
Graylog running on docker

MIT LicenseMIT

Graylog in docker-compose

This docker-compose.yml runs all the required processes for a Graylog setup on multiple docker containers.

The following processes are run in their own docker containers

  • mongodb 3.0.4
  • elasticsearch 1.7.4
  • graylog 1.3.3
  • graylog-web 1.3.3


This setup assumes you already have docker-compose and docker (using boot2docker) installed.

git clone git@github.com:micahhausler/graylog-compose.git
cd graylog-compose
docker-compose build
docker-compose up


Open and use the login. (It may take a minute for the graylog server to come online)

username: admin
password: password

Then go to the Content Packs page, upload the provided content pack, and then click "Apply content".

Upload Content Pack

Create Syslog UDP input


You can now go to the Inputs page and see that the Docker GELF input has been entered to consume logspout mesages from Docker (using the GELF module).


Go to the Streams page to see the example streams that have been created. Clock on each one to see past messages.

[Hint: Open an incognito window and enter an invalid password in the Graylog login page. This will generate some content for you to see in your streams and dashboard.]


Go to the Dashboards page to see an example dashboard with graphs based on the 2 preconfigured streams.


Go to the Graylog Plugin page to see available plugins. Simply drop them in the plugin/ directory in the project, and they'll be loaded when you restart Graylog.

API explorer

Go to the Graylog API-Explorer From here, you can play around with their swagger api explorer.

If you're using docker-machine instead of boot2docker, edit the line


in graylog/server.conf and change it to your docker machine's IP. You'll need to restart everything for this to take effect by running

docker-compose stop
docker-compse rm -f
docker-compose up


This is NOT a production-ready setup for graylog. You'll need add TLS to Mongo, Elasticsearch, and the graylog server, as well as fine-tune each service for your own needs. This list of measures is not comprehensive.

Be sure to:

  • change the password_secret in graylog/server.conf and also add it to graylog_web/graylog-web-interface.conf's application.secret parameter
  • change the root_password_sha2 in graylog/server.conf
  • Add authentication to mongo, enter the parameters in graylog/server.conf


MIT License