podman-graylog-mongodb-elasticsearch

1. #create all folders
2. mkdir -p /mnt/graylog/mongodb_data
3. mkdir -p /mnt/graylog/elasticsearch_data
4.  
5.  
6. #important IDs that inside container will be used outside.
7. chown 999:root /mnt/graylog/mongodb_data
8. chown 1000:root /mnt/graylog/elasticsearch_data
9.  
10.  
11. #create mongodb container. not put any password. can later after setup. but not need.
12. podman run -d --name mongodb -p 27017:27017 --restart=always \
13.         -v /mnt/graylog/mongodb_data:/data/db \
14.         -e MONGO_INITDB_ROOT_USERNAME= \
15.         -e MONGO_INITDB_ROOT_PASSWORD= \
16.         docker.io/mongo:5.0.13
17.  
18.  
19. #generate random password
20. pwgen -N 1 -s 96
21.  
22.  
23. #login to mongodb for create users
24. podman exec -it mongodb mongosh
25.  
26.  
27. #create an root user with all permissions in mongodb
28. use admin
29. db.createUser({
30.   user: "admin",
31.   pwd: "YOURPWGENPASSWORD",
32.   roles: ["root"]
33. })
34.  
35.  
36. #already have all permissions. just test for login
37. use admin
38. db.auth("admin", "YOURPWGENPASSWORD")
39.  
40.  
41. #create database graylog and user
42. use graylog
43. db.createUser({
44.     user: "graylog",
45.     pwd: "ANOTHERPASSWORD",
46.     roles: [ { role: "readWrite", db: "graylog" }]
47. })
48.  
49.  
50. #create elasticsearch container
51. podman run -d --name elasticsearch -p 9200:9200 --restart=always \
52.         -e http.host=0.0.0.0 \
53.         -e transport.host=localhost \
54.         -e network.host=0.0.0.0 \
55.         -e ES_JAVA_OPTS="-Dlog4j2.formatMsgNoLookups=true -Xms512m -Xmx512m" \
56.         -v /mnt/graylog/elasticsearch_data:/usr/share/elasticsearch/data \
57.         docker.elastic.co/elasticsearch/elasticsearch:7.10.2
58.  
59.  
60. #put YOURPWGENPASSWORD here
61. echo -n "Enter Password: " && head -1 < /dev/stdin | tr -d '\n' | sha256sum | cut -d " " -f1
62.  
63.  
64. #create the graylog container
65. podman run -d --name graylog --restart=always \
66.   -p 9000:9000 -p 12201:12201/udp -p 1514:1514/udp -p 1514:1514 \
67.   -e GRAYLOG_PASSWORD_SECRET=YOURPWGENPASSWORD \
68.   -e GRAYLOG_ROOT_PASSWORD_SHA2=CRYPTED_YOURPWGENPASSWORD \
69.   -e GRAYLOG_HTTP_EXTERNAL_URI=http://SERVERIP:9000/ \
70.   -e GRAYLOG_WEB_ENDPOINT_URI="http://SERVERIP:9000/api" \
71.   -e GRAYLOG_MONGODB_URI="mongodb://graylog:ANOTHERPASSWORD@SERVERIP:27017/graylog" \
72.   -e GRAYLOG_ELASTICSEARCH_HOSTS="http://SERVERIP:9200" \
73.   -v graylog_data:/usr/share/graylog/data \
74.   docker.io/graylog/graylog:5.1
75.  
76.  
77. #that put in your clients in rsyslog config for send logs to your server
78. echo "*.*@10.0.3.3:1514;RSYSLOG_SyslogProtocol23Format" > /etc/rsyslog.d/graylog.conf
79. systemctl restart rsyslog
80.  
81.  
82.  
83. #INFO
84. #graylog config files are in "/var/lib/containers/storage/volumes"
85. #check login status inside mongodb "db.runCommand({ connectionStatus: 1 })"
86. #get users inside mongodb "db.getUsers()"
87. #delete some user in mongodb "db.dropUser("username")"
88. #connect to mongodb from external tool "mongosh --host DBSERVER --authenticationDatabase admin -u admin"
89.  
90.  
91.