Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status


graylog2 (64) Versions 1.1.3

Installs and configures Graylog - maintained by Graylog, Inc.

cookbook 'graylog2', '= 1.1.3', :supermarket
cookbook 'graylog2', '= 1.1.3'
knife supermarket install graylog2
knife supermarket download graylog2
Quality 100%


This Chef cookbook installs and configures the Graylog log management system.

It is using the official installation packages provided by Graylog, Inc.. It needs as requirement an installation of Java, Elasticsearch and MongoDB.



To give this cookbook a try simply use the Kitchen test suite.

kitchen setup default-ubuntu-1404
open http://localhost:9000
Login with admin/admin


The cookbook contains several recipes for different installation setups. Pick only the recipes
you need for your environment.

Recipe Description
default Setup the Graylog package repository
server Install Graylog server
web Install Graylog web interface
radio Install a Graylog radio node
authbind Give the Graylog user access to privileged ports like 514 (only on Ubuntu/Debian)
api_access Use Graylog API to setup inputs like 'Syslog UDP'
collector Install Graylog's collector (Experimental)

In a minimal setup you need at least the default, server and web recipes. Combined with
MongoDB and Elasticsearch, a run list might look like this:

run_list "recipe[java]",


Graylog runs currently with Java 8. To install the correct version set this attribute:

  "java": {
    "jdk_version": "8",
    "install_flavor": "oracle",
    "oracle": {
      "accept_oracle_download_terms": true

OpenJDK and Oracle JDK are both fine for Graylog, but the Java cookbook only supports Oracle's Java 8. Note that you must accept Oracle's download terms.

You have to use a certain version of Elasticsearch for every Graylog Version, currently
this is 1.5.2. The cluster name should be 'graylog2':

  "elasticsearch": {
    "version": "1.5.2",
    "cluster": {
      "name": "graylog2"

Graylog itself needs a secret for encryption and a hashed password for the root user. By default this user is called admin.

You can create the secret with this shell command pwgen -s 96 1.

The password can be generated with echo -n yourpassword | shasum -a 256 | awk '{print $1}'

  "graylog2": {
    "password_secret": "ZxUahiN48EFVJgzRTzGO2olFRmjmsvzybSf4YwBvn5x1asLUBPe8GHbOQTZ0jzuAB7dzrNPk3wCEH57PCZm23MHAET0G653G",
    "root_password_sha2": "e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951",
    "server": {
      "java_opts": ""
    "web": {
      "secret": "ZxUahiN48EFVJgzRTzGO2olFRmjmsvzybSf4YwBvn5x1asLUBPe8GHbOQTZ0jzuAB7dzrNPk3wCEH57PCZm23MHAET0G653G"

Alternatively you can create an encrypted data bag and store the secrets there. The data should be called
'secrets' with an item 'graylog'.

knife data bag create --secret-file ~/.chef/encrypted_data_bag_secret secrets graylog

  "id": "graylog",
  "server": {
    "root_password_sha2": "<root password as sha256>",
    "password_secret": "<random string as encryption salt>"
  "web": {
    "secret": "<random string as encryption salt>"

You can take a look into the attributes file under attributes/default.rb to get an idea
what can be configured for Graylog.

Node discovery

The cookbook is able to use Chef's search to find Elasticsearch and other Graylog nodes. To configure
a dynamic cluster set the following attributes:

Elasticsearch discovery

'graylog2'=> {
  'elasticsearch' => {
    'unicast_search_query' => 'role:elasticsearch',
    'search_node_attribute' => 'ipaddress'

Graylog server discovery

'graylog2'=> {
  'web' => {
    'server_search_query' => 'role:graylog-server',
    'search_node_attribute' => 'ipaddress'

One server needs to be set as a master, use this attribute to do so

default.graylog2[:ip_of_master] = node.ipaddress


Ubuntu/Debian systems allow a user to bind a proccess to a certain privileged port below 1024.
This is called authbind and is supported by this cookbook. So it is possible to let Graylog listen on port 514 and act like a normal syslog server.
To enable this feature include the authbind cookbook to your run list and also the recipe
recipe[graylog2::authbind] from this cookbook.
By default the recipe will give the Graylog user permission to bind to port 514 if you need more than that you can
set the attribute default.graylog2[:authorized_ports] to an array of allowed ports.

API access

In order to access the API of Graylog we provide a LWRP to do so. At the moment we only support
the creation of inputs but the LWRP is easy to extend. You can use the provider in your own
recipe like this:

Include recipe[graylog2::api_access] to your run list.

graylog2_inputs "syslog udp" do
  input '{ "title": "syslog", "type":"org.graylog2.inputs.syslog.udp.SyslogUDPInput", "global": true, "configuration": { "port": 1514, "allow_override_date": true, "bind_address": "", "store_full_message": true, "recv_buffer_size": 1048576 } }'

or you can put the same JSON into an array and set it as an attribute:

"graylog2": {
  "inputs": ["{ \"title\": \"syslog\", \"type\":\"org.graylog2.inputs.syslog.udp.SyslogUDPInput\", \"global\": true, \"configuration\": { \"port\": 1514, \"allow_override_date\": true, \"bind_address\": \"\", \"store_full_message\": true, \"recv_buffer_size\": 1048576 } }"]


Author: Marius Sturm ( and contributors

License: Apache 2.0

Dependent cookbooks

authbind >= 0.1.8

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

Graylog Chef Cookbook Changes


  • fix backwards compartibility with Graylog 1.0


  • Update to bug-fix release 1.1.1


  • Update to Graylog 1.1.0
  • add new attributes for 1.1.0
  • introduce foodcritic and rubocop


  • add position parameter to dashboard provider


  • Update Graylog version to 1.0.2
  • add parameters alert_conditions and alarm_callbacks to streams provider. Both in combination can be used to create stream alerts automatically. Take a look into .kitchen.yml for a working json example


  • Update Graylog version to 1.0.1
  • Deal with updated configuration in graylog packages on Ubuntu/Debian


  • elasticsearch-http-enabled is not fixed set to false anymore
  • configurable quotation marks for server secrets to allow full server replacement
  • append port 9300 to Elasticsearch lookups to minimize discovery failures


  • reduce file permissions for Graylog config files
  • fix empty string for '' in web.conf


  • Update Graylog version to 1.0.0
  • explicit include of 'authbind' in graylog2::authbind
  • improve error handling for api access
  • mandatory secrets for server and web interrupt chef run if they are not set
  • allow secrets to be set through attributes or an encrypted data bag 'secrets/graylog'
  • support chef search for nodes to set up unicast discovery

0.3.8 (2015-01-14)

  • Bump to 0.92.4
  • Restart Graylog server + web interface on package update

0.3.7 (2015-01-05)

  • Removed dependency on default.rb, you can now use only single parts of the cookbook

0.3.6 (2014-12-23)

  • Update Graylog2 version to 0.92.3

0.3.5 (2014-12-12)

  • Update Graylog2 version to 0.92.1

0.3.4 (2014-12-01)

  • Update Graylog2 version to 0.92.0
  • Add new configuration parameters for time based retention and SSL/TLS REST API

0.3.3 (2014-11-07)

  • Update Graylog2 version to 0.91.3

Foodcritic Metric

1.1.3 passed this metric