# Graylog setup and setting ###### tags: `inference-server` `graylog` ## Docker-compose yaml file ```yaml= version: '3' services: # MongoDB: https://hub.docker.com/_/mongo/ mongo: image: mongo:3 networks: - graylog # Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/6.x/docker.html elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.8.10 environment: - http.host=0.0.0.0 - transport.host=localhost - network.host=0.0.0.0 - "ES_JAVA_OPTS=-Xms512m -Xmx512m" ulimits: memlock: soft: -1 hard: -1 deploy: resources: limits: memory: 1g networks: - graylog # Graylog: https://hub.docker.com/r/graylog/graylog/ graylog: image: graylog/graylog:3.3 environment: # CHANGE ME (must be at least 16 characters)! - GRAYLOG_PASSWORD_SECRET = ${PASSWORD_SECRET} # Password: admin - GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918 - GRAYLOG_HTTP_EXTERNAL_URI=http://${MACHINE_FQDN}:${WEB_PORT}/ - GRAYLOG_HTTP_PUBLISH_URI=http://${MACHINE_FQDN}:${WEB_PORT}/ networks: - graylog depends_on: - mongo - elasticsearch ports: # Graylog web interface and REST API # - ${WEB_PORT}:9000 - ${WEB_PORT}:9000 # Syslog TCP - 1514:1514 # Syslog UDP - 1514:1514/udp # GELF TCP - 12201:12201 # GELF UDP - 12201:12201/udp # Custom - 5555:5555 networks: graylog: driver: bridge ``` Setup graylog server ` docker-compose -d up ` ## Initial ### Create a listener port 5555 #### Request: uri: `/api/system/inputs` method: `POST` port: `${WEB_PORT}` body: ```json= { "title": "kong", "type": "org.graylog2.inputs.raw.tcp.RawTCPInput", "configuration": { "bind_address": "0.0.0.0", "port": 5555, "recv_buffer_size": 1048576, "number_worker_threads": 20, "tls_cert_file": "", "tls_key_file": "", "tls_enable": false, "tls_key_password": "", "tls_client_auth": "disabled", "tls_client_auth_cert_file": "", "tcp_keepalive": false, "use_null_delimiter": false, "max_message_size": 2097152, "override_source": null }, "global": true } ``` #### Reponse: ```json= { "id": "5facf05f32e2185f34cc0fa0" } ``` ### Create a extractor on this listener ${id} #### Request: uri: `/api/system/inputs/{inputId}/extractors` method: `POST` port: `${WEB_PORT}` body: ```json= { "title": "http-log", "cut_or_copy": "copy", "source_field": "message", "target_field": "", "extractor_type": "json", "extractor_config": { "list_separator": ", ", "key_separator": "_", "kv_separator": "=", "key_prefix": "", "replace_key_whitespace": false, "key_whitespace_replacement": "_" }, "converters": {}, "condition_type": "none", "condition_value": "" } ``` #### Reponse: ```json= { "extractor_id": "d2a0e560-24c1-11eb-9426-0242ac140004" } ```