version: '3' networks: graynet: driver: bridge # This is how you persist data between container restarts volumes: mongo_data: driver: local driver_opts: type: none device: /mnt/docker_nas/graylog/mongo_data o: bind log_data: driver: local driver_opts: type: none device: /mnt/docker_nas/graylog/log_data o: bind graylog_data: driver: local driver_opts: type: none device: /mnt/docker_nas/graylog/graylog_data o: bind services: # Graylog stores configuration in MongoDB mongo: image: mongo:6.0.5-jammy container_name: mongodb volumes: - "mongo_data:/data/db" networks: - graynet restart: unless-stopped # The logs themselves are stored in Opensearch opensearch: image: opensearchproject/opensearch:2 container_name: opensearch environment: - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" - "bootstrap.memory_lock=true" - "discovery.type=single-node" - "action.auto_create_index=false" - "plugins.security.ssl.http.enabled=false" - "plugins.security.disabled=true" - OPENSEARCH_INITIAL_ADMIN_PASSWORD=$OPENSEARCH_INITIAL_ADMIN_PASSWORD volumes: - "log_data:/usr/share/opensearch/data" ulimits: memlock: soft: -1 hard: -1 nofile: soft: 65536 hard: 65536 ports: - 9200:9200/tcp networks: - graynet restart: unless-stopped graylog: image: graylog/graylog:6.0 container_name: graylog environment: # CHANGE ME (must be at least 16 characters)! - GRAYLOG_PASSWORD_SECRET=$GRAYLOG_PASSWORD_SECRET # Password: admin GRAYLOG_ROOT_PASSWORD_SHA2: "8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918" GRAYLOG_HTTP_BIND_ADDRESS: "0.0.0.0:9000" GRAYLOG_HTTP_EXTERNAL_URI: "http://localhost:9000/" GRAYLOG_ELASTICSEARCH_HOSTS: "http://opensearch:9200" GRAYLOG_MONGODB_URI: "mongodb://mongodb:27017/graylog" GRAYLOG_TIMEZONE: "Australia/Adelaide" TZ: "Australia/Adelaide" GRAYLOG_TRANSPORT_EMAIL_PROTOCOL: "smtp" #GRAYLOG_TRANSPORT_EMAIL_WEB_INTERFACE_URL: "http://192.168.3.233:9000/" GRAYLOG_TRANSPORT_EMAIL_WEB_INTERFACE_URL: "" GRAYLOG_TRANSPORT_EMAIL_HOSTNAME: "smtp.sendgrid.net" GRAYLOG_TRANSPORT_EMAIL_ENABLED: "true" GRAYLOG_TRANSPORT_EMAIL_PORT: "587" GRAYLOG_TRANSPORT_EMAIL_USE_AUTH: "true" - GRAYLOG_TRANSPORT_EMAIL_AUTH_USERNAME=$GRAYLOG_TRANSPORT_EMAIL_AUTH_USERNAME - GRAYLOG_TRANSPORT_EMAIL_AUTH_PASSWORD=$GRAYLOG_TRANSPORT_EMAIL_AUTH_PASSWORD GRAYLOG_TRANSPORT_EMAIL_USE_TLS: "true" GRAYLOG_TRANSPORT_EMAIL_USE_SSL: "false" - GRAYLOG_TRANSPORT_FROM_EMAIL=$GRAYLOG_TRANSPORT_FROM_EMAIL GRAYLOG_TRANSPORT_SUBJECT_PREFIX: "[graylog]" entrypoint: /usr/bin/tini -- wait-for-it opensearch:9200 -- /docker-entrypoint.sh volumes: - "${PWD}/config/graylog/graylog.conf:/usr/share/graylog/config/graylog.conf" - "graylog_data:/usr/share/graylog/data" networks: - graynet restart: always depends_on: opensearch: condition: "service_started" mongo: condition: "service_started" ports: - 5000:9000/tcp # Graylog web interface and REST API - 1510:1514/tcp # Active Directory - 1510:1514/udp # Active Directory - 1511:1514/tcp # Windows - 1511:1514/udp # Windows - 1514:1514/tcp # Syslog - 1514:1514/udp # Syslog - 1515:1514/udp # pfSense - 1515:1514/tcp # pfSense - 1516:1514/tcp # switch - 1516:1514/udp # switch - 1517:1514/tcp # modem - 1517:1514/udp # modem - 1520:1514/tcp # pve - 1520:1514/udp # pve - 1530:1514/tcp # NAS - 1530:1514/udp # NAS - 12201:12201/tcp # GELF - 12201:12201/udp # GELF