Graylog Installation
Graylog is a log management system that collects logs from multiple sources and displays them in a web interface. It is a great tool for monitoring your network and servers.
Graylog 5 Docker Tutorial Commands
Video
GitHub
Graylog extractors
Install ubuntu server
1
| sudo apt update && sudo apt dist-upgrade
|
Install requirements
1
| sudo apt install git docker-compose nfs-common
|
Add user to docker group
1
| sudo usermod -aG docker $USER
|
System UTC time
1
| sudo timedatectl set-timezone UTC
|
Create the log_data folder
1
| sudo mkdir -p /mnt/log_data
|
1
| sudo chmod 777 /mnt/log_data/
|
Mount the share
1
| sudo mount nfs-server-ip:/mnt/user/graylog/log_data /mnt/log_data
|
Check if the mount exists
Add the mount to fstab for mount on boot
1
| 192.168.1.16:/mnt/user/graylog/log_data /mnt/log_data nfs defaults,_netdev 0 0
|
Clone the config files
1
| git clone https://github.com/lawrencesystems/graylog.git && cd graylog/
|
Create a admin password
1
| echo -n YourPassword | shasum -a 256
|
GRAYLOG_ROOT_PASSWORD_SHA2 in the docker-compose.yml
1
| nano docker-compose.yml
|
Change under OpenSearch
1
2
3
4
5
6
7
| volumes:
- "log_data:/usr/share/opensearch/data"
# to
volumes:
- "/mnt/log_data:/usr/share/opensearch/data"
|
Start Graylog
1
| sudo docker-compose up -d
|
Stop Graylog
1
| sudo docker-compose down
|
(use -v to remove all volumes and reset all configuration)
Access Graylog on:
http://localhost:9000/
or
http://[server_ip]:9000/
Scripts (optional)
up.sh - Start and/or update Graylog
1
2
3
4
5
| #! /bin/sh
cd graylog/ && sudo docker-compose pull && sudo docker-compose up -d --remove-orphans
echo " "
echo "docker up"
|
down.sh - Stops Graylog
1
2
3
4
5
| #! /bin/sh
cd graylog/ && sudo docker-compose down
echo " "
echo "docker down"
|
