Introduction
Graylog is an open-source log management tool that allows you to centralize and analyze logs from different sources. This guide will walk you through the steps to install Graylog on a Windows VPS using Docker.
Prerequisites
- A Windows VPS with administrative access.
- Windows Docker installed. If not, you can download it from the Docker Hub.
- A network port (default is 9000) open for Graylog.
- Basic knowledge of Docker commands.
Step 1: Install Docker on Windows
If you haven't installed Docker yet, download and install Docker Desktop from the link provided in the prerequisites. Follow the installation instructions provided on Docker's website.
Step 2: Enable WSL 2 Backend
During the Docker installation, make sure to enable the WSL 2 feature. You can also follow the instructions provided here to install WSL manually.
Step 3: Install Docker Compose
Once Docker is installed, open a command prompt and update Docker Compose:
docker-compose --versionStep 4: Create a Graylog Directory
Create a directory for your Graylog installation where you will store the configuration files:
mkdir C:\graylog
cd C:\graylogStep 5: Set Up Docker Compose File
Create a new file named docker-compose.yml in the Graylog directory using a text editor (e.g., Notepad):
Notepad docker-compose.ymlThen add the following configuration:
version: '3'
services:
mongodb:
image: mongo:4.2
volumes:
- mongo_data:/data/db
restart: always
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.10.1
environment:
- discovery.type=single-node
- ES_JAVA_OPTS=-Xmx512m -Xms512m
volumes:
- es_data:/usr/share/elasticsearch/data
restart: always
graylog:
image: graylog/graylog:4.0
environment:
- GRAYLOG_PASSWORD_SECRET=somepasswordpepper
- GRAYLOG_ROOT_PASSWORD_SHA2=yourrootpasswordhash
- GRAYLOG_HTTP_EXTERNAL_URI=http://your.server.ip:9000/
volumes:
- graylog_journal:/usr/share/graylog/data/journal
ports:
- "9000:9000"
restart: always
volumes:
mongo_data:
es_data:
graylog_journal:Note:
Replace your.server.ip with your server's public IP address. Generate a password hash using the following command in PowerShell or any Unix-like environment:
echo -n "yourrootpassword" | shasum -a 256Replace yourrootpassword with the password you want to use for the Graylog admin user.
Step 6: Start Graylog with Docker Compose
Navigate to the Graylog directory and run Docker Compose to start Graylog:
cd C:\graylog
docker-compose up -dStep 7: Access Graylog
After the containers are up and running, you can access the Graylog web interface by navigating to http://your.server.ip:9000/ in your web browser. Login with:
- Username:
admin - Password:
yourrootpassword
Step 8: Configure Firewall (if necessary)
If you have a firewall running on your Windows VPS, ensure that port 9000 is allowed to accept incoming connections:
netsh advfirewall firewall add rule name="Graylog" protocol=TCP dir=in localport=9000 action=allowConclusion
You have successfully installed Graylog on a Windows VPS using Docker! You can now start collecting and analyzing logs through the Graylog interface.
