Here is the quickest way to deploy a development version of the Graylog instance locally on your desktop machine.
Prerequisites
Depending on your environment, you will have to install Docker
Once installed, run these commands and you will have a fully working graylog running locally at http://127.0.0.1:9000/
Default username/password is admin/admin
docker run --restart always --name mongo -d mongo:3
docker run --restart always --name elasticsearch \
-e "http.host=0.0.0.0" \
-e "ES_JAVA_OPTS=-Xms512m -Xmx512m" \
-d docker.elastic.co/elasticsearch/elasticsearch-oss:6.8.5
docker run --restart always --name graylog --link mongo --link elasticsearch \
-p 9000:9000 -p 12201:12201 \
-e GRAYLOG_HTTP_EXTERNAL_URI="http://127.0.0.1:9000/" \
-d graylog/graylog:3.3
Expose additional ports
By default, port 12201 is exposed. If you are working on a PHP or .NET project locally, you will have to add an INPUT from the graylog interface for this port.
If your INPUT is listening on a UDP port, change it to -p 12201:12201/udp
docker run --name graylog --link mongo --link elasticsearch \
-p 9000:9000 -p 12201:12201/udp \
-e GRAYLOG_HTTP_EXTERNAL_URI="http://127.0.0.1:9000/" \
-d graylog/graylog:3.3
Notes:
- If you are on Windows and using Powershell, make sure to change “\” to “^” or simply remove it and make it a single line.
- Data loss – If you remove the mongodb or elasticsearch container, your data is lost. So do not use this in production. This is only good for development