graylog 5.0 发布了

graylog 5.0 最近ga 发布了，包含了不少新特性（ui 变化，新参考文档）

参考运行

• docker-compose 文件

version: '3'

services:

  mongo:

    image: mongo:5.0.13

    ports:

      - 27017:27017

    networks:

      - graylog

  elasticsearch:

    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2

    environment:

      - http.host=0.0.0.0

      - transport.host=localhost

      - network.host=0.0.0.0

      - "ES_JAVA_OPTS=-Dlog4j2.formatMsgNoLookups=true -Xms512m -Xmx512m"

    ulimits:

      memlock:

        soft: -1

        hard: -1

    networks:

      - graylog

  graylog:

    image: graylog/graylog:5.0

    environment:

      # CHANGE ME (must be at least 16 characters)!

      - GRAYLOG_PASSWORD_SECRET=somepasswordpepper

      # Password: admin

      - GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918

      - GRAYLOG_HTTP_EXTERNAL_URI=http://127.0.0.1:9000/

    entrypoint: /usr/bin/tini -- wait-for-it elasticsearch:9200 -- /docker-entrypoint.sh

    networks:

      - graylog

    depends_on:

      - mongo

      - elasticsearch

    ports:

      # Graylog web interface and REST API

      - 9000:9000

      # Syslog TCP

      - 1514:1514

      # Syslog UDP

      - 1514:1514/udp

      # GELF TCP

      - 12201:12201

      # GELF UDP

      - 12201:12201/udp

networks:

  graylog:

    driver: bridge

• 效果

ui 是比以前颜色调整了

 

 

说明

目前5.0 已经废弃es 6 的支持，同时基于mongo支持5以及6了，但是最小版本是5，对于opensearch 支持2.0了，同时jdk 也调整为支持17了，注意如果升级需要注意依赖的版本问题，同时新版本变动的一些issue 也是值得看看的，可以了解一些配置变动，以及bug修复

参考资料

https://www.graylog.org/releases
https://go2docs.graylog.org/5-0/what_is_graylog/what_is_graylog.htm
https://www.graylog.org/post/graylog-5-0-a-new-day-for-it-secops/
https://opensearch.org/docs/latest/
https://go2docs.graylog.org/5-0/changelogs/changelog.html?tocpath=Changelogs%7C_____1