Introduction

Graylog is an open-source log management tool that allows you to centralize and analyze logs from different sources. This guide will walk you through the steps to install Graylog on a Windows VPS using Docker.

Prerequisites

• A Windows VPS with administrative access.
• Windows Docker installed. If not, you can download it from the Docker Hub.
• A network port (default is 9000) open for Graylog.
• Basic knowledge of Docker commands.

Step 1: Install Docker on Windows

If you haven’t installed Docker yet, download and install Docker Desktop from the link provided in the prerequisites. Follow the installation instructions provided on Docker’s website.

Step 2: Enable WSL 2 Backend

During the Docker installation, make sure to enable the WSL 2 feature. You can also follow the instructions provided here to install WSL manually.

Step 3: Install Docker Compose

Once Docker is installed, open a command prompt and update Docker Compose:

docker-compose --version

Step 4: Create a Graylog Directory

Create a directory for your Graylog installation where you will store the configuration files:

mkdir C:\graylog
cd C:\graylog

Step 5: Set Up Docker Compose File

Create a new file named docker-compose.yml in the Graylog directory using a text editor (e.g., Notepad):

Notepad docker-compose.yml

Then add the following configuration:

version: '3'

services:
  mongodb:
    image: mongo:4.2
    volumes:
      - mongo_data:/data/db
    restart: always

  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.10.1
    environment:
      - discovery.type=single-node
      - ES_JAVA_OPTS=-Xmx512m -Xms512m
    volumes:
      - es_data:/usr/share/elasticsearch/data
    restart: always

  graylog:
    image: graylog/graylog:4.0
    environment:
      - GRAYLOG_PASSWORD_SECRET=somepasswordpepper
      - GRAYLOG_ROOT_PASSWORD_SHA2=yourrootpasswordhash
      - GRAYLOG_HTTP_EXTERNAL_URI=http://your.server.ip:9000/
    volumes:
      - graylog_journal:/usr/share/graylog/data/journal
    ports:
      - "9000:9000"
    restart: always

volumes:
  mongo_data:
  es_data:
  graylog_journal:

Note:

Replace your.server.ip with your server’s public IP address. Generate a password hash using the following command in PowerShell or any Unix-like environment:

echo -n "yourrootpassword" | shasum -a 256

Replace yourrootpassword with the password you want to use for the Graylog admin user.

Step 6: Start Graylog with Docker Compose

Navigate to the Graylog directory and run Docker Compose to start Graylog:

cd C:\graylog
docker-compose up -d

Step 7: Access Graylog

After the containers are up and running, you can access the Graylog web interface by navigating to http://your.server.ip:9000/ in your web browser. Login with:

• Username: admin
• Password: yourrootpassword

Step 8: Configure Firewall (if necessary)

If you have a firewall running on your Windows VPS, ensure that port 9000 is allowed to accept incoming connections:

netsh advfirewall firewall add rule name="Graylog" protocol=TCP dir=in localport=9000 action=allow

Conclusion

You have successfully installed Graylog on a Windows VPS using Docker! You can now start collecting and analyzing logs through the Graylog interface.

Resources

• Graylog Official Website
• Graylog Installation Guide
• Docker Documentation