{"id":14984418,"url":"https://github.com/ansibleguy/sw_graylog","last_synced_at":"2025-03-16T19:17:26.555Z","repository":{"id":239830302,"uuid":"800542442","full_name":"ansibleguy/sw_graylog","owner":"ansibleguy","description":"Ansible Role to provision dockerized Graylog-Server","archived":false,"fork":false,"pushed_at":"2024-10-23T20:16:59.000Z","size":75,"stargazers_count":0,"open_issues_count":2,"forks_count":0,"subscribers_count":1,"default_branch":"latest","last_synced_at":"2024-10-24T07:48:23.707Z","etag":null,"topics":["ansible","ansible-role","graylog-server","graylog2","iac","infrastructure-as-code","log-analysis","logging","security"],"latest_commit_sha":null,"homepage":"","language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ansibleguy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"ko_fi":"ansible0guy","github":"ansibleguy"}},"created_at":"2024-05-14T14:31:49.000Z","updated_at":"2024-10-23T20:17:02.000Z","dependencies_parsed_at":"2024-07-07T20:45:25.605Z","dependency_job_id":"dd3ce757-4daa-43ad-8fa9-c82418e60efa","html_url":"https://github.com/ansibleguy/sw_graylog","commit_stats":{"total_commits":14,"total_committers":1,"mean_commits":14.0,"dds":0.0,"last_synced_commit":"02fb60eff254d2b4015685a1e54ae0c4815b861f"},"previous_names":["ansibleguy/sw_graylog"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansibleguy%2Fsw_graylog","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansibleguy%2Fsw_graylog/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansibleguy%2Fsw_graylog/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansibleguy%2Fsw_graylog/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ansibleguy","download_url":"https://codeload.github.com/ansibleguy/sw_graylog/tar.gz/refs/heads/latest","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243918629,"owners_count":20368745,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","ansible-role","graylog-server","graylog2","iac","infrastructure-as-code","log-analysis","logging","security"],"created_at":"2024-09-24T14:09:00.699Z","updated_at":"2025-03-16T19:17:26.549Z","avatar_url":"https://github.com/ansibleguy.png","language":"Jinja","funding_links":["https://ko-fi.com/ansible0guy","https://github.com/sponsors/ansibleguy"],"categories":[],"sub_categories":[],"readme":"\u003ca href=\"https://graylog.org/products/source-available/\"\u003e\n\u003cimg src=\"https://graylog.org/wp-content/uploads/2022/07/GrayLog_Logo_color.png\" alt=\"Graylog Server Logo\" width=\"500\"/\u003e\n\u003c/a\u003e\n\n# Ansible Role - Graylog-Server dockerized\n\nRole to deploy dockerized Graylog-Server on a linux server\n\n[![Lint](https://github.com/ansibleguy/sw_graylog/actions/workflows/lint.yml/badge.svg)](https://github.com/ansibleguy/sw_graylog/actions/workflows/lint.yml)\n[![Ansible Galaxy](https://badges.ansibleguy.net/galaxy.badge.svg)](https://galaxy.ansible.com/ui/standalone/roles/ansibleguy/sw_graylog)\n\n**Molecule Integration-Tests**:\n\n* Status: [![Molecule Test Status](https://badges.ansibleguy.net/sw_graylog.molecule.svg)](https://github.com/ansibleguy/_meta_cicd/blob/latest/templates/usr/local/bin/cicd/molecule.sh.j2) |\n[![Functional-Tests](https://github.com/ansibleguy/sw_graylog/actions/workflows/integration_test_result.yml/badge.svg)](https://github.com/ansibleguy/sw_graylog/actions/workflows/integration_test_result.yml)\n* Logs: [API](https://ci.ansibleguy.net/api/job/ansible-test-molecule-sw_graylog/logs?token=2b7bba30-9a37-4b57-be8a-99e23016ce70\u0026lines=1000) | [Short](https://badges.ansibleguy.net/log/molecule_sw_graylog_test_short.log) | [Full](https://badges.ansibleguy.net/log/molecule_sw_graylog_test.log)\n\nInternal CI: [Tester Role](https://github.com/ansibleguy/_meta_cicd) | [Jobs API](https://github.com/O-X-L/github-self-hosted-jobs-systemd)\n\n**Tested:**\n* Debian 12\n\n----\n\n## Install\n\n```bash\n# latest\nansible-galaxy role install git+https://github.com/ansibleguy/sw_graylog\n\n# from galaxy\nansible-galaxy install ansibleguy.sw_graylog\n\n# or to custom role-path\nansible-galaxy install ansibleguy.sw_graylog --roles-path ./roles\n\n# install dependencies\nansible-galaxy install -r requirements.yml\n```\n\n----\n\n## Roadmap\n\n* GeoIP download and mapping for [easy integration](https://graylog.org/post/how-to-set-up-graylog-geoip-configuration/)\n\n----\n\n## Usage\n\n### Config\n\nMinimal example:\n\n```yaml\ngraylog:\n  domain: 'log.template.ansibleguy.net'\n  secret: !vault |\n    ...\n  pwd:\n    graylog: !vault |  # admin\n      ...\n    opensearch: !vault |  # admin\n      ...\n```\n\nUpdate as needed:\n\n```yaml\ngraylog:\n  domain: 'log.template.ansibleguy.net'\n  aliases: ['syslog.template.ansibleguy.net']\n  secret: !vault |\n    ...\n  pwd:\n    graylog: !vault |  # admin\n      ...\n    opensearch: !vault |  # admin\n      ...  \n\n  manage:\n    webserver: true  # you could disable the role-managed nginx if you want to self-manage it\n\n  docker_nftables: true  # self-manage firewall; clear docker auto-created rules\n  \n  settings:  # graylog config file settings; see: https://github.com/Graylog2/graylog2-server/blob/6.0.0/misc/graylog.conf\n    inputbuffer_processors: 5\n    processbuffer_processors: 5\n    outputbuffer_processors: 3\n\n  opensearch:\n    ram: '10g'\n\n  backup:  # WARNING: high disk usage\n    enable: true\n    retention_days: 14\n\n  auto_update:  # auto update containers to latest minor release\n    enable: true\n```\n\nYou might want to use 'ansible-vault' to encrypt your passwords:\n```bash\nansible-vault encrypt_string\n```\n\n### Execution\n\nRun the playbook:\n```bash\nansible-playbook -K -D -i inventory/hosts.yml playbook.yml\n```\n\nThere are also some useful **tags** available:\n* config\n* install\n* docker\n* webserver\n* backup\n\nTo debug errors - you can set the 'debug' variable at runtime:\n```bash\nansible-playbook -K -D -i inventory/hosts.yml playbook.yml -e debug=yes\n```\n\n----\n\n## Functionality\n\n* **Package installation**\n  * Ansible dependencies (_minimal_)\n  * Docker server and client\n  * Nginx if webserver is managed\n\n\n* **Configuration**\n\n  * **Default config**:\n    * Syslog Listeners on 5140 (TCP/UDP)\n    * GELF Listeners on 12201 (TCP/UDP)\n    * 4GB of RAM for OpenSearch\n    * [Disk watermark for OpenSearch](https://opensearch.org/docs/2.2/api-reference/cluster-api/cluster-settings/) set to 99%\n    * 1GB max size of message journal cache\n \n\n  * **Default opt-ins**:\n    * Auto-Update Job\n    * Managing Webserver =\u003e see: [THIS Role](https://github.com/ansibleguy/infra_nginx)\n\n\n  * **Default opt-outs**:\n    * Backup Job (*high storage usage*)\n\n## Info\n\n* **Note:** For more background-info - see: [OXL - Graylog Logserver](https://github.com/O-X-L/logserver-graylog)\n\n\n* **Note:** this role currently only supports debian-based systems\n\n\n* **Note:** Most of the role's functionality can be opted in or out.\n\n  For all available options - see the default-config located in [the main defaults-file](https://github.com/ansibleguy/sw_graylog/blob/latest/defaults/main/1_main.yml)!\n\n\n* **Warning:** Not every setting/variable you provide will be checked for validity. Bad config might break the role!\n\n\n* **Note:** The Graylog `secret` has to be at least 16 characters long!\n\n\n* **Note:** The OpenSearch admin password has to meet some complexity criteria:\n\n  * minimum length of 8 characters\n  * at least one lowercase character\n  * at least one uppercase character\n  * at least one digit\n  * at least one special character\n\n\n* **Tip**: You can use the Bash-Alias `log-pki` to create and revoke client-certificates.\n\n  **Create**: `log-pki build-client-full \u003cNAME\u003e nopass`\n\n    Find it in: `/var/local/lib/log-pki/issued` and `/var/local/lib/log-pki/private`\n\n  **Revoke**: `log-pki revoke \u003cNAME\u003e`\n\n\n* **Note**: You can enable TLS for your Log-Inputs using the auto-generated server-certificate: (*path inside the container*)\n\n  CA: `/usr/share/graylog/data/ssl/ca.crt`\n  Public: `/usr/share/graylog/data/ssl/logserver.crt`\n  Private: `/usr/share/graylog/data/ssl/logserver.key`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fansibleguy%2Fsw_graylog","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fansibleguy%2Fsw_graylog","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fansibleguy%2Fsw_graylog/lists"}