Skip to content

kerr20801/bash_install-graylog_docker

Repository files navigation

Graylog Docker Install

Docker Compose setup for Graylog log management, with FortiGate syslog integration.

Stack: Graylog 6.3 + MongoDB 7.0 + OpenSearch 2.17

Quick Start

# 1. Install Docker (if needed)
sudo bash install-docker.sh

# 2. Configure secrets
cp .env.example .env
# Edit .env:
#   GRAYLOG_PASSWORD_SECRET  — generate: pwgen -N 1 -s 96
#   GRAYLOG_ROOT_PASSWORD_SHA2 — generate: echo -n "yourpassword" | sha256sum
#   GRAYLOG_HTTP_EXTERNAL_URI — set to your server's IP/domain

# 3. Deploy
sudo bash install-graylog.sh

Wait ~60 seconds for all services to become healthy, then open:

  • Web UI: http://<your-ip>:9000
  • Username: admin
  • Password: whatever you hashed in .env

Upgrade

# Upgrade to a specific Graylog version
sudo bash Update.sh /opt/graylog 6.4

FortiGate Syslog Integration

Import graylog-fortigate-syslog.json via System → Inputs → Import input in the Graylog UI.

Default syslog ports (UDP + TCP):

  • 1514 — syslog
  • 12201 — GELF

Configure FortiGate: config log syslogd setting → set server <graylog-ip> → set port 1514

Files

File Description
docker-compose.yml Graylog + MongoDB + OpenSearch
.env.example Secret and config template
install-docker.sh Install Docker Engine (official repo)
install-graylog.sh Deploy stack, set permissions, check .env
Update.sh Upgrade Graylog to a new version
graylog-fortigate-syslog.json FortiGate syslog input config

Requirements

  • Ubuntu 20.04 / 22.04 / 24.04
  • Docker Engine 24+ with Compose plugin
  • 4 GB+ RAM
  • vm.max_map_count=262144 (set automatically by install scripts)

License

MIT

About

Graylog log management stack via Docker Compose, with FortiGate syslog input

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages