Setup graylog locally on Windows/Linux/Mac

Here is the quickest way to deploy a development version of the Graylog instance locally on your desktop machine.

Prerequisites

Depending on your environment, you will have to install Docker

Once installed, run these commands and you will have a fully working graylog running locally at http://127.0.0.1:9000/

Default username/password is admin/admin


docker run --restart always --name mongo -d mongo:3

docker run --restart always --name elasticsearch \
    -e "http.host=0.0.0.0" \
    -e "ES_JAVA_OPTS=-Xms512m -Xmx512m" \
    -d docker.elastic.co/elasticsearch/elasticsearch-oss:6.8.5

docker run --restart always --name graylog --link mongo --link elasticsearch \
    -p 9000:9000 -p 12201:12201 \
    -e GRAYLOG_HTTP_EXTERNAL_URI="http://127.0.0.1:9000/" \
    -d graylog/graylog:3.3

Expose additional ports

By default, port 12201 is exposed. If you are working on a PHP or .NET project locally, you will have to add an INPUT from the graylog interface for this port.

If your INPUT is listening on a UDP port, change it to -p 12201:12201/udp

docker run --name graylog --link mongo --link elasticsearch \
    -p 9000:9000 -p 12201:12201/udp \
    -e GRAYLOG_HTTP_EXTERNAL_URI="http://127.0.0.1:9000/" \
    -d graylog/graylog:3.3

Notes:

  • If you are on Windows and using Powershell, make sure to change “\” to “^” or simply remove it and make it a single line.
  • Data loss – If you remove the mongodb or elasticsearch container, your data is lost. So do not use this in production. This is only good for development

Leave a Reply

Your email address will not be published. Required fields are marked *