Graylog is a leading centralized log management solution built to open standards for capturing, storing, and enabling real-time analysis of terabytes of machine data. Solution for database in the previous articles are: here and here.
1. add firewall rules and remember about ‘permanent’ parameter
firewall-cmd --add-port=514/udp firewall-cmd --add-port=514/tcp firewall-cmd --add-port=1514/udp firewall-cmd --add-port=1514/tcp firewall-cmd --add-port=9000/tcp firewall-cmd --add-port=12201/tcp
2.1. before the start of Elasticsearch probably the system variable must be changed
sysctl -w vm.max_map_count=262144
2.2. now, run the Elasticsearch but you have to remember about this: “Graylog 2.4 does not work with Elasticsearch 6.x yet! but works fine using Elasticsearch 5.3.x or later.”
docker run --name elasticsearch -e "http.host=0.0.0.0" -e "ES_JAVA_OPTS=-Xms512m -Xmx512m" -d docker.elastic.co/elasticsearch/elasticsearch-oss:6.8.2
3. before the start of Graylog probably the system variable must be changed
sysctl -w net.core.rmem_max=262144
sysctl -w vm.max_map_count=262144
4. make persistence directory and download and edit the config files
mkdir /storage/graylog/data/config
wget https://raw.githubusercontent.com/Graylog2/graylog2-images/3.1/docker/config/graylog.conf wget https://raw.githubusercontent.com/Graylog2/graylog2-images/3.1/docker/config/log4j2.xml
4. start graylog container with parameters.
docker run --name graylog -p 514:514 -p 9000:9000 -p 12201:12201 -p 1514:1514 --link mongodb --link elasticsearch -v /storage/graylog/config:/usr/share/graylog/data/config -v /storage/graylog/data/journal:/usr/share/graylog/data/journal -d graylog/graylog:3.1