Setup graylog locally on Windows/Linux/Mac

Here is the quickest way to deploy a development version of the Graylog instance locally on your desktop machine.


Depending on your environment, you will have to install Docker

Once installed, run these commands and you will have a fully working graylog running locally at

Default username/password is admin/admin

docker run --restart always --name mongo -d mongo:3

docker run --restart always --name elasticsearch \
    -e "" \
    -e "ES_JAVA_OPTS=-Xms512m -Xmx512m" \

docker run --restart always --name graylog --link mongo --link elasticsearch \
    -p 9000:9000 -p 12201:12201 \
    -d graylog/graylog:3.3

Expose additional ports

By default, port 12201 is exposed. If you are working on a PHP or .NET project locally, you will have to add an INPUT from the graylog interface for this port.

If your INPUT is listening on a UDP port, change it to -p 12201:12201/udp

docker run --name graylog --link mongo --link elasticsearch \
    -p 9000:9000 -p 12201:12201/udp \
    -d graylog/graylog:3.3


  • If you are on Windows and using Powershell, make sure to change “\” to “^” or simply remove it and make it a single line.
  • Data loss – If you remove the mongodb or elasticsearch container, your data is lost. So do not use this in production. This is only good for development

2 thoughts on “Setup graylog locally on Windows/Linux/Mac

Leave a Reply

Your email address will not be published.