Debian-based, self-contained graylog2 image. Can run standalone or backed by an existing elasticsearch cluster.
To get started quickly with an embedded elasticsearch instance, do this:
docker run -d -p 9000:9000 -p 514:514 -p 12201:12201 jamescarr/graylog2-dockerTo get it rolling with an existing elasticsearch cluster
docker run -d -p 9000:9000 -p 514:514 -p 12201:12201 -e ES_CLUSTER_NAME=<cluster_name> -e ES_CLUSTER_HOSTS=cluster01:9300,cluster02:9300 jamescarr/graylog2-docker
The username/password to the web interface is admin/admin. You can
override the password with the GRAYLOG2_ADMIN_PASSWORD environment
variable.
ES_CLUSTER_NAME- the name of the elasticsearch cluster this graylog2 instance should joinES_CLUSTER_HOSTS- comma separated string of host/port combinations that graylog2 should attempt to connect to. This will get plugged intoelasticsearch_discovery_zen_ping_unicast_hostsin the graylog2.confCORS_ENABLED- Enable CORSGRAYLOG2_ES_PLUGINS- comma separated list of elasticsearch plugins to include. Will install on first run. (e.g.GRAYLOG2_ES_PLUGINS=elasticsearch/elasticsearch-cloud-aws/1.6.0,lmenezes/elasticsearch-kopf/0.9.0)GRAYLOG2_ADMIN_PASSWORD- Sets the admin password for graylog2, must already be sha256 hashed. Do this in a console:echo $(echo -n clever | sha256sum | awk '{print $1}')GRAYLOG2_ADMIN_USER- Sets the admin password for graylog2
You can also define any number of vairables to tune the definition of
the embedded graylog2 elasticsearch instance as well. These are defined
with the prefix gec. and written when the elasticsearch
configuration file is generated.
For example, say we want to enable the http interface, host it on port 9500 and specify the plugin path:
-e gec.http.port=9500 -e gec.http.enabled=true -e gec.path.plugins=/opt/graylog2-server/plugins
This will generate the following configuration file:
http.enabled: true
http.port: 9500
path.plugins: /opt/graylog2-server/plugins