Automatically create UDP input for Graylog2 server running in Docker?

Use a auto-loaded content pack in a newly created docker container.

Dockerfile (since Graylog 3.2 - thanks to T. van den Berg):

FROM graylog2/server:latestCOPY udp-input-graylog.json /usr/share/graylog/data/contentpacksENV GRAYLOG_CONTENT_PACKS_AUTO_INSTALL udp-input-graylog.jsonENV GRAYLOG_CONTENT_PACKS_LOADER_ENABLED trueENV GRAYLOG_CONTENT_PACKS_DIR data/contentpacks

Dockerfile (pre 3.0, seethis pull request ).:

FROM graylog2/server:latestCOPY udp-input-graylog.json /usr/share/graylog/data/contentpacksENV GRAYLOG_CONTENT_PACKS_AUTO_LOAD udp-input-graylog.jsonENV GRAYLOG_CONTENT_PACKS_LOADER_ENABLED trueENV GRAYLOG_CONTENT_PACKS_DIR data/contentpacks

udp-input-graylog.json:

{  "name":"UDP GELF input on 12201",  "description":"Adds a global UDP GELF input on port 12201",  "category":"Inputs",  "inputs":[    {      "title":"udp input",      "configuration":{        "override_source":null,        "recv_buffer_size":262144,        "bind_address":"0.0.0.0",        "port":12201,        "decompress_size_limit":8388608      },      "static_fields":{},      "type":"org.graylog2.inputs.gelf.udp.GELFUDPInput",      "global":true,      "extractors":[]    }  ],  "streams":[],  "outputs":[],  "dashboards":[],  "grok_patterns":[]}

Steps to create multiple inputs using a contentpack:

• Write them into a file with json format (e.g.)

  {"id" : null, "name":" Inputs", "description":"Contentpack that adds global inputs", "category":"Inputs", "inputs":[  {  "title":"udp input",  "configuration":{    "override_source":null,    "recv_buffer_size":262144,    "bind_address":"0.0.0.0",    "port":12201,    "decompress_size_limit":8388608  },  "static_fields":{},  "type":"org.graylog2.inputs.gelf.udp.GELFUDPInput",  "global":true,  "extractors":[]  },  {  "title":"tcp input",  "configuration":{    "override_source":null,    "recv_buffer_size":262144,    "bind_address":"0.0.0.0",    "port":12202,    "decompress_size_limit":8388608  },  "static_fields":{},  "type":"org.graylog2.inputs.gelf.tcp.GELFTCPInput",  "global":true,  "extractors":[]  }]}  

• copy the contentpack to the contentpacks directory in graylog using ansible

    - name: create graylog inputs for receiving logs    shell: cp .templates/inputs.json /usr/share/graylog-server/contentpacks/inputs.json

• Set contentpacks autoload to True in graylog.conf or via ansible

    graylog_content_packs_loader_enabled: true

• Set contentpacks autoload to load inputs.json (e.g. via ansible)

    graylog_content_packs_auto_load: inputs.json

Hope this helps!

I use ansible for starting and preparing graylog2 in containers. And I just create global udp input via calling graylog2 rest api (after graylog2 auto configuration has been finished):

- name: create graylog global udp input for receiving logs  uri:    url: http://{{ ipv4_address }}:9000/api/system/inputs    method: POST    user: "{{ graylog_admin }}"    password: "{{ graylog_pwd }}"    body: '{"title":"xxx global input","type":"org.graylog2.inputs.gelf.udp.GELFUDPInput","configuration":{"bind_address":"0.0.0.0","port":12201,"recv_buffer_size":262144,"override_source":null,"decompress_size_limit":8388608},"global":true}'    force_basic_auth: yes    status_code: 201    body_format: json

[ansible] [docker] [graylog2]