Docker Compose setup for Graylog log management, with FortiGate syslog integration.
Stack: Graylog 6.3 + MongoDB 7.0 + OpenSearch 2.17
# 1. Install Docker (if needed)
sudo bash install-docker.sh
# 2. Configure secrets
cp .env.example .env
# Edit .env:
# GRAYLOG_PASSWORD_SECRET — generate: pwgen -N 1 -s 96
# GRAYLOG_ROOT_PASSWORD_SHA2 — generate: echo -n "yourpassword" | sha256sum
# GRAYLOG_HTTP_EXTERNAL_URI — set to your server's IP/domain
# 3. Deploy
sudo bash install-graylog.shWait ~60 seconds for all services to become healthy, then open:
- Web UI:
http://<your-ip>:9000 - Username:
admin - Password: whatever you hashed in
.env
# Upgrade to a specific Graylog version
sudo bash Update.sh /opt/graylog 6.4Import graylog-fortigate-syslog.json via System → Inputs → Import input in the Graylog UI.
Default syslog ports (UDP + TCP):
1514— syslog12201— GELF
Configure FortiGate: config log syslogd setting → set server <graylog-ip> → set port 1514
| File | Description |
|---|---|
docker-compose.yml |
Graylog + MongoDB + OpenSearch |
.env.example |
Secret and config template |
install-docker.sh |
Install Docker Engine (official repo) |
install-graylog.sh |
Deploy stack, set permissions, check .env |
Update.sh |
Upgrade Graylog to a new version |
graylog-fortigate-syslog.json |
FortiGate syslog input config |
- Ubuntu 20.04 / 22.04 / 24.04
- Docker Engine 24+ with Compose plugin
- 4 GB+ RAM
vm.max_map_count=262144(set automatically by install scripts)
MIT