Graylog does not receive logs from Docker Swarm Services

I'm new with Graylog and I'm trying to use Graylog on a Docker Container, but the logs from the others containers does not arrive on Graylog and nothing is displayed on the Graylog web interface SEARCH.

What should I do to logs of the containers arrives on the Graylog?

Below, I describe my try:

On a single host, running docker swarm with just one node (itself).

The local IP of this host is: 10.0.0.5

Inside a folder, I've some files:

• docker-compose.yml
• graylog.js

The content of my docker-compose.yml is:

version: "3.3"
networks:
  ambiente:
    external: true
services:
  # MONGO
  mongo:
    image: mongo:4.2
    networks: 
      - ambiente
    environment:
      - MONGO_INITDB_ROOT_USERNAME=root
      - MONGO_INITDB_ROOT_PASSWORD=drUqGGCMh
    volumes:
      - ./graylog.js:/docker-entrypoint-initdb.d/graylog.js:ro      
  # ELASTICSEARCH
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
    environment:
      - "http.host=0.0.0.0"
      - "discovery.type=single-node"
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m" 
    networks: 
      - ambiente
  # GRAYLOG
  graylog:
    image: graylog/graylog:4.1.0
    environment:
      - GRAYLOG_HTTP_EXTERNAL_URI=http://10.0.0.5:9000/
      # Pass is "admin"
      - GRAYLOG_ROOT_PASSWORD_SHA2=8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
      - GRAYLOG_ELASTICSEARCH_DISCOVERY_ENABLED=true
      - GRAYLOG_MONGODB_URI=mongodb://graylog:vWGzncmBe9@mongo:27017/graylog
      - GRAYLOG_MESSAGE_JOURNAL_ENABLED=false      
    depends_on:
      - mongo
      - elasticsearch
    ports:
      - "9000:9000"
      - "12201:12201"
      - "1514:1514"
    networks: 
      - ambiente

The graylog.js content is:

graylog = db.getSiblingDB('graylog');
graylog.createUser(
  {
    user: "graylog",
    pwd: "vWGzncmBe9",
    roles: [
      { role: "dbOwner", db: "graylog" }
    ]
  }
);

On the HOST, I created the file /etc/docker/daemon.json with the content:

{
  "metrics-addr" : "10.0.0.5:9323", 
  "experimental" : true, 
  "log-driver": "gelf",
  "log-opts": {
    "gelf-address": "udp://10.0.0.5:12201"
  }
}

After file created, I restarted the docker service and checked this status:

service docker restart
service docker status

The status of docker service is ACTIVE:

 Active: active (running) since Sat 2021-06-26 16:58:31 -03; 1min 2s ago

Then I created a Docker network:

docker network create -d overlay ambiente

And then I depolyed the stack:

docker stack deploy graylog -c docker-compose.yml 

With Graylog running, from the web interface on System/Input, I created a global input like:

bind_address: 0.0.0.0
decompress_size_limit: 8388608
number_worker_threads: 12
override_source: port: 12201
recv_buffer_size: 262144

Thanks for any help!

I just found the answer after a long time on Google!

Posting this answer here to help anyone with the same dificult that I had.

The issue was on the docker-compose.yml file on graylog ports, due to I used UDP protocol:

Before (not working), because the default docker ports is on TCP protocol:

  ports:
      - "9000:9000"
      - "12201:12201"
      - "1514:1514"

Now (working), docker ports is on TCP and UDP protocol:

  ports:
      - "9000:9000"
      - "12201:12201"
      - "12201:12201/udp"
      - "1514:1514"
      - "1514:1514/udp"

Testing from any container:

echo -n '{ "version": "1.1", "host": "example.org", "short_message": "A short message again", "level": 5, "_some_info": "foo" }' | nc -w1 -u 10.0.0.5 12201

and the message appears on the Graylog web interface:

2021-06-27 18:27:48.185 +00:00 example.org A short message!