Table of Contents

Graylog backup and restore
- Dump the mongodb
- Restore
Tested on
See also
References

graylog, backup

Graylog backup and restore

Installation of Graylog docker

Dump the mongodb

mongodump --db=graylog --out=/usr/share/graylog/data/graylogmongo.dump

Copy the config folder from /usr/share/graylog/data/config to restore inputs etc. Config dir listing:

graylog@e9533406c3a6:~$ ls /usr/share/graylog/data/config/
graylog.conf  log4j2.xml  node-id  server.conf	server.conf.dpkg-dist

Bare metal configuration is usually in /etc/graylog/server/

Restore

mongorestore --drop graylogmongo.dump

Above will drop the tables (collections) if they exist but only those in the backup.

Copy the backed up data back and restart graylog.

Also check the log4j2.xml file to make sure the paths are correct for loggin etc.

Tested on

Debian 11 Bullseye (vagrant)
docker_compose_version: v2.2.3
graylog_version: 4.2-jre11
mongodb_version: 4.2

See also

Backup Elasticsearch indices

References

Example of default log4j xml file for graylog 3.3.16