March 16, 20251 yr Would some good samaritan step in and provide some pointers on installing Graylog? I just noticed that there is a template but googling around doesn't show anyone starting from that point and a lot of people issuing chmod commands to make it work. I am one step above newbie. Thanks.
March 17, 20251 yr usualy when looking for docker data and setups. especail guides. I find my self in the github readme or docker hub tag page https://github.com/Graylog2 ? Is their a difference between graylog and graylog2 ? I will gladly help where I can. I'm not familiar with graylog. it appears to have a compose file for some: https://github.com/lawrencesystems/graylog https://github.com/lawrencesystems/graylog/blob/master/docker-compose.yml we may need to fix and add some unraid tweaks and a compose file. as it seems, graylog requires a few extra dockers for support. From others, I see peps using a LXC / VM to run a debain linux environment and installing the graylog systems there... Edited March 17, 20251 yr by bmartino1 typo - Data
March 17, 20251 yr I would recomend going the docker compose route. pulling form the fourm guide: compose plugin pre make folder for latter compase data I asume you made a share called graylog. here we will store the Database data... mkdir -p /mnt/user/graylog/mongodb_data mkdir -p /mnt/user/graylog/es_data mkdir -p /mnt/user/appdata/graylog/graylog_data mkdir -p /mnt/user/appdata/graylog/graylog_journal here is a compose file for you... version: "3.8" services: mongodb: image: "mongo:5.0" volumes: - "mongodb_data:/data/db" restart: "on-failure" healthcheck: test: ["CMD", "mongo", "--eval", "db.runCommand({ ping: 1 })"] interval: 30s timeout: 10s retries: 5 labels: # MongoDB has no web UI # net.unraid.docker.webui: http://[IP]:[PORT] net.unraid.docker.icon: "./mongodb.png" folder.view: "graylog" net.unraid.docker.managed: "composeman" elasticsearch: image: "docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2" environment: ES_JAVA_OPTS: "-Xms1g -Xmx1g -Dlog4j2.formatMsgNoLookups=true" bootstrap.memory_lock: "true" discovery.type: "single-node" http.host: "0.0.0.0" action.auto_create_index: "false" ulimits: memlock: hard: -1 soft: -1 nofile: 65535 # Added to get rid of Elasticsearch file limit warning. volumes: - "es_data:/usr/share/elasticsearch/data" restart: "on-failure" healthcheck: test: ["CMD-SHELL", "curl -f http://localhost:9200/_cluster/health || exit 1"] interval: 30s timeout: 10s retries: 5 labels: # Elasticsearch has no web UI # net.unraid.docker.webui: http://[IP]:[PORT] net.unraid.docker.icon: "./elasticsearch.png" folder.view: "graylog" net.unraid.docker.managed: "composeman" graylog: image: "graylog/graylog:4.2" depends_on: elasticsearch: condition: "service_healthy" mongodb: condition: "service_healthy" entrypoint: "/usr/bin/tini -- wait-for-it elasticsearch:9200 -- /docker-entrypoint.sh" environment: GRAYLOG_TIMEZONE: "Europe/Stockholm" TZ: "Europe/Stockholm" GRAYLOG_NODE_ID_FILE: "/usr/share/graylog/data/config/node-id" GRAYLOG_PASSWORD_SECRET: "putyourpasswordhere" GRAYLOG_ROOT_PASSWORD_SHA2: "youneedtogeneratethis" GRAYLOG_HTTP_BIND_ADDRESS: "0.0.0.0:9000" GRAYLOG_HTTP_EXTERNAL_URI: "http://localhost:9000/" GRAYLOG_ELASTICSEARCH_HOSTS: "http://elasticsearch:9200" GRAYLOG_MONGODB_URI: "mongodb://mongodb:27017/graylog" ports: - "5044:5044/tcp" # Beats - "5140:5140/udp" # Syslog - "5140:5140/tcp" # Syslog - "5555:5555/tcp" # RAW TCP - "5555:5555/udp" # RAW TCP - "9000:9000/tcp" # Server API - "12201:12201/tcp" # GELF TCP - "12201:12201/udp" # GELF UDP - "10000:10000/tcp" # Custom TCP port - "10000:10000/udp" # Custom UDP port - "13301:13301/tcp" # Forwarder data - "13302:13302/tcp" # Forwarder config volumes: - "graylog_data:/usr/share/graylog/data/data" - "graylog_journal:/usr/share/graylog/data/journal" restart: "on-failure" healthcheck: test: ["CMD-SHELL", "curl -f http://localhost:9000/api/system/lbstatus || exit 1"] interval: 30s timeout: 10s retries: 5 labels: net.unraid.docker.webui: http://[IP]:[PORT:9000] net.unraid.docker.icon: "./graylog.png" folder.view: "graylog" net.unraid.docker.managed: "composeman" volumes: mongodb_data: driver: local driver_opts: type: none device: "/mnt/user/graylog/mongodb_data" o: bind es_data: driver: local driver_opts: type: none device: "/mnt/user/graylog/es_data" o: bind graylog_data: driver: local driver_opts: type: none device: "/mnt/user/appdata/graylog/graylog_data" o: bind graylog_journal: driver: local driver_opts: type: none device: "/mnt/user/appdata/graylog/graylog_journal" o: bind Aditional chagne directories... here is a scritp to premake your folder paths needed... #!/bin/bash # Define the base directories BASE_DIR="/mnt/user" APPDATA_DIR="/mnt/user/appdata" # List of directories to create DIRS=( "$BASE_DIR/graylog/mongodb_data" "$BASE_DIR/graylog/es_data" "$APPDATA_DIR/graylog/graylog_data" "$APPDATA_DIR/graylog/graylog_journal" ) # Create each directory and set permissions for DIR in "${DIRS[@]}"; do if [ ! -d "$DIR" ]; then echo "Creating directory: $DIR" mkdir -p "$DIR" chmod -R 777 "$DIR" # Adjust permissions as necessary else echo "Directory already exists: $DIR" fi done echo "All necessary directories have been created." *as I made a guide earlier foling the unraid defaults for tempalte authoring but the script above will assit on setting data vs docker data and help preset path... You will need to update paths in the copose... using and reconstructing data from my immich guide: I don't see the need to write one with the comunity supporting it elsewhere on the forum.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.