Graylog is a leading centralized log management solution for capturing, storing, and enabling real-time analysis of terabytes of machine data.
sudo mkdir /etc/graylog.d/ /data/graylog/journal -p
sudo touch /etc/graylog.d/docker-compose.yaml
sudo chmod -R 777 /data/graylog /etc/graylog.d
sudo cat > /etc/graylog.d/docker-compose.yaml <<EOF
version: '3'
services:
graylog:
image: graylog/graylog:4.1
container_name: graylog
restart: always
networks:
- graylog
volumes:
- /data/graylog:/usr/share/graylog/data/data
- /data/graylog/journal:/usr/share/graylog/data/journal
environment:
- GRAYLOG_NODE_ID_FILE=/usr/share/graylog/data/config/node-id
- GRAYLOG_HTTP_EXTERNAL_URI=http://192.168.202.128:9000/
- GRAYLOG_ROOT_TIMEZONE=Asia/Shanghai
- GRAYLOG_ELASTICSEARCH_HOSTS=http://192.168.202.128:9200
- GRAYLOG_MONGODB_URI=mongodb://graylog:graylog123abc123@192.168.202.128:27017/graylog
- GRAYLOG_PASSWORD_SECRET=somepasswordpepper
- GRAYLOG_ROOT_USERNAME=admin
- GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
ports:
- 5044:5044/tcp
- 5140:5140/udp
- 5140:5140/tcp
- 5555:5555/tcp
- 5555:5555/udp
- 9000:9000/tcp
- 12201:12201/tcp
- 12201:12201/udp
- 13301:13301/tcp
- 13302:13302/tcp
networks:
graylog:
driver: bridge
EOF
sudo docker-compose -f /etc/graylog.d/docker-compose.yaml up -d
需要创建输入源
http://192.168.202.128:9000/system/inputs
curl -X POST -H 'Content-Type: application/json' -d '{ "version": "1.1", "host": "example.org", "short_message": "A short message", "level": 5, "_some_info": "foo" }' 'http://localhost:12201/gelf'