We're running a Graylog2 server in a Docker container in our development environment. It works like a charm apart from the fact that we have to re-create the UDP input every time we launch the container.
Has anyone figured out a convenient way to automatically create Graylog2 inputs?
Use a auto-loaded content pack in a newly created docker container.
Dockerfile (since Graylog 3.2 - thanks to T. van den Berg):
FROM graylog2/server:latest
COPY udp-input-graylog.json /usr/share/graylog/data/contentpacks
ENV GRAYLOG_CONTENT_PACKS_AUTO_INSTALL udp-input-graylog.json
ENV GRAYLOG_CONTENT_PACKS_LOADER_ENABLED true
ENV GRAYLOG_CONTENT_PACKS_DIR data/contentpacks
Dockerfile (pre 3.0, see this pull request ). :
FROM graylog2/server:latest
COPY udp-input-graylog.json /usr/share/graylog/data/contentpacks
ENV GRAYLOG_CONTENT_PACKS_AUTO_LOAD udp-input-graylog.json
ENV GRAYLOG_CONTENT_PACKS_LOADER_ENABLED true
ENV GRAYLOG_CONTENT_PACKS_DIR data/contentpacks
udp-input-graylog.json (Pre 3.0):
{
"name":"UDP GELF input on 12201",
"description":"Adds a global UDP GELF input on port 12201",
"category":"Inputs",
"inputs":[
{
"title":"udp input",
"configuration":{
"override_source":null,
"recv_buffer_size":262144,
"bind_address":"0.0.0.0",
"port":12201,
"decompress_size_limit":8388608
},
"static_fields":{},
"type":"org.graylog2.inputs.gelf.udp.GELFUDPInput",
"global":true,
"extractors":[]
}
],
"streams":[],
"outputs":[],
"dashboards":[],
"grok_patterns":[]
}
To get a contentpack json compatible with 3.0, just create the input via the GUI and then create and download the contentpack via the GUI as well.