Graylog
Logging for Legacy Applications with JDE
Summary
Architecture Overview for JDE and Graylog Integration
graph TD;
subgraph JDE Servers
S1[Enterprise Server] -->|Log Generation| A1[Enterprise Log Folder]
S2[Web Server] -->|Log Generation| A2[Web Log Folder]
S3[BSSV Server] -->|Log Generation| A3[BSSV Log Folder]
S4[AIS Server] -->|Log Generation| A4[AIS Log Folder]
S5[Database Server] -->|Log Generation| A5[Database Log Folder]
end
A1 -->|Ingest Logs| B1[Log Forwarder/Agent] -->|Send Logs| B
A2 -->|Ingest Logs| B1
A3 -->|Ingest Logs| B1
A4 -->|Ingest Logs| B1
A5 -->|Ingest Logs| B1
subgraph
B[Graylog]
B --> B2[Log Indexing]
B2 --> B3[Log Search & Alerts]
endGraylog Server Installations
Graylog Server Installation Steps
https://github.com/jdedev/tophomelab/tree/main/docker/graylog
networks:
graynet:
driver: bridge
services:
# Graylog stores configuration in MongoDB
mongo:
image: mongo:6.0.5-jammy
container_name: mongodb
volumes:
- "./mongo/mongo_data:/data/db"
networks:
- graynet
restart: unless-stopped
# The logs themselves are stored in Opensearch
opensearch:
image: opensearchproject/opensearch:2
container_name: opensearch
environment:
- "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
- "bootstrap.memory_lock=true"
- "discovery.type=single-node"
- "action.auto_create_index=false"
- "plugins.security.ssl.http.enabled=false"
- "plugins.security.disabled=true"
- "OPENSEARCH_INITIAL_ADMIN_PASSWORD=SetPassw0rdL3ttersAndNumb3r5"
volumes:
- "./opensearch:/usr/share/opensearch/data"
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536
hard: 65536
ports:
- 9200:9200/tcp
networks:
- graynet
restart: unless-stopped
graylog:
image: graylog/graylog:6.1
container_name: graylog
environment:
# CHANGE ME (must be at least 16 characters)!
GRAYLOG_PASSWORD_SECRET: ${GRAYLOG_PASSWORD_SECRET}
# Password: admin
GRAYLOG_ROOT_PASSWORD_SHA2: ${GRAYLOG_ROOT_PASSWORD_SHA2}
GRAYLOG_HTTP_BIND_ADDRESS: "0.0.0.0:9000"
GRAYLOG_HTTP_EXTERNAL_URI: "http://localhost:9000/"
GRAYLOG_ELASTICSEARCH_HOSTS: "http://opensearch:9200"
GRAYLOG_MONGODB_URI: "mongodb://mongodb:27017/graylog"
GRAYLOG_TIMEZONE: "America/Detroit"
TZ: "America/Detroit"
GRAYLOG_TRANSPORT_EMAIL_PROTOCOL: "smtp"
GRAYLOG_TRANSPORT_EMAIL_WEB_INTERFACE_URL: "http://192.168.3.233:9000/"
GRAYLOG_TRANSPORT_EMAIL_HOSTNAME: "outbound.mailhop.org"
GRAYLOG_TRANSPORT_EMAIL_ENABLED: "true"
GRAYLOG_TRANSPORT_EMAIL_PORT: "587"
GRAYLOG_TRANSPORT_EMAIL_USE_AUTH: "true"
GRAYLOG_TRANSPORT_EMAIL_AUTH_USERNAME: "xxxxx"
GRAYLOG_TRANSPORT_EMAIL_AUTH_PASSWORD: "xxxxx"
GRAYLOG_TRANSPORT_EMAIL_USE_TLS: "true"
GRAYLOG_TRANSPORT_EMAIL_USE_SSL: "false"
GRAYLOG_TRANSPORT_FROM_EMAIL: "[email protected]"
GRAYLOG_TRANSPORT_SUBJECT_PREFIX: "[graylog]"
entrypoint: /usr/bin/tini -- wait-for-it opensearch:9200 -- /docker-entrypoint.sh
volumes:
- "./graylog.conf:/usr/share/graylog/data/config/graylog.conf"
- "./graylog/data:/usr/share/graylog/data"
networks:
- graynet
restart: always
depends_on:
opensearch:
condition: "service_started"
mongo:
condition: "service_started"
ports:
- 9000:9000/tcp # Graylog web interface and REST API
- 1514:1514/tcp # Syslog
- 1514:1514/udp # Syslog
- 12201:12201/tcp # GELF
- 12201:12201/udp # GELF