###########
  # Graylog #
  ###########
  # MongoDB: https://hub.docker.com/_/mongo/
  mongodb:
    image: mongo:6.0.14
    container_name: mongodb
    hostname: mongodb
    volumes:
      - mongodb_data:/data/db
      - mongodb_config:/data/configdb
    restart: unless-stopped

  # Graylog: https://hub.docker.com/r/graylog/graylog/
  graylog:
    image: graylog/graylog:6.0.6
    container_name: graylog
    hostname: graylog
    environment:
      GRAYLOG_SERVER_JAVA_OPTS: "-Dlog4j2.formatMsgNoLookups=true -Djavax.net.ssl.trustStore=/usr/share/graylog/data/config/cacerts -Djavax.net.ssl.trustStorePassword=changeit"
    volumes:
      - graylog_data:/usr/share/graylog/data
      - ./graylog/graylog.conf:/usr/share/graylog/data/config/graylog.conf
      - ./graylog/log4j2.xml:/usr/share/graylog/data/config/log4j2.xml
      - ./graylog/root-ca.pem:/usr/share/graylog/data/config/root-ca.pem
      - ./graylog/GeoLite2-City.mmdb:/usr/share/graylog/data/config//GeoLite2-City.mmdb
      - ./graylog/GeoLite2-ASN.mmdb:/usr/share/graylog/data/config/GeoLite2-ASN.mmdb
      - ./config/network_ports.csv:/etc/graylog/network_ports.csv
      - ./config/software_vendors.csv:/etc/graylog/software_vendors.csv
    ports:
      # Graylog web interface and REST API
      - 9000:9000
      # Syslog TCP (Disabled for compatibility with the Wazuh Manager)
      # - 1514:1514
      # Syslog UDP SophosFW
      - 514:514/udp
      # Syslog UDP SophosFW
      - 2514:2514/udp
      # GELF TCP
      - 12201:12201
      # GELF UDP
      - 12201:12201/udp
    depends_on:
      - mongodb
      - wazuh.indexer
    restart: unless-stopped