docker的版本高于version 20.10.10
创建yml文件
mkdir -p /docker/compose/graylog/
cd /docker/compose/graylog/
touch docker-compose-6.1.yml将以下内容复制到docker-compose-6.1.yml文件中
services:
# MongoDB: https://hub.docker.com/_/mongo/
mongodb:
image: "mongo:6.0.18"
ports:
- "27017:27017"
restart: "on-failure"
networks:
- graylog
volumes:
- "mongodb_data:/data/db"
- "mongodb_config:/data/configdb"
opensearch:
image: "opensearchproject/opensearch:2.15.0"
environment:
- "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
- "bootstrap.memory_lock=true"
- "discovery.type=single-node"
- "action.auto_create_index=false"
- "plugins.security.ssl.http.enabled=false"
- "plugins.security.disabled=true"
# Can generate a password for `OPENSEARCH_INITIAL_ADMIN_PASSWORD` using a linux device via:
# tr -dc A-Z-a-z-0-9_@#%^-_=+ < /dev/urandom | head -c${1:-32}
- "OPENSEARCH_INITIAL_ADMIN_PASSWORD=+_8r#wliY3Pv5-HMIf4qzXImYzZf-M=M"
ulimits:
memlock:
hard: -1
soft: -1
nofile:
soft: 65536
hard: 65536
ports:
- "9203:9200"
- "9303:9300"
restart: "on-failure"
networks:
- graylog
volumes:
- "opensearch:/usr/share/opensearch/data"
# Graylog: https://hub.docker.com/r/graylog/graylog/
graylog:
hostname: "server"
image: "graylog/graylog-enterprise:6.1"
# To install Graylog Open: "graylog/graylog:6.1"
depends_on:
mongodb:
condition: "service_started"
opensearch:
condition: "service_started"
entrypoint: "/usr/bin/tini -- wait-for-it opensearch:9200 -- /docker-entrypoint.sh"
environment:
GRAYLOG_NODE_ID_FILE: "/usr/share/graylog/data/config/node-id"
GRAYLOG_HTTP_BIND_ADDRESS: "0.0.0.0:9000"
GRAYLOG_ELASTICSEARCH_HOSTS: "http://opensearch:9200"
GRAYLOG_MONGODB_URI: "mongodb://mongodb:27017/graylog"
# To make reporting (headless_shell) work inside a Docker container
GRAYLOG_REPORT_DISABLE_SANDBOX: "true"
# CHANGE ME (must be at least 16 characters)!
GRAYLOG_PASSWORD_SECRET: "somepasswordpepper"
# Password: "admin"
GRAYLOG_ROOT_PASSWORD_SHA2: "8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918"
GRAYLOG_HTTP_EXTERNAL_URI: "http://127.0.0.1:9000/"
ports:
# Graylog web interface and REST API
- "9000:9000/tcp"
# Beats
- "5044:5044/tcp"
# Syslog TCP
- "5140:5140/tcp"
# Syslog UDP
- "5140:5140/udp"
# GELF TCP
- "12201:12201/tcp"
# GELF UDP
- "12201:12201/udp"
# Forwarder data
- "13301:13301/tcp"
# Forwarder config
- "13302:13302/tcp"
restart: "on-failure"
networks:
- graylog
volumes:
- "graylog_data:/usr/share/graylog/data"
networks:
graylog:
driver: "bridge"
volumes:
mongodb_data:
mongodb_config:
opensearch:
graylog_data:
然后把配置文件中的volumes修改成对应目录,这样容器的数据就可以存储在你定义的目录中了,如果你不修改的话可以直接跳到修改密码或启动阶段。我修改的内容如下:
- "/docker/data/graylog/mongodb_data:/data/db"
- "/docker/data/graylog/mongodb_config:/data/configdb"
- "/docker/data/graylog/opensearch:/usr/share/opensearch/data"
- "/docker/data/graylog/graylog_data:/usr/share/graylog/data"
创建目录并授权
mkdir -p /docker/data/graylog/graylog_data/config
mkdir -p /docker/data/graylog/mongodb_config
mkdir -p /docker/data/graylog/mongodb_data
mkdir -p /docker/data/graylog/opensearch
chown -R 999:999 /docker/data/graylog/mongodb_config
chown -R 999:999 /docker/data/graylog/mongodb_data
chown -R 1000:1000 /docker/data/graylog/opensearch
chown -R 1100:1100 /docker/data/graylog/graylog_data
cd /docker/data/graylog/graylog_data/config
wget https://raw.githubusercontent.com/Graylog2/graylog-docker/6.1/config/graylog.conf
wget https://raw.githubusercontent.com/Graylog2/graylog-docker/6.1/config/log4j2.xml
chown -R 1100:1100 config
修改默认密码,如果你需要修改可以使用以下命令生成不同的密码。
openssl rand -base64 48 #生成的值用于修改GRAYLOG_PASSWORD_SECRET:
echo -n "Enter Password: " && head -1 < /dev/stdin | tr -d '\n' | sha256sum | cut -d " " -f1 #生成的值用于修改GRAYLOG_ROOT_PASSWORD_SHA2: 这个就是登录到graylog的密码,用户名是admin,默认的密码是admin
tr -dc A-Z-a-z-0-9_@#%^-_=+ < /dev/urandom | head -c${1:-32} #生成opensearch的密码启动
docker compose -f docker-compose-6.1.yml up -d启动后你就可以通过http://IP:9000来访问graylog了。