Graylog Docker (How it Works for Developers For PDF Security)

What is Graylog Docker?

Graylog is an open-source tool for log management and analysis. Centralized logging is possible, including data enrichment and the presentation of real-time insights into IT systems. The Graylog Docker image makes it easy to deploy Graylog in containerized environments with the help of Docker. This simplifies setup and scaling, making the tool more popular for modern microservices-based architectures in log management.

Broken image Add from Pixabay, select from your files or drag and drop an image here.

Generally, Graylog Docker image is used with other containers, such as Elasticsearch, which will have the log and perform search functionality, and MongoDB, which stores metadata. As Docker Compose, all these components can be orchestrated to create a complete logging stack. Graylog can use multiple protocols, like Syslog, GELF (Graylog Extended Log Format), and Beats, to ingest log data from servers, applications, network devices, and cloud platforms.

GrayLog Docker Requirement

In addition, to use Graylog Docker we need the following Docker images in the configuration directory.

• MongoDB
• OpenSearch
• Graylog

What is MongoDB Docker?

MongoDB Docker is a NoSQL database by MongoDB, mostly for unstructured data, delivered to the customers as a lightweight and scalable ported solution of MongoDB instances on top of the Docker. Graylog needs some metadata in the form of default configuration files, user data, environment variables, and further important data, which is crucial to running it successfully, so, MongoDB comes into play that holds all required metadata. Using MongoDB in a Docker container can make setting up easier, ensure that development and production environments are consistent, and scale and manage applications more easily.

What is OpenSearch Docker?

OpenSearch, a distributed search and analytics engine also based on Elasticsearch, is, in fact, a containerized version of OpenSearch Docker. OpenSearch is an index for indexing, storing, and searching log data in Graylog Docker configurations. It is the principal component permitting Graylog to ingest, query, and analyze logs efficiently.

When OpenSearch is integrated into a Docker environment for Graylog, it works quite well with the Graylog server, handling high volumes of log data transformation and quick search capabilities. OpenSearch Docker simplifies back-end deployment and management by running a search engine inside a container, delivering portability, scalability, and configuration ease.

Install Graylog and other Docker component

Create a docker-compose file using the code below, which helps store configuration data. And name it docker-compose.yml.

version: '3'
services:
  # MongoDB: https://hub.docker.com/_/mongo/
  mongodb:
    image: "mongo:6.0.18"
    ports:
      - "27017:27017"   
    restart: "on-failure"
    networks:
      - graylog
    volumes:
      - "mongodb_data:/data/db"  
  opensearch:
    image: "opensearchproject/opensearch:2.15.0"
    environment:
      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
      - "bootstrap.memory_lock=true"
      - "discovery.type=single-node"
      - "action.auto_create_index=false"
      - "plugins.security.ssl.http.enabled=false"
      - "plugins.security.disabled=true"
      # Can generate a password for `OPENSEARCH_INITIAL_ADMIN_PASSWORD` using a Linux device via:
      # tr -dc A-Z-a-z-0-9_@#%^-_=+ < /dev/urandom | head -c${1:-32}
      - "OPENSEARCH_INITIAL_ADMIN_PASSWORD=+_8r#wliY3Pv5-HMIf4qzXImYzZf-M=M"
    ulimits:
      memlock:
        hard: -1
        soft: -1
      nofile:
        soft: 65536
        hard: 65536
    ports:
      - "9203:9200"
      - "9303:9300"    
    restart: "on-failure"
    networks:
      - graylog
    volumes:
      - "opensearch:/usr/share/opensearch/data"  
  # Graylog: https://hub.docker.com/r/graylog/graylog/
  graylog:
    hostname: "server"
    image: "graylog/graylog-enterprise:6.0"
    # To install Graylog Open: "graylog/graylog:6.0"
    depends_on:
      mongodb:
        condition: "service_started"
      opensearch:
        condition: "service_started"
    entrypoint: "/usr/bin/tini -- wait-for-it opensearch:9200 -- /docker-entrypoint.sh"
    environment:
      GRAYLOG_NODE_ID_FILE: "/usr/share/graylog/data/config/node-id"
      GRAYLOG_HTTP_BIND_ADDRESS: "0.0.0.0:9000"
      GRAYLOG_ELASTICSEARCH_HOSTS: "http://opensearch:9200"
      GRAYLOG_MONGODB_URI: "mongodb://mongodb:27017/graylog"
      # To make reporting (headless_shell) work inside a Docker container
      GRAYLOG_REPORT_DISABLE_SANDBOX: "true"
      # CHANGE ME (must be at least 16 characters)!
      GRAYLOG_PASSWORD_SECRET: "somepasswordpepper"
      # Password: "admin"
      GRAYLOG_ROOT_PASSWORD_SHA2: "8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918"
      GRAYLOG_HTTP_EXTERNAL_URI: "http://127.0.0.1:9000/"
    ports:
      # Graylog web interface and REST API
      - "9000:9000/tcp"
      # Beats
      - "5044:5044/tcp"
      # Syslog TCP
      - "5140:5140/tcp"
      # Syslog UDP
      - "5140:5140/udp"
      # GELF TCP
      - "12201:12201/tcp"
      # GELF UDP
      - "12201:12201/udp"
      # Forwarder data
      - "13301:13301/tcp"
      # Forwarder config
      - "13302:13302/tcp"
    restart: "on-failure"
    networks:
      - graylog
    volumes:
      - "graylog_data:/usr/share/graylog/data/data"
      - "graylog_config:/usr/share/graylog/data/config"
      - "graylog_journal:/usr/share/graylog/data/journal"  
networks:
  graylog:
    driver: "bridge"
volumes:
  mongodb_data:
  opensearch:
  graylog_data:
  graylog_config:
  graylog_journal:

version: '3'
services:
  # MongoDB: https://hub.docker.com/_/mongo/
  mongodb:
    image: "mongo:6.0.18"
    ports:
      - "27017:27017"   
    restart: "on-failure"
    networks:
      - graylog
    volumes:
      - "mongodb_data:/data/db"  
  opensearch:
    image: "opensearchproject/opensearch:2.15.0"
    environment:
      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
      - "bootstrap.memory_lock=true"
      - "discovery.type=single-node"
      - "action.auto_create_index=false"
      - "plugins.security.ssl.http.enabled=false"
      - "plugins.security.disabled=true"
      # Can generate a password for `OPENSEARCH_INITIAL_ADMIN_PASSWORD` using a Linux device via:
      # tr -dc A-Z-a-z-0-9_@#%^-_=+ < /dev/urandom | head -c${1:-32}
      - "OPENSEARCH_INITIAL_ADMIN_PASSWORD=+_8r#wliY3Pv5-HMIf4qzXImYzZf-M=M"
    ulimits:
      memlock:
        hard: -1
        soft: -1
      nofile:
        soft: 65536
        hard: 65536
    ports:
      - "9203:9200"
      - "9303:9300"    
    restart: "on-failure"
    networks:
      - graylog
    volumes:
      - "opensearch:/usr/share/opensearch/data"  
  # Graylog: https://hub.docker.com/r/graylog/graylog/
  graylog:
    hostname: "server"
    image: "graylog/graylog-enterprise:6.0"
    # To install Graylog Open: "graylog/graylog:6.0"
    depends_on:
      mongodb:
        condition: "service_started"
      opensearch:
        condition: "service_started"
    entrypoint: "/usr/bin/tini -- wait-for-it opensearch:9200 -- /docker-entrypoint.sh"
    environment:
      GRAYLOG_NODE_ID_FILE: "/usr/share/graylog/data/config/node-id"
      GRAYLOG_HTTP_BIND_ADDRESS: "0.0.0.0:9000"
      GRAYLOG_ELASTICSEARCH_HOSTS: "http://opensearch:9200"
      GRAYLOG_MONGODB_URI: "mongodb://mongodb:27017/graylog"
      # To make reporting (headless_shell) work inside a Docker container
      GRAYLOG_REPORT_DISABLE_SANDBOX: "true"
      # CHANGE ME (must be at least 16 characters)!
      GRAYLOG_PASSWORD_SECRET: "somepasswordpepper"
      # Password: "admin"
      GRAYLOG_ROOT_PASSWORD_SHA2: "8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918"
      GRAYLOG_HTTP_EXTERNAL_URI: "http://127.0.0.1:9000/"
    ports:
      # Graylog web interface and REST API
      - "9000:9000/tcp"
      # Beats
      - "5044:5044/tcp"
      # Syslog TCP
      - "5140:5140/tcp"
      # Syslog UDP
      - "5140:5140/udp"
      # GELF TCP
      - "12201:12201/tcp"
      # GELF UDP
      - "12201:12201/udp"
      # Forwarder data
      - "13301:13301/tcp"
      # Forwarder config
      - "13302:13302/tcp"
    restart: "on-failure"
    networks:
      - graylog
    volumes:
      - "graylog_data:/usr/share/graylog/data/data"
      - "graylog_config:/usr/share/graylog/data/config"
      - "graylog_journal:/usr/share/graylog/data/journal"  
networks:
  graylog:
    driver: "bridge"
volumes:
  mongodb_data:
  opensearch:
  graylog_data:
  graylog_config:
  graylog_journal:

version:
  #MongoDB: https: 'hub.docker.com/_/mongo/
	  #Can generate a password for `OPENSEARCH_INITIAL_ADMIN_PASSWORD` using a Linux device via:
	  #tr -dc A-Z-a-z-0-9_@#% Xor -_=+ < /dev/urandom Or head -c${1:-32}
  #Graylog: https: 'hub.docker.com/r/graylog/graylog/
	#To install Graylog Open: "graylog/graylog:6.0"
	  #To make reporting (headless_shell) work inside a Docker container
	  #CHANGE ME (must be at least 16 characters)!
	  #Password: "admin"
	  #Graylog web interface and REST API
	  #Beats
	  #Syslog TCP
	  #Syslog UDP
	  #GELF TCP
	  #GELF UDP
	  #Forwarder data
	  #Forwarder config
'INSTANT VB TODO TASK: The following line uses invalid syntax:
'"3"c services: mongodb: image: "mongo:6.0.18" ports: - "27017:27017" restart: "on-failure" networks: - graylog volumes: - "mongodb_data:/data/db" opensearch: image: "opensearchproject/opensearch:2.15.0" environment: - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" - "bootstrap.memory_lock=true" - "discovery.type=single-node" - "action.auto_create_index=false" - "plugins.security.ssl.http.enabled=false" - "plugins.security.disabled=true" - "OPENSEARCH_INITIAL_ADMIN_PASSWORD=+_8r#wliY3Pv5-HMIf4qzXImYzZf-M=M" ulimits: memlock: hard: -1 soft: -1 nofile: soft: 65536 hard: 65536 ports: - "9203:9200" - "9303:9300" restart: "on-failure" networks: - graylog volumes: - "opensearch:/usr/share/opensearch/data" graylog: hostname: "server" image: "graylog/graylog-enterprise:6.0" depends_on: mongodb: condition: "service_started" opensearch: condition: "service_started" entrypoint: "/usr/bin/tini -- wait-for-it opensearch:9200 -- /docker-entrypoint.sh" environment: GRAYLOG_NODE_ID_FILE: "/usr/share/graylog/data/config/node-id" GRAYLOG_HTTP_BIND_ADDRESS: "0.0.0.0:9000" GRAYLOG_ELASTICSEARCH_HOSTS: "http://opensearch:9200" GRAYLOG_MONGODB_URI: "mongodb://mongodb:27017/graylog" GRAYLOG_REPORT_DISABLE_SANDBOX: "true" GRAYLOG_PASSWORD_SECRET: "somepasswordpepper" GRAYLOG_ROOT_PASSWORD_SHA2: "8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918" GRAYLOG_HTTP_EXTERNAL_URI: "http://127.0.0.1:9000/" ports: - "9000:9000/tcp" - "5044:5044/tcp" - "5140:5140/tcp" - "5140:5140/udp" - "12201:12201/tcp" - "12201:12201/udp" - "13301:13301/tcp" - "13302:13302/tcp" restart: "on-failure" networks: - graylog volumes: - "graylog_data:/usr/share/graylog/data/data" - "graylog_config:/usr/share/graylog/data/config" - "graylog_journal:/usr/share/graylog/data/journal" networks: graylog: driver: "bridge" volumes: mongodb_data: opensearch: graylog_data: graylog_config: graylog_journal:

This Docker Compose configuration file will set up a centralized logging solution stack with three main services: MongoDB, OpenSearch, and Graylog. These services are interconnected through a shared bridge network named Graylog.

MongoDB is used here with the image mongo:6.0.18 as the metadata store; it persists the data in the volume mongodb_data and exposes port 27017. OpenSearch uses the image opensearchproject/opensearch:2.15.0, a log indexing and storage engine; environment variables configure the application as a single-node installation with security plugins disabled for development, memory optimizations, password protection, with the data persisting in the volume OpenSearch and exposing the ports 9203 and 9303.

Graylog setup runs on the Graylog/Graylog-enterprise:6.0 image as mentioned in the above Docker Compose file. It is used here as a central logging interface. To work, MongoDB and OpenSearch are required. These are used to configure a node, encrypt passwords, and create an external URI. Graylog opens various ports, like 9000, for the web interface and other protocols related to log ingestion. In doing so, it persists data, configurations, default files, and the journal in corresponding volumes. This ensures containers restart in case of failure and is the heart of a reliable logging ecosystem.

Run the compose using the up command to download all the images and to create the container:

docker-compose up

Once the installation is completed now we can log in using below URL http://localhost:9000/ with the default credential.

Below is the dashboard page of the Graylog once logged in.

Broken image Add from Pixabay, select from your files or drag and drop an image here.

What is IronSecureDoc?

IronSecureDoc is a document management and security utility tool that utilizes advanced encryption, complex PDF manipulation, and digital signing. It offers firms and developers smooth access and allows for easier processing of PDF documents without any direct or indirect dependencies. If its features enable developers to automatically create, upload, manipulate, and secure PDF files and documents programmatically, it can be referred to as an aggressive PDF API.

IronPDF is a PDF API that allows creating PDFs from any type of data input and adding or editing content through parameters like text, images, or metadata. It also incorporates functionality for merging several PDFs, creating composed files, splitting documents, and even adding comments, highlights, or watermarks for annotations.

Install IronSecureDoc

You can pull the Docker image of IronSecureDoc by using the following command in the Command Prompt or an open terminal window based on the repository given below.

docker pull ironsoftwareofficial/ironsecuredoc

Run IronSecureDoc with Graylog

docker container run -dit --log-driver=gelf --log-opt gelf-address=udp://127.0.0.1:12201 --rm -p 8080:8080 -e ENVIRONMENT=Development -e HTTP_PORTS=8080 ironsoftwareofficial/ironsecuredoc:latest

This Docker command launches a container from the ironsoftwareofficial/ironsecuredoc:latest image with the help of the GELF logging driver in detached interactive mode (-dit) and forwards container logs to the Graylog server that is listening at udp://127.0.0.1:12201. When it ends, the --rm flag makes that to automatically delete that container.

Since the container maps port 8080 on the host to port 8080 inside the container (-p 8080:8080), the application can be accessed locally on the designated port. Two environment variables are set: HTTP_PORTS=8080, which is the container's HTTP port configuration, and ENVIRONMENT=Development, which is the development environment. In a development setting, this configuration allows effective log management using Graylog while executing a web application reachable on port 8080.

Logging in Graylog using IronSecureDoc

To integrate IronSecureDoc actual log data into Graylog using the System/Input feature, follow these steps:

• In the left sidebar click on System > Inputs.

• Under Input Type, click on GELF UDP or GELF TCP if TCP is preferred. Click Launch new input. Set up the Input:

• Title: Give a good descriptive name for it, such as IronSecureDoc Logs.
• Bind Address: Add 0.0.0.0 to receive logs from any IP or use 127.0.0.1 for local logs.
• Port: Select 12201 as the GELF port by default.
• Save: Then Launch to enable the input.

If IronSecureDoc has a web interface, Open the server's IP address in your browser with the specified port, for example, http://:8080. Complete any initial setup required for the application.

Below is the IronSecureDoc web interface and REST API:

Encrypt PDF using IronSecureDoc

Use a tool like Curl or Postman to send an encryption request to the IronSecureDoc API. For example:

curl -X 'POST' \
  'http://localhost:8080/encrypt?user_password=demo' \
  -H 'accept: */*' \
  -H 'Content-Type: multipart/form-data' \
  -F 'pdf_file=@test.pdf;type=application/pdf'

This would post to the IronSecureDoc API, and we might even want to request a permissions password to encrypt a request with a user password to a document.

The above action will be logged in all the ironsecuredoc container actions. And it creates metrics.

Conclusion

This integration with Graylog brings you a potent logging and monitoring solution that enables central management as well as provides real-time insight into encryption activities and application behavior. It can benefit from Graylog's powerful capabilities in search, alerting, and visualization, allowing it to track IronSecureDoc logs more efficiently, identify issues in real-time, and ensure seamless and secure processing of documents. The integration of IronSecureDoc with Graylog enhances operational transparency, improves troubleshooting, and strengthens overall system reliability, making it an essential addition for secure and efficient log management.

It can make a full audit with maximum security. Now, secure printing efficient PDF format and error handling can be easily integrated into the applications developed by web, mobile, and corporate systems developers using IronSecureDoc REST API. For information on IronSecureDoc's license, please visit the licensing page. For detailed configuration information about the products of Iron Software, please follow the library suite page.