Run Graylog in Docker
The following guide will walk you through running Graylog with Docker Compose.
Prerequisites
Before proceeding, ensure that the following prerequisites are met:
-
Install a recent version of Docker Compose following the official Docker documentation.
-
Familiarity with Docker Compose, YAML, and the Graylog Compose file will be crucial to your success in successfully installing and deploying Graylog with Docker!
-
You must have a YAML Compose file including the following Docker images, which will be pulled automatically when you deploy the stack. We recommend you begin with the example Compose file provided by Graylog, including these images:
-
MongoDB:
mongo
-
Graylog Data Node:
graylog/graylog-datanode
-
Graylog Enterprise:
graylog/graylog-enterprise
-
OR Graylog Open:
graylog/graylog
-
-
-
We also recommend you obtain the example .env file from GitHub to manage your password secret and root password as noted in Graylog and Docker.
-
Make sure to configure Docker to have the correct
vm.max_map_count
setting of at least262144
.
Run Graylog with Docker Compose
To run Graylog with Docker Compose, we recommend you follow the process below:
-
Navigate to GitHub and download the example Graylog
docker-compose.yml
and the environment.env.example
file, which contains the password secret and root password configurations. -
Save the files in your desired directory. We recommend you save the file to a local file store; however, see Graylog and Docker for additional methods of file storage and management.
Hint: Be sure to save the.env.example
as.env
! -
Use the following command to create your
GRAYLOG_PASSWORD_SECRET
:Copy< /dev/urandom tr -dc A-Z-a-z-0-9 | head -c${1:-96};echo;
-
Then, create your
GRAYLOG_ROOT_PASSWORD_SHA2
:Copyecho -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
-
Now, open the environment file and add the output from the previous steps to your environment file for the
GRAYLOG_PASSWORD_SECRET
andGRAYLOG_ROOT_PASSWORD_SHA2
values respectively. -
Open and inspect the Compose YAML file. You can make any changes to the configuration settings as necessary at this time. For more information on this file and how to adjust configuration settings, see Graylog and Docker.
-
Deploy the Graylog application with Docker Compose:
Copydocker compose up
To have it running in the background, you can use:
Copydocker compose up -d
Warning: Once you deploy the application, the console will begin to display log files. Do not interrupt this process! You will not be able to deploy Graylog! -
To check the status of your containers, use:
Copydocker compose ps
Complete Preflight Login
Once your Graylog container is up and running, you can access the Graylog interface and log in for the first time.
-
View your Docker logs to obtain your initial login credentials:
Copydocker compose logs graylog
-
Locate the log entry beginning, "It seems you are starting Graylog for the first time..." Your initial login information will be located here:
Copygraylog-1 | ---
graylog-1 | ---
graylog-1 | ---
graylog-1 | ######## ### ######### ########## #### #### --- .---- ----
graylog-1 | ############### ###################### ##### #### --- ------------ .----------- --
graylog-1 | ##### ###### ##### #### #### #### --- --- --- --- -----
graylog-1 | #### #### #### ############ #### #### --- -- --- --- ---
graylog-1 | ### ### #### ############## #### #### --- --- -- -- --
graylog-1 | #### #### #### #### #### #### #### --- --- -- -- .--
graylog-1 | ##### ##### #### #### #### ####### --- --- --- --- ---
graylog-1 | ################ #### ############## ######- -- ---- ---- --- -----
graylog-1 | ############## #### ############# ##### ----- ----------- ---------- --
graylog-1 | #### #### ---
graylog-1 | ##### #### #### - .--
graylog-1 | ############# #### ----- ----
graylog-1 | ###### #### -------
graylog-1 |
graylog-1 | ========================================================================================================
graylog-1 |
graylog-1 | It seems you are starting Graylog for the first time. To set up a fresh install, a setup interface has
graylog-1 | been started. You must log in to it to perform the initial configuration and continue.
graylog-1 |
graylog-1 | Initial configuration is accessible at 0.0.0.0:9000, with username 'admin' and password 'ghWgeIAkKl'.
graylog-1 | Try clicking on http://admin:ghWgeIAkKl@0.0.0.0:9000
graylog-1 |
graylog-1 | ========================================================================================================
graylog-1 | -
To access the interface, you must change the IP address provided, listed as
0.0.0.0:9000
above, to match the IP of your Docker host. For example:https://admin:NQNJr0CkX2@192.168.1.47:9000
. This is the location of your Graylog interface. -
Navigate to the interface and use the initial username and password provided in the Docker log file to first log into the preflight UI.
-
After provisioning, you will then need to use the
GRAYLOG_ROOT_PASSWORD_SHA2
configured in the Compose file to complete your login.
Get in Logs and Verify Logs
Inputs can be created and configured via the Graylog interface. See Inputs for more information.
To display the logs of all services defined in your Graylog environment and verify they are running as intended, use the following command:
docker compose logs -f
Stop and Remove Containers
If for any reason you need to stop and remove the containers, networks, volumes, and images created as a part of your Graylog deployment, use the following command:
docker compose down
For more information on this process, see the Docker documentation.
Troubleshooting and Common Issues
The following section outlines troubleshooting steps for common issues to assist you in resolving potential challenges you may encounter.
Issue: Open File Limit
You may encounter warning messages about the open file limit during deployment.
Solution: Set ulimit
Outside the Container
If this occurs, try setting the ulimit
outside of the container:
ulimits:
nofile:
soft: "65536"
hard: "65536"
Issue: devicemapper
Storage Driver Compatibility
It is possible you may encounter an issue between Graylog's disk journal and the devicemapper
storage driver in Docker. This may result in an error message in the Docker logs or in Graylog’s service logs.
Solution: Choose Another Driver
In this case, we recommend you choose another driver like aufs or overlay2 to provide better performance for read/write operations.
Further Reading
Explore the following additional resources and recommended readings to expand your knowledge on related topics: