diff --git a/intern/docker_graylog/tasks/main.yml b/intern/docker_graylog/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..38e57a0bf8d8bd82454a1fc32046d49d3ecb3fef
--- /dev/null
+++ b/intern/docker_graylog/tasks/main.yml
@@ -0,0 +1,29 @@
+---
+
+- name: "create folder struct for {{ servicename }}"
+  file: 
+    path: "{{ basedir }}" 
+    state: "directory"
+
+- name: "create folder struct for {{ servicename }}"
+  file: 
+    path: "{{ basedir }}/{{ item }}" 
+    state: "directory"
+    owner: 508
+    group: 508
+  with_items:
+    - "data"
+    - "logs"
+
+- name: "create config files for {{ servicename }}"
+  template: 
+    src: "{{ item }}"
+    dest: "{{ basedir }}/{{ item }}"
+  with_items:
+    - docker-compose.yml 
+
+- name: "start {{ servicename }} docker"
+  docker_compose:
+    project_src: "{{ basedir }}"
+    state: present
+
diff --git a/intern/docker_graylog/templates/docker-compose.yml b/intern/docker_graylog/templates/docker-compose.yml
new file mode 100644
index 0000000000000000000000000000000000000000..2661974ac738183670e1a0e531525bf27fe0325f
--- /dev/null
+++ b/intern/docker_graylog/templates/docker-compose.yml
@@ -0,0 +1,48 @@
+version: "3"
+
+services:
+  mongodb:
+    image: "mongo:5.0"
+    restart: "on-failure"
+
+  opensearch:
+    image: "opensearchproject/opensearch:2.4.1"
+    environment:
+      - "TZ=Europe/Berlin"
+      - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g"
+      - "bootstrap.memory_lock=true"
+      - "discovery.type=single-node"
+      - "action.auto_create_index=false"
+      - "plugins.security.ssl.http.enabled=false"
+      - "plugins.security.disabled=true"
+    restart: "on-failure"
+
+  graylog:
+    hostname: "server"
+    image: "graylog/graylog:5.0"
+    entrypoint: "/usr/bin/tini -- wait-for-it opensearch:9200 --  /docker-entrypoint.sh"
+    environment:
+      TZ: "Europe/Berlin"
+      GRAYLOG_NODE_ID_FILE: "/usr/share/graylog/data/config/node-id"
+      GRAYLOG_PASSWORD_SECRET: "warpzonewarpzone"
+      GRAYLOG_ROOT_PASSWORD_SHA2: "26230bc6e5e044e6e3cef7c76a2800fdf2d3952ef03e85c83491b99eef149c40"
+      GRAYLOG_HTTP_BIND_ADDRESS: "0.0.0.0:9000"
+      GRAYLOG_HTTP_EXTERNAL_URI: "http://graylog.warpzone.lan/"
+      GRAYLOG_ELASTICSEARCH_HOSTS: "http://opensearch:9200"
+      GRAYLOG_MONGODB_URI: "mongodb://mongodb:27017/graylog"
+    ports:
+      - "514:5140/udp"   # Syslog
+      - "514:5140/tcp"   # Syslog
+    restart: "on-failure"
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.{{ servicename }}.rule=Host(`{{ domain }}`)
+      - traefik.http.routers.{{ servicename }}.entrypoints=websecure
+      - traefik.http.services.{{ servicename }}.loadbalancer.server.port=9000
+    networks:
+      - web
+      - default
+
+networks:
+  web:
+    external: true