Skip to main content
Version: 1.0

Graylog Getting Started

Graylog is on a mission to make Log Management and SIEM easier, faster, more affordable, and more effective.

If you have installed Websoft9 Graylog, the following steps is for your quick start


  1. Get the Internet IP of your Server on Cloud
  2. Check your Inbound of Security Group Rule of Cloud Console to ensure the TCP:80 is allowed
  3. Complete Five steps for Domain if you want to use Domain for Graylog
  4. Get default username and password of Graylog

Graylog Initialization

Steps for you

  1. Using local Chrome or Firefox to visit the URL http://DNS or http://Server's Internet IP, you can see the login page of Graylog. login Graylog websoft9

  2. Input the login account and enter to Graylog Console(Don't have password?)

  3. if you want to bind domain for Graylog, refer to here

More useful Graylog guide, please refer to Configuring Graylog

Having trouble?

Below is for you to solve problem, and you can contact Websoft9 Support or refer to Troubleshoot + FAQ to get more.

Graylog QuickStart


Graylog Setup

Configure SMTP

  1. Get SMTP related parameters in the mailbox management console

  2. Refer to Official email setting by editing the email Graylog configuration file: /etc/graylog/server/server.conf

  3. Modify the items transport_email of Graylog configuration file

  4. Restart Graylog service

    sudo docker restart graylog

Reset Password

Try to reset your password if you can't use email to reset it:

  1. Use SSH tool to login Server, then run the below commands

    sha_password=$(echo -n $new_password | sha256sum | awk '{ print $1 }')
    sudo sed -i "s/8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918/$sha_password/g" /data/wwwroot/graylog/.env
  2. You new password is admin123@graylog now after docker-compose recreate

    cd /data/wwwroot/graylog && sudo docker-compose up -d

You can set the new_password to any string if you want

Configure Graylog

Every configuration option can be set via environment variables.. Simply prefix the parameter name with GRAYLOG_ and put it all in upper case.

For example, setting up the SMTP configuration for sending Graylog alert notifications via email, the docker-compose.yml would look like this:

version: '2'
image: "mongo:4.2"
# Other settings [...]
# Other settings [...]
image: graylog/graylog:4.2
# Other settings [...]

Reference sheet

The below items and General parameter sheet is maybe useful for you manage Graylog

Run docker ps command, view all Containers when Graylog is running:

CONTAINER ID   IMAGE                                                  COMMAND                  CREATED              STATUS                        PORTS                                                                                                                                                                                                                           NAMES
aba3f411351a websoft9dev/mongocompass:v1.31 "/dockerstartup/kasm…" 39 seconds ago Up 37 seconds 4901/tcp, 5901/tcp,>6901/tcp, :::9091->6901/tcp mongocompass
8285b315009a graylog/graylog:4.3 "/usr/bin/tini -- wa…" About a minute ago Up About a minute (healthy)>1514/tcp,>1514/udp, :::1514->1514/tcp, :::1514->1514/udp,>12201/tcp,>12201/udp, :::12201->12201/tcp, :::12201->12201/udp,>9000/tcp, :::9001->9000/tcp graylog
7795d2333c74 "/bin/tini -- /usr/l…" About a minute ago Up About a minute 9200/tcp, 9300/tcp graylog-elasticsearch
04dc27b0962c mongo:4.2 "docker-entrypoint.s…" About a minute ago Up About a minute 27017/tcp "docker-entrypoint.s…" 8 minutes ago Up 3 minutes>1234/tcp, :::9091->1234/tcp adminmongo


Graylog installation directory::  /data/apps/graylog
Graylog data directory:  /data/apps/graylog/data/graylog/graylog_data
Graylog plugin directory:  /data/apps/graylog/data/graylog/graylog_plugin


No special port


# Graylog Version
docker images |grep graylog/graylog |awk '{print $2}'


sudo docker  start | stop | restart | status graylog
sudo docker start | stop | restart | status graylog-mongo
sudo docker start | stop | restart | status graylog-elasticsearch
sudo docker start | stop | restart | status mongocompass



[Graylog API] ( Using the REST API 2.0 specification, even the Graylog web interface specifically uses the Graylog REST API to interact with the Graylog cluster.

API access mode: https://IP/api/api-browser/global/index.html, without /global/index.html is inaccessible.