{{tag>graylog backup}}

====== Graylog backup and restore ======
Installation of Graylog docker

===== Dump the mongodb =====

  mongodump --db=graylog --out=/usr/share/graylog/data/graylogmongo.dump


Copy the config folder from /usr/share/graylog/data/config to restore inputs etc. Config dir listing:

<code>
graylog@e9533406c3a6:~$ ls /usr/share/graylog/data/config/
graylog.conf  log4j2.xml  node-id  server.conf	server.conf.dpkg-dist
</code>

Bare metal configuration is usually in ///etc/graylog/server///
===== Restore =====

  mongorestore --drop graylogmongo.dump

Above will drop the tables (collections) if they exist but only those in the backup.

Copy the backed up data back and restart graylog. 

Also check the log4j2.xml file to make sure the paths are correct for loggin etc.

====== Tested on ======
  * Debian 11 Bullseye (vagrant)
  * docker_compose_version: v2.2.3
  * graylog_version: 4.2-jre11
  * mongodb_version: 4.2

====== See also ======
  * [[wiki:backup_elasticsearch_indices|Backup Elasticsearch indices]]
====== References ======
  * [[https://github.com/Graylog2/graylog-docker/blob/3.3.16-1/config/log4j2.xml|Example of default log4j xml file for graylog 3.3.16]]