Author: Sar Malik
Learn how to deploy a centralized log analytics and event monitoring server with Graylog in Docker and remotely update clients with Ansible Playbook routines.
Read the accompanying guide to this code repository to get started.
graylog/graylog | ||
---|---|---|
_/mongo | ||
---|---|---|
_/elasticsearch | ||
---|---|---|
Ansible |
---|
Clone this repository onto the docker host where containers will be built using relative volume paths.
-
Update the configuration files provided in server and run the following command to spin up a container stack.
$ docker-compose -f docker-compose.yaml up
-
Navigate to the Graylog server and open an input worker with
tcp/514 || udp/514
ports. -
Configure unix clients with
rsyslog
systemd service to push all log messages to the Graylog server with the provided playbook.$ ansible-playbook -i target.env \ -k --ask-become-pass \ configure_rsyslog.yaml
-
Explore streaming log messages, create dashboards, and run custom queries using the Graylog webserver on
http://<<graylog_host>>:<<port>>
.
.
├── .gitignore
├── README.md
├── LICENSE.md
├── client
│ ├── ansible.setup.sh
│ ├── configure_rsyslog.yaml
│ ├── rsyslog.conf
│ └── target.env
└── server
├── config.sh
├── docker-compose.yaml
├── graylog.conf
├── mongo.env
├── mongo-init.js
├── rotatekey.sh
└── shasum.sh
This repository is released under MIT License.