diff --git a/graylog.yaml b/graylog.yaml
deleted file mode 100755
index e20dff8..0000000
--- a/graylog.yaml
+++ /dev/null
@@ -1,151 +0,0 @@
-#only works with compose
-
-
-
-services: 
-  # MongoDB: https://hub.docker.com/_/mongo/
-  mongodb:
-    container_name: graylog-mongo
-    image: mongo:5.0
-    volumes:
-      #- /DockerVol/Graylog/Mongo/data/db:/data/db
-      - mongodb_data:/data/db
-    networks:
-      - netgrimoire
-    environment:
-      - PGID=998
-      - PUID=1001  
-      - UMASK=002
-    # deploy:
-    #   placement:
-    #     constraints:
-    #       - node.hostname == docker2
-      
-  datanode:
-    container_name: graylog-datanode
-    image: "${DATANODE_IMAGE:-graylog/graylog-datanode:6.0}"
-    hostname: "datanode"
-    environment:
-      GRAYLOG_DATANODE_NODE_ID_FILE: "/var/lib/graylog-datanode/node-id"
-      GRAYLOG_DATANODE_PASSWORD_SECRET: "TZ3XajhzIBugTl61oNNgrWL0OHTn4qYcNAuzTTHWRKYxxWf61oAEpHOpesLoP7ssgqBTuainTBX6YIVAcYs2de2jhPHQBYD5"
-      GRAYLOG_DATANODE_ROOT_PASSWORD_SHA2: "1b12de7f4069972e784d42dbe826c0769f1287412cd35479de127fcf816699dc"
-      GRAYLOG_DATANODE_MONGODB_URI: "mongodb://mongodb:27017/graylog"
-      PGID: 998
-      PUID: 1001 
-      UMASK: 002
-    ulimits:
-      memlock:
-        hard: -1
-        soft: -1
-      nofile:
-        soft: 65536
-        hard: 65536
-    ports:
-      - "8999:8999/tcp"   # DataNode API
-      - "9200:9200/tcp"
-      - "9300:9300/tcp"
-    volumes:
-      #- /DockerVol/Graylog/datanode:/var/lib/graylog-datanode 
-      - graylog-datanode:/var/lib/graylog-datanode
-    networks:
-      - netgrimoire  
-    # deploy:
-    #   placement:
-    #     constraints:
-    #       - node.hostname == docker2
-
-  graylog:
-    container_name: graylog
-    hostname: "server"
-    image: "${GRAYLOG_IMAGE:-graylog/graylog:6.0}"
-    depends_on:
-      - mongodb
-      #    -condition: "service_started"
-    entrypoint: "/usr/bin/tini --  /docker-entrypoint.sh"
-    environment:
-      GRAYLOG_NODE_ID_FILE: "/usr/share/graylog/data/data/node-id"
-      GRAYLOG_PASSWORD_SECRET: "TZ3XajhzIBugTl61oNNgrWL0OHTn4qYcNAuzTTHWRKYxxWf61oAEpHOpesLoP7ssgqBTuainTBX6YIVAcYs2de2jhPHQBYD5"
-      GRAYLOG_ROOT_PASSWORD_SHA2: "1b12de7f4069972e784d42dbe826c0769f1287412cd35479de127fcf816699dc"
-      GRAYLOG_HTTP_BIND_ADDRESS: "0.0.0.0:9000"
-      GRAYLOG_HTTP_EXTERNAL_URI: "http://log.netgrimoire.com/"
-      GRAYLOG_MONGODB_URI: "mongodb://mongodb:27017/graylog"
-      GRAYLOG_ELASTICSEARCH_SSL_VERIFY: false
-      PGID: 998
-      PUID: 1001
-      UMASK: 002 
-    ports:
-      - "5044:5044/tcp"   # Beats
-      - "5140:5140/udp"   # Syslog
-      - "5140:5140/tcp"   # Syslog
-      - "5555:5555/tcp"   # RAW TCP
-      - "5555:5555/udp"   # RAW UDP
-      - "9000:9000/tcp"   # Server API
-      - "12201:12201/tcp" # GELF TCP
-      - "12201:12201/udp" # GELF UDP
-    #- "10000:10000/tcp" # Custom TCP port
-    #- "10000:10000/udp" # Custom UDP port
-      - "13301:13301/tcp" # Forwarder data
-      - "13302:13302/tcp" # Forwarder config
-    volumes:
-      #- "/DockerVol/Graylog/graylog_data:/usr/share/graylog/data/data"
-      #- "/DockerVol/Graylog/graylog_journal:/usr/share/graylog/data/journal"
-      - graylog_data:/usr/share/graylog/data/data
-      - graylog_journal:/usr/share/graylog/data/journal
-    networks:
-      - netgrimoire
-    # deploy:
-    #   labels:
-    #     - homepage.group=Monitoring
-    #     - homepage.name=Graylog
-    #     - homepage.icon=graylog.png
-    #     - homepage.href=https://log.netgrimoire.com
-    #     - homepage.description=Logging Server
-    #     - caddy=log.netgrimoire.com
-    #     - caddy.reverse_proxy="{{upstreams 9000}}"
-    #   placement:
-    #     constraints:
-    #       - node.hostname == docker2
-
-
-volumes:
-  mongodb_data:
-    driver: local
-    driver_opts:
-      type: none
-      o: bind
-      device: /DockerVol/Graylog/Mongo/data/db
-
-  graylog-datanode:
-    driver: local
-    driver_opts:
-      type: none
-      o: bind
-      device: /DockerVol/Graylog/datanode
-
-  graylog_data:
-    driver: local
-    driver_opts:
-      type: none
-      o: bind
-      device: /DockerVol/Graylog/graylog_data
-
-  graylog_journal:
-    driver: local
-    driver_opts:
-      type: none
-      o: bind
-      device: /DockerVol/Graylog/graylog_journal
-
-
-networks:
-  netgrimoire:
-    external: true    
-
-
-
-
-
-
- 
-
-
diff --git a/logging.yaml b/logging.yaml
new file mode 100644
index 0000000..62942bf
--- /dev/null
+++ b/logging.yaml
@@ -0,0 +1,125 @@
+
+version: "3.8"
+
+services:
+  loki:
+    image: grafana/loki:2.9.3
+    command: -config.file=/etc/loki/loki-config.yaml
+    user: "1001:998"
+    environment:
+      - PUID=1001
+      - PGID=998
+      - TZ=America/Chicago
+      - UMASK=002
+    volumes:
+      - loki_config:/etc/loki
+      - loki_data:/loki
+    networks:
+      - netgrimoire
+    deploy:
+      labels:
+        - homepage.group=Monitoring
+        - homepage.name=Loki
+        - homepage.icon=loki.png
+        - homepage.href=http://loki:3100
+        - homepage.description=Log store
+        - caddy=loki.netgrimoire.com
+        - caddy.reverse_proxy={{upstreams 3100}}
+        - diun.enable=true
+        - kuma.monitor=true
+      placement:
+        constraints:
+          - node.hostname == docker3
+
+  promtail:
+    image: grafana/promtail:2.9.3
+    user: "1001:998"
+    command: -config.file=/etc/promtail/promtail-config.yaml
+    environment:
+      - PUID=1001
+      - PGID=998
+      - TZ=America/Chicago
+      - UMASK=002
+    volumes:
+      - promtail_config:/etc/promtail
+      - /var/log:/var/log:ro
+      - /var/lib/docker/containers:/var/lib/docker/containers:ro
+      - /var/run/docker.sock:/var/run/docker.sock
+    networks:
+      - netgrimoire
+    deploy:
+      labels:
+        - homepage.group=Monitoring
+        - homepage.name=Promtail
+        - homepage.icon=promtail.png
+        - homepage.href=http://loki.netgrimoire.com
+        - homepage.description=Log forwarder
+        - diun.enable=true
+        - kuma.monitor=false
+      placement:
+        constraints:
+          - node.hostname == docker3
+
+  grafana:
+    image: grafana/grafana:10.4.2
+    user: "1001:998"
+    environment:
+      - PUID=1001
+      - PGID=998
+      - TZ=America/Chicago
+      - UMASK=002
+      - GF_SECURITY_ADMIN_PASSWORD=admin
+      - GF_USERS_DEFAULT_THEME=dark
+    volumes:
+      - grafana_data:/var/lib/grafana
+    ports:
+      - "3000:3000"
+    networks:
+      - netgrimoire
+    deploy:
+      labels:
+        - homepage.group=Monitoring
+        - homepage.name=Grafana
+        - homepage.icon=grafana.png
+        - homepage.href=https://grafana.netgrimoire.com
+        - homepage.description=Metrics Dashboard
+        - caddy=grafana.netgrimoire.com
+        - caddy.reverse_proxy={{upstreams 3000}}
+        - diun.enable=true
+        - kuma.monitor=true
+      placement:
+        constraints:
+          - node.hostname == docker3
+
+volumes:
+  loki_config:
+    driver: local
+    driver_opts:
+      type: none
+      o: bind
+      device: /DockerVol/Loki/config
+
+  loki_data:
+    driver: local
+    driver_opts:
+      type: none
+      o: bind
+      device: /DockerVol/Loki/data
+
+  promtail_config:
+    driver: local
+    driver_opts:
+      type: none
+      o: bind
+      device: /DockerVol/Promtail/config
+
+  grafana_data:
+    driver: local
+    driver_opts:
+      type: none
+      o: bind
+      device: /DockerVol/Grafana/data
+
+networks:
+  netgrimoire:
+    external: true