- 部署环境:centos 7
- graylog版本:3.3
- docker官方部署链接:http://docs.graylog.org/en/3.3/pages/installation/docker.html
1.创建持久化目录
$ mkdir -p ./graylog/config
$ chmod -R 777 graylog/
$ cd ./graylog/config
$ wget https://raw.githubusercontent.com/Graylog2/graylog-docker/3.2/config/graylog.conf
$ wget https://raw.githubusercontent.com/Graylog2/graylog-docker/3.2/config/log4j2.xml
2.设置查询高亮和国内时区
$ vim graylog.conf
修改 root_timezone = PRC
修改 allow_highlighting = true
3.编辑docker-compose.yml文件
vim /opt/docker-compose.yml
内容如下:
点击查看详细内容
version: '2'
services:
# MongoDB: https://hub.docker.com/_/mongo/
mongodb:
container_name: mongo
image: mongo:3
volumes:
- mongo_data:/data/db
# Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/6.x/docker.html
elasticsearch:
container_name: es
image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.8.5
volumes:
- es_data:/usr/share/elasticsearch/data
environment:
- TZ=Asia/Shanghai
- http.host=0.0.0.0
- transport.host=localhost
- network.host=0.0.0.0
- "ES_JAVA_OPTS=-Xms1024m -Xmx1024m"
ulimits:
memlock:
soft: -1
hard: -1
mem_limit: 4g
# Graylog: https://hub.docker.com/r/graylog/graylog/
graylog:
container_name: graylog
image: graylog/graylog:3.3
volumes:
- graylog_journal:/usr/share/graylog/data/journal
- ./graylog/config:/usr/share/graylog/data/config
environment:
# CHANGE ME (must be at least 16 characters)!
- GRAYLOG_PASSWORD_SECRET=somepasswordpepper
# Password: admin
- GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
- GRAYLOG_HTTP_EXTERNAL_URI=http://1.1.1.1:9000/ #这里配置公网访问地址,可注释.
- TZ=Asia/Shanghai
links:
- mongodb:mongo
- elasticsearch
depends_on:
- mongodb
- elasticsearch
ports:
# Graylog web interface and REST API
- 9000:9000
# Syslog TCP
- 1514:1514
# Syslog UDP
- 1514:1514/udp
# GELF TCP
- 12201:12201
# GELF UDP
- 12201-12205:12201-12205/udp
# Volumes for persisting data, see https://docs.docker.com/engine/admin/volumes/volumes/
volumes:
mongo_data:
driver: local
es_data:
driver: local
graylog_journal:
driver: local
4.启动
$ docker-compose up -d
5.web页面访问
http://1.1.1.1:9000/
默认账号密码为 admin admin
6.简单使用
- 打开 system/inputs
- 创建一个 GELF UDP 协议接收端(如下图)
- 然后再docker run 命令加入以下参数即可(示例如下)
docker run -it --name atest --log-driver=gelf --log-opt gelf-address=udp://1.1.1.1:12201 --log-opt tag="{{.ImageName}}/{{.Name}}/{{.ID}}" --privileged=true --restart always -d hello-world