More : https://docs.graylog.org/en/4.0/pages/installation/docker.html
version: '2'
services:
mongodb:
image: mongo:4.2
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
environment:
- http.host=0.0.0.0
- transport.host=localhost
- network.host=0.0.0.0
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
mem_limit: 1g
graylog:
image: graylog/graylog:4.0
environment:
- GRAYLOG_PASSWORD_SECRET=somepasswordpepper
- GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
- GRAYLOG_HTTP_EXTERNAL_URI=http://192.168.0.228:9000/
entrypoint: /usr/bin/tini -- wait-for-it elasticsearch:9200 -- /docker-entrypoint.sh
links:
- mongodb:mongo
- elasticsearch
restart: always
depends_on:
- mongodb
- elasticsearch
ports:
# Graylog web interface and REST API
- 9000:9000
# Syslog TCP
- 1514:1514
# Syslog UDP
- 1514:1514/udp
# GELF TCP
- 12201:12201
# GELF UDP
- 12201:12201/udp
- 5555:5555
- 5551:5551
Note : 5555 port will be used for filebeat as logstash output
System / inputs >> select input > Beats > launch input > global tick > titile > port = 5555 > threads =2 > Save
- Install filebeat : https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-installation-configuration.html
- Edit
/etc/filebeat/filebeat.yml
Output:
Raw/Plaintext TCP
System / inputs >> select input > Raw/Plaintext TCP > launch input > global tick > titile > port = 5551 > threads =2 > Save
for sending Raw/Plaintext TCP
echo "this is log" > /dev/tcp/grelog_server/5551