Supertanker is an experimental, unsupported, and definitely-not-for-production Docker container that combines Graylog, MongoDB, OpenSearch, Supervisor, and Ubuntu.
- Docker Desktop for Windows (Intel 64-bit CPU with AVX support, WSL 2 recommended)
- Docker Desktop for Mac (Apple Silicon or Intel)
- Docker for Linux (ARM 64-bit CPU or Intel 64-bit CPU with AVX support)
- requires
vm.max_map_count=262144
- to check value:
sudo sysctl vm.max_map_count
- if not set, add
vm.max_map_count=262144
to/etc/sysctl.conf
- requires
Recommended when you just wanna run Graylog with the fewest possible steps.
Start container as daemon with default (insecure) settings:
docker run -d --name supertanker -v supertanker:/data -e GRAYLOG_DATANODE_INSECURE_STARTUP="true" -e GRAYLOG_DATANODE_PASSWORD_SECRET="somepasswordpeppersomepasswordpeppersomepasswordpeppersomepasswordpepper" -e GRAYLOG_HTTP_EXTERNAL_URI="http://localhost:9000/" -e GRAYLOG_PASSWORD_SECRET="somepasswordpeppersomepasswordpeppersomepasswordpeppersomepasswordpepper" -e GRAYLOG_ROOT_PASSWORD_SHA2="8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918" -e TZ=UTC -p 5044:5044/tcp -p 5140:5140/tcp -p 5140:5140/udp -p 9000:9000/tcp -p 12201:12201/tcp -p 12201:12201/udp -p 13301:13301/tcp -p 13302:13302/tcp robfromboulder/supertanker:6.1.3a
👆 Every configuration option for Graylog server can be set through
environment variable parameters passed to docker run
. This makes it
easy to try out SMTP alerting and other configurations without connecting a bash shell or editing files on the container. Each environment variable
should be formatted as -e GRAYLOG_[name]="[value]"
where name
is in upper case.
Wait a few moments before logging into http://localhost:9000 as user admin
with password admin
🎉
Stop container but keep all data:
docker stop supertanker
👆 Use docker start supertanker
when you're ready to resume.
Permanently remove container and all stored data:
docker stop supertanker; docker rm supertanker; docker volume rm supertanker
Recommended when using Supertanker as a component in a larger Compose application.
Create my_supertanker_app.yml
like this:
services:
supertanker:
container_name: supertanker
image: "robfromboulder/supertanker:6.1.3a"
environment:
GRAYLOG_DATANODE_INSECURE_STARTUP: "true"
GRAYLOG_DATANODE_PASSWORD_SECRET: "somepasswordpeppersomepasswordpeppersomepasswordpeppersomepasswordpepper"
GRAYLOG_HTTP_EXTERNAL_URI: "http://localhost:9000/"
GRAYLOG_PASSWORD_SECRET: "somepasswordpeppersomepasswordpeppersomepasswordpeppersomepasswordpepper"
GRAYLOG_ROOT_PASSWORD_SHA2: "8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918"
TZ: UTC
ports:
- "9000:9000/tcp"
- "5044:5044/tcp"
- "5140:5140/tcp"
- "5140:5140/udp"
- "12201:12201/tcp"
- "12201:12201/udp"
- "13301:13301/tcp"
- "13302:13302/tcp"
volumes:
- supertanker:/data
volumes:
supertanker:
driver: local
👆 Every configuration option for Graylog server can be set through environment
variables. This makes it easy to try out SMTP alerting and other configurations without connecting a bash shell or editing files on the container.
Each environment variable should be formatted on its own line as GRAYLOG_[name]: "[value]"
where name
is in upper case.
docker compose -f my_supertanker_app.yml up --detach
Wait a few moments before logging into http://localhost:9000 as user admin
with password admin
🎉
Stop containers but keep volumes:
docker compose -f my_supertanker_app.yml down
Permanently remove containers and volumes:
docker compose -f my_supertanker_app.yml down --remove-orphans --volumes
In Graylog, go to System/Inputs and add "GELF TCP" input with default settings.
In a terminal, submit a test message:
echo -n '{ "version": "1.1", "host": "supertanker.example.org", "short_message": "A short message", "level": 5, "_some_info": "foo" }' | nc -w0 -v localhost 12201
👆 Output should be Connection to localhost port 12201 [tcp/*] succeeded!
In Graylog, go to Search and verify the test message was captured. 🎉🎉🎉
This container is not a walled garden, so explore and make changes as you like! 💪
Your bash shell will run as the runtime
user by default, which does not have root permissions. Basic commands like nano
and less
and grep
will work,
but admin commands like sudo
and su
and apt
will not.
The Graylog, MongoDB and OpenSearch processes running inside the container are controlled by supervisor, which is a Docker recommended solution for running tightly-coupled services in a container.
# access container as runtime user
docker exec -it supertanker bash
# view running processes
supervisorctl status
# start and stop processes
supervisorctl restart all
supervisorctl stop all
supervisorctl start all
supervisorctl stop graylog
supervisorctl start graylog
# view process logs
ls -hl
# quit the shell
exit