The Loghost role starts a managed instance of Graylog 2.1.1.



One instance (srv interface, port TCP 9000) passes logins via My Flying Circus to the web interface of Graylog.

The other (srv interface, port TCP 9002) is meant for VMs in the same project to access the Graylog API directly.


Graylog saves user configs and settings in a MongoDB, while ingested messages are stored in Elasticsearch.


Activating the role in a project, activates the “Logs …” button on the dashboard. From there on you will be transferred to Graylog’s dashboard. Doing that for the first time, a user with adminstrator rights and your current login name will be created.

Alternatively, the URL to access the graylog dashboard directly is: http://my.flyingcircus.io/tools/<machine>/graylog/


Graylog implements its web interface as a first consumer of its REST api. One can also access it directly via

http://my.flyingcircus.io/tools/<machine>/graylog/api http://my.flyingcircus.io/tools/<machine>/graylog/api/api-browser (live documentation)

There is an admin user setup, which password is to be found in /etc/local/graylog/password.


The following inputs are active by default:

  • Syslog UDP on port 5140