docker部署graylog使用教程

原文 https://www.cnblogs.com/jonnyan/p/12566994.html
部署环境:centos 7
graylog版本:3.3
docker官方部署链接:http://docs.graylog.org/en/3.3/pages/installation/docker.html
1.创建持久化目录
$ mkdir -p ./graylog/config
$ chmod -R 777 graylog/
$ cd ./graylog/config
$ wget https://raw.githubusercontent.com/Graylog2/graylog-docker/3.2/config/graylog.conf
$ wget https://raw.githubusercontent.com/Graylog2/graylog-docker/3.2/config/log4j2.xml
2.设置查询高亮和国内时区
$ vim graylog.conf
修改 root_timezone = PRC
修改 allow_highlighting = true
3.编辑docker-compose.yml文件
vim /opt/docker-compose.yml

内容如下:

version: '2'
services:
  # MongoDB: https://hub.docker.com/_/mongo/
  mongodb:
    container_name: mongo
    image: mongo:3
    volumes:
      - mongo_data:/data/db
  # Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/6.x/docker.html
  elasticsearch:
    container_name: es
    image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.8.5
    volumes:
      - es_data:/usr/share/elasticsearch/data
    environment:
      - TZ=Asia/Shanghai
      - http.host=0.0.0.0
      - transport.host=localhost
      - network.host=0.0.0.0
      - "ES_JAVA_OPTS=-Xms1024m -Xmx1024m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    mem_limit: 4g
  # Graylog: https://hub.docker.com/r/graylog/graylog/
  graylog:
    container_name: graylog
    image: graylog/graylog:3.3
    volumes:
      - graylog_journal:/usr/share/graylog/data/journal
      - ./graylog/config:/usr/share/graylog/data/config
    environment:
      # CHANGE ME (must be at least 16 characters)!
      - GRAYLOG_PASSWORD_SECRET=somepasswordpepper
      # Password: admin
      - GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
      - GRAYLOG_HTTP_EXTERNAL_URI=http://1.1.1.1:9000/ #这里配置公网访问地址,可注释.
      - TZ=Asia/Shanghai
    links:
      - mongodb:mongo
      - elasticsearch
    depends_on:
      - mongodb
      - elasticsearch
    ports:
      # Graylog web interface and REST API
      - 9000:9000
      # Syslog TCP
      - 1514:1514
      # Syslog UDP
      - 1514:1514/udp
      # GELF TCP
      - 12201:12201
      # GELF UDP
      - 12201-12205:12201-12205/udp
# Volumes for persisting data, see https://docs.docker.com/engine/admin/volumes/volumes/
volumes:
  mongo_data:
    driver: local
  es_data:
    driver: local
  graylog_journal:
    driver: local

4.启动
$ docker-compose up -d

5.web页面访问
http://1.1.1.1:9000/
默认账号密码为 admin admin
6.简单使用
打开 system/inputs
创建一个 GELF UDP 协议接收端(如下图)

然后再docker run 命令加入以下参数即可(示例如下)

docker run -it --name atest --log-driver=gelf --log-opt gelf-address=udp://1.1.1.1:12201 --log-opt tag="{{.ImageName}}/{{.Name}}/{{.ID}}" --privileged=true --restart always -d hello-world