco devices, and it seems graylog supports netflow in out of the box now


(Good Peoples Connected) #9

can someone explain to me this errors please ? thanks


(Good Peoples Connected) #10

hello guys,

finally got graylog running :slight_smile: what is the latest graylog image for docker ? i used graylog2/server:2.2.1-1 as in the doc and graylog system say is an outdated version.

if i want to add my email server should i modifiy my docker compose file and launch it again or i can do it differently?

why graylog doesn’t come with the ability to add webhooks link to send notification alerts to slack like for example ?

thanks for the reply


(Jochen) #11

See https://hub.docker.com/r/graylog2/server/tags/

Yes, you should change the settings (environment variables) in your docker-compose.yml file.

Because functionality only few users require are best implemented in plugins, e. g. https://marketplace.graylog.org/addons/2b7c3403-60d8-488e-b4be-79364bde1634


(Good Peoples Connected) #12

ok thanks !

so how can i add this plugin to my installation ? i’m such a newbie :slight_smile:


(Jochen) #13

Please read the documentation for the Docker image: http://docs.graylog.org/en/2.2/pages/installation/docker.html#plugins


(Good Peoples Connected) #14

i wish i could fully understand this part of the doc :joy:

you really gotta be a system admin to use graylog ! :sleepy:


#15

You don’t need to be a system admin to use Graylog, but you need to know quite a lot about IT to be able to set it up.


(Good Peoples Connected) #16

Sure !
i got my graylog server on aws ec2 instance ! it run now and i’m able to get log from localhost !

i try to connect a node to the private ip of the instance but the node fail to run ! what i missed ? It say i cannot bind to this address.

i got the idea of getting logs from my others instances in the same vpc than graylog server.

also running pritunl server (pritunl.com) next to graylog to connect some routers to the instance by vpn and communicate with other app installed in the instance (working great) !, i wish to get logs from them too

really try to own all my data. everything private !!! :rofl:


(Jochen) #17

Without any specific information it’s not possible to help you.


(Good Peoples Connected) #18

everything look like working now from the others aws instances to the routers behind vpn logs going to graylog !

thanks for everything ! I JUST NEED TO KEEP LEARNING AND STOP CRYING LIKE A BABY ! .

really hard to understand at first but graylog is a great, great software! :joy:

only the slack plugin integration missing now and i’m free ! :persevere:


(Good Peoples Connected) #19

Help ! Integrate Slack With my Graylog docker Image PLEASE !!! :pray:


(Jochen) #20