#!/bin/bash source "${AGENT_PATH}/common.sh" _check_required_env_vars "CONTAINER_NAME" "GRAYLOG_PASSWORD_SECRET" "GRAYLOG_ROOT_PASSWORD" # Convert plain text password to SHA256 for Graylog GRAYLOG_ROOT_PASSWORD_SHA2=$(echo -n "${GRAYLOG_ROOT_PASSWORD}" | sha256sum | cut -d' ' -f1) export GRAYLOG_ROOT_PASSWORD_SHA2 # Check Docker _check_docker_installed || _die "Docker test failed" docker compose version >/dev/null 2>&1 || _die "Docker Compose V2 is required" # Check vm.max_map_count for OpenSearch CURRENT_MAP_COUNT=$(cat /proc/sys/vm/max_map_count 2>/dev/null || echo "0") if [ "$CURRENT_MAP_COUNT" -lt 262144 ]; then echo "WARNING: vm.max_map_count is $CURRENT_MAP_COUNT (should be at least 262144)" echo "OpenSearch may fail to start. To fix, run:" echo " sudo sysctl -w vm.max_map_count=262144" echo " echo 'vm.max_map_count=262144' | sudo tee -a /etc/sysctl.conf" fi # Stop any existing containers bash ./stop.sh 2>/dev/null || true # Start the stack echo "Starting Graylog..." docker compose -p "${CONTAINER_NAME}" up -d || _die "Failed to start Graylog stack" # Wait for Graylog to be ready echo -n "Waiting for Graylog to start (this may take a few minutes)..." MAX_WAIT=180 WAITED=0 while [ $WAITED -lt $MAX_WAIT ]; do if curl -s "http://localhost:${WEB_PORT:-9000}/api/system/lbstatus" 2>/dev/null | grep -q "ALIVE"; then echo " Ready!" break fi echo -n "." sleep 5 WAITED=$((WAITED + 5)) done if [ $WAITED -ge $MAX_WAIT ]; then echo "" echo "WARNING: Graylog may still be starting. Check logs with: dropshell logs graylog" fi echo "" echo "=========================================" echo "Graylog Installed!" echo "=========================================" echo "" echo "Web UI: http://$(hostname -I | awk '{print $1}'):${WEB_PORT:-9000}" echo "Login: admin / ${GRAYLOG_ROOT_PASSWORD}" echo "" echo "INPUT PORTS:" echo " GELF UDP: ${GELF_UDP_PORT:-12201}" echo " GELF TCP: ${GELF_TCP_PORT:-12202}" echo " Syslog UDP: ${SYSLOG_UDP_PORT:-1514}" echo " Syslog TCP: ${SYSLOG_TCP_PORT:-1515}" echo " Beats: ${BEATS_PORT:-5044}" echo "" echo "IMPORTANT: Configure inputs in the Graylog web UI:" echo " System -> Inputs -> Select input type -> Launch" echo "" echo "SECURITY: Change GRAYLOG_PASSWORD_SECRET and" echo "GRAYLOG_ROOT_PASSWORD in service.env!" echo "========================================="