If you're just looking for a functional docker.compose.yml that works on Synology DSM 7, you can find it here.

I recently encountered some issues with my UniFi devices and attempted to review the logs for troubleshooting. However, I found that the UniFi OS lacks efficient log management capabilities. With this in mind, I recalled that Lawrence Systems utilizes Graylog for indexing and reading UniFi logs, so I set out to do the same myself.

I run most of my shared services on my Synology NAS that's running DSM 7. To ensure reliability and ease of restoration in case of a data loss, I have invested time in running all my services via docker-compose and regularly backup all my service configurations. While adding Graylog to my setup through this method should have been relatively simple, the particular context of DSM and my specific NAS created some complications.

So how hard can it be to just add a few more lines to the docker-compose.yml file and spin up Graylog for all my log ingestion needs? Not hard, but troublesome in the particular context of DSM and your particular NAS...

Setup Overview

This is my target setup:

• Run Graylog's most recent version as a shared service in my NAS
• Use docker and docker-compose to define all required services
• Forward logs from my UniFi controller to Graylog
• Consume those logs via any internal client in my network

Issues running vanilla configuration on DSM 7

When I was looking for official docs on the matter I found two links which give you slightly different instructions:

• Official docs
• Official GitHub repo

They differ in some aspects, but ultimately, as I tried to run and fix the provided docker-compose.yml for DSM 7, I started encountering some issues 👇.

MongoDB 5 requires AVX Support on the NAS CPU

 MongoDB 5.0+ requires a CPU with AVX support, and your current system does not appear to have that!

So what exactly is AVX? 🤔

Advanced Vector Extensions (AVX) are extensions to the x86 instruction set architecture for microprocessors from Intel and Advanced Micro Devices (AMD). They were proposed by Intel in March 2008 and first supported by Intel with the Sandy Bridge[1] processor shipping in Q1 2011 and later by AMD with the Bulldozer[2] processor shipping in Q3 2011. AVX provides new features, new instructions and a new coding scheme. - Wikipedia

It seems this is not a thing in Celeron CPUs and as such support on Synology NAS will be reduced, especially for the home and semi-pro variants of their products.

✅ Solution: Downgrade MongoDB to latest 4.x which doesn't require AVX support.

Graylog 5 requires MongoDB 5

 You're running MongoDB 4.4.18 but Graylog requires at least MongoDB 5.0.0. Please upgrade.

As an end-user who primarily wants to ingest logs into Graylog and be able to query them, I was not overly concerned with this downgrade.

✅ Solution: Downgrade Graylog to latest 4.x which doesn't require MongoDB 5.x

Incorrect mapping of elasticsearch folder

This is the issue that really got me. When playing with docker every time I have path access issues it's either the user I'm defining lacking permissions of the local folder I'm mapping simply doesn't exist. While troubleshooting this, I went nuts trying to find why docker didn't have access to the folder in question, to the point I gave up. After a day or so I picked up this project again, and then I found a Stackoverflow post suggesting to change the path on the docker image itself:

Solution ✅ : Change the elasticsearch internal path from /usr/share/elasticsearch/data to /var/lib/elasticsearch/data

Graylog not able to write files in the mapped volume

Unfortunately, this is an issue for which I do not have a solution on DSM. As it stands, graylog doesn't use the root user in the container, so it creates a user:group 1100:1100. I've read plenty of solutions to just chown the folder to that user:group but this didn't solve it.

I then tried to create a group and user on DSM with addgroup, but then I found that DSM does not allow you to create users and groups with specific ids. I went to the trouble of trying to create some of the files that graylog was trying to generate like the graylog.conf, but as I was doing that I've figured this will be a non-ending problem.

ERROR: Unable to access file /usr/share/graylog/data/journal/graylog2-committed-read-offset: Permission denied #2155

woody3549 posted on Apr 28, 2016

Problem description

ERROR: Unable to access file /usr/share/graylog/data/journal/graylog2-committed-read-offset: Permission denied

Steps to reproduce the problem

While doing a docker-compose up Graylog server is stopping with the above error

Here is the docker-compose file

mongo:
  image: "mongo:3"
  volumes:
    - /graylog/data/mongo:/data/db
elasticsearch:
  image: "elasticsearch:2"
  command: "elasticsearch -Des.cluster.name='graylog'"
  volumes:
    - /graylog/data/elasticsearch:/usr/share/elasticsearch/data
graylog:
  image: graylog2/server:2.0.0-rc.1-1
  volumes:
    - /graylog/data/journal:/usr/share/graylog/data/journal
    - /graylog/config:/usr/share/graylog/data/config
  environment:
    GRAYLOG_PASSWORD_SECRET: somepasswordpepper
    GRAYLOG_ROOT_PASSWORD_SHA2: 8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
    GRAYLOG_REST_TRANSPORT_URI: http://127.0.0.1:12900

  links:
    - mongo:mongo
    - elasticsearch:elasticsearch
  ports:
    - "9000:9000"
    - "12900:12900"

Environment

• Graylog Version: 2
• Elasticsearch Version:2
• MongoDB Version: 3
• Operating System: CentOS 7
• Browser version:

View on GitHub

Working docker file

As it is, I've failed to setup a persistent configuration for graylog on DSM. If anyone has solved this please let me know in the comments. The docker file you see below will use volatile storage, so you'll loose your logs and configurations upon a single container stop.

Setting up a new input on Graylog

After Graylog is running, and you login via http://hostname:9000, you'll be alerted there are no inputs set. Navigate to System -> Inputs:

On the Inputs screen, find the dropdown with Select Input and pick Syslog UDP:

Give it whatever name you'd like. The input is pretty much ready to go, with the exception of the default port. Change it from 514 to 1514:

This is it on the Graylog side, lets go to the Unifi controller to forward the logs.

Setting up log forwarding on UniFi controller

When I say UniFi controller, I mean any of their controller products: CloudKey, UniFi Dream Router or UniFi Dream Machine. I'm personally a CloudKey user.

Go into Network -> Settings and expand support, until you see this block. Tick the Syslog checkbox, and fill in your NAS hostname, as well as the port 1514

Checking our logs on Graylog

If everything was configured properly you should see your UniFi logs on graylog. If you have any comments and improvements for the post, I'm always looking for advice and guidance 🙇