installation graylog on fargate

Photo by Volodymyr Hryshchenko on Unsplash

installation graylog on fargate

etc/graylog

Taegu Kang's photo
Taegu Kang
·

2 min read

  • outline

Installation Graylog OpenSource on ECS fargate.

  • requirement

ECS fargate
S3
OpenSearch
Atlas Mongo
ALB
NLB
ECR

  • ECS
multiple tg (NLB, ALB)
sg (tcp 9000, udp tcp 12201) from vpc internal
  • Dockerfile
FROM docker.io/graylog/graylog:4.2.5
EXPOSE 9000
EXPOSE 12201
USER root
RUN apt-get update && apt-get install wget -y
RUN wget https://github.com/graylog-labs/graylog-plugin-slack/releases/download/3.1.0/graylog-plugin-slack-3.1.0.jar
COPY graylog-plugin-slack-3.1.0.jar /usr/share/graylog-server/plugin
USER graylog
  • jdk option
-Djava.net.preferIPv4Stack=true
  • envfiles on s3
GRAYLOG_PASSWORD_SECRET=foobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobar
GRAYLOG_ROOT_PASSWORD_SHA2=foobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobar
GRAYLOG_BIND_ADDRESS=0.0.0.0:9000
GRAYLOG_HTTP_EXTERNAL_URI=https://graylog.foobar.com/
GRAYLOG_ROOT_TIMEZONE=UTC
GRAYLOG_MONGODB_URI=mongodb+srv://foobargrayloguser:206w0izzmuK9DfBM@graylog-mongo.tx0cq.mongodb.net/graylog?retryWrites=true&w=majority
GRAYLOG_ELASTICSEARCH_HOSTS=https://vpc-jocoosgraylog-foobarfoobarfoobar.america.es.amazonaws.com
GRAYLOG_ELASTICSEARCH_VERSION=7
  • GRAYLOG_PASSWORD_SECRET
$ sudo pwgen -N 1 -s 96
foobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobar
  • generate GRAYLOG_ROOT_PASSWORD_SHA2
$ echo -n "Enter Password: " && head -1 </dev/stdin | tr -d '\n' | sha256sum | cut -d" " -f1
Enter Password: *****
foobarfoobarfoobarfoobarfoobarfoobarfoobarfoobarfoobar
  • OpenSearch
sg 80 443
compatibility.override_main_response_version : true
domain url
  • NLB
internal
TPC_UDP 12201 to nlb-graylog-tg
Deregistration delay: [30 seconds]
Connection termination on deregistration: [Enabled]
Stickiness: [Enabled]
Proxy protocol v2: [Disabled]
Health checks: HTTP,/,9000,2,2,10,30,200
  • ALB
internet-facing
http:9000
SG any from 80, 443
rule 80 : to 443 // 443 : graylog.foobar.com to elb-graylog-tg
healthcheck HTTP,/,2,3,5,30,200
  • Atlas mongo
vpc peering
  • Graylog message tester
# UDP
for i in `seq 20`; do echo -n '{ "version": "1.1", "host": "example.org", "short_message": "A short message", "level": 5, "_some_info": "foo" }' | nc -w0.1 -u <graylog-input.example.com> 12201; done
# TCP
for i in `seq 20`; do echo -n '{ "version": "1.1", "host": "example.org", "short_message": "A short message", "level": 5, "_some_info": "foo" }' | nc -w0.1 <graylog-input.example.com> 12201; done
  • reference

https://jsonobject.tistory.com/610
jsonobject.tistory.com/391

graylogAWSDockerMongoDB Atlasaws-fargate