Here's how to configure Astra Traffic Collector for traffic monitoring, by choosing the VM images from respective cloud provider marketplace (AWS/GCP/Azure/DO). It also covers troubleshooting common issues encountered during configuration.

Traffic Collector integration

Quick Installation

  1. **Spin up a new instance of traffic collector by chosing the right image from marketplace. **

  2. **SSH into the VM. **

  3. ** Locate the following two editable files under /opt/astra-traffic-collector/ **

  1. **Update the secrets by editing .env file: **

COLLECTOR_ID=
CLIENT_ID=
CLIENT_SECRET=
TOKEN_URL=https://auth.getastra.com/realms/astra_api_scanner/protocol/openid-connect/token

  1. That's it!. You should now see the astra-traffic-collector container running. Create "sensor" integrations from here and integrate it with astra-traffic-collector to seamlessly monitor traffic.

Customizing the behavior of astra-traffic-collector

  1. **To customize the traffic collector edit the config_custom.yaml. Refer here **

  2. **Start the traffic collector by running start traffic-collector service **

Upgrade

Docker container upgrade

| This process updates the running container to a new version of the collector while retaining any customization you've made via configuration files, such as custom config.yaml_.

  1. **Change directory where docker-compose.yaml is present: cd /opt/astra-traffic-collector/ **

  2. Run docker-compose down on the docker-compose.yaml to stop the container

  3. Run docker-compose pull to update the image to latest

  4. Run docker-compose up to start the latest image

Image upgrade

Refers to upgrading the virtual machine image used for the Traffic Collector. This process typically involves creating a new VM image with updated software. Customizations made on the existing VM will be lost as the VM is replaced with a new image.

You can use GUI and also use cli tools like awscli, gcloud, az to pull a new VM using the Image from the cloud provider's marketplace.

aws ec2 describe-images --filters "Name=name,Values=YourImageName"
aws ec2 terminate-instances --instance-ids i-1234567890abcdef0
aws ec2 run-instances --image-id ami-0123456789abcdef0

gcloud compute instances stop INSTANCE_NAME
gcloud compute instances delete INSTANCE_NAME
gcloud compute instances create INSTANCE_NAME --image-family=IMAGE_FAMILY --image-project=IMAGE_PROJECT

az vm deallocate --resource-group myResourceGroup --name myVM
az vm delete --resource-group myResourceGroup --name myVM
az vm create --resource-group myResourceGroup --name myVM --image IMAGE_URN

doctl compute droplet-action shutdown DROPLET_ID
doctl compute droplet delete DROPLET_ID
doctl compute droplet create --image IMAGE_SLUG --size droplet_size --region region_slug --ssh-keys key_id

Troubleshooting

  1. **Unable to send traces from traffic collector to ga collector **

Symptoms

error	exporterhelper/queue_sender.go:92	Exporting failed. Dropping data.	{"kind": "exporter", "data_type": "traces", "name": "otlp", "error": "not retryable error: Permanent error: rpc error: code = Unauthenticated desc = transport: per-RPC creds failed due to error: failed to get security token from token endpoint (endpoint  \"https://auth.getastra.com/realms/astra_api_scanner/protocol/openid-connect/token\"); oauth2: \"unauthorized_client\" \"Invalid client or Invalid client credentials\"", "dropped_items": 1}

Cause

  1. Unable to see entries in inventory

Symptoms

FAQ (Frequently Asked Questions)

  1. How to restart astra-traffic-collector

Execute the following commands to restart astra-traffic-collector

cd /opt/astra-traffic-collector/
docker compose down
docker compose up -d

  1. Can I see what trace are sent from my environment?

Yes, one can see the traces sent by traffic-collector by inspecting docker logs. Run docker logs astra-traffic-collector