Articles on: API Endpoints

How to setup Astra Traffic Collector for Mac

Here's how to configure Astra Traffic Collector for traffic monitoring inside a Mac based VM. It also covers troubleshooting common issues encountered during configuration.

Traffic Collector integration



Quick Installation



SSH into the VM.

Pre-requisite
Install Docker Desktop version 4.34 or later in your machine by following the official doc.
Follow these five steps to enable host network mode which is essential
- Sign in to your Docker account in Docker Desktop.
- Navigate to Settings.
- Under the Resources tab, select Network.
- Check the Enable host networking option.
- Select Apply and restart.

Create a directory for the Astra Traffic Collector
mkdir -p /opt/astra-traffic-collector && cd /opt/astra-traffic-collector


Create docker-compose.yaml file
version: '3.3' 
services:
  my-service-init:
    image: busybox:1.35.0-uclibc
    user: root
    volumes:
      - collector-message:/tmp/message_data
    command: chown -R 10001:10001 /tmp/message_data
  otel-sensor:
    image: docker.io/getastra/traffic-collector
    container_name: astra-traffic-collector
    volumes:
      - collector-message:/var/lib/otelcol/file_storage:z
      - /opt/astra-traffic-collector/config_custom.yaml:/etc/otelcol-contrib/config_custom.yaml:ro
    network_mode: host
    env_file:
      - .env
    restart: always
    depends_on:
      - my-service-init
volumes:
  collector-message:


Create .env file
Replace <collectorId> with the COLLECTOR_ID displayed during the creation of astra traffic collector integration.
Replace <clientId> with the CLIENT_ID displayed during the creation of astra traffic collector integration.
Replace <clientSecret> with the CLIENT_SECRET displayed during the creation of astra traffic collector integration.
COLLECTOR_ID=<collectorId>
CLIENT_ID=<clientId>
CLIENT_SECRET=<clientSecret>
TOKEN_URL=https://auth.getastra.com/realms/astra_api_scanner/protocol/openid-connect/token
REMOTE_ADDR_IDENTIFIER_HEADER=x-forwarded-for


Create config_custom.yaml file
processors:
  
  # https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/processor/filterprocessor
  filter/custom:
    error_mode: ignore
    traces:
      span:
        ## allowing traces based on hostname regex pattern. Following will drop all traces originated from host other than: localhost*
        # - IsMatch(attributes["url.host"], "localhost*") == false
        ## excluding traces based on hostname regex pattern. Following will drop all traces originated from host: localhost*
        # - IsMatch(attributes["url.host"], "localhost*")
        ## excluding traces based on template regex pattern. Following will drop all traces having url_template: _wdt*
        # - IsMatch(attributes["url.template"], "_wdt*")
        ## exclude traces with method set to OPTIONS. Comment below line to allow the traces with http method OPTIONS
        - ConvertCase(attributes["http.method"], "upper") == "OPTIONS"
  
  # https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/processor/transformprocessor
  transform/custom:
    error_mode: ignore
    trace_statements:
      - context: span
        statements:
          ## Templatize url path regex pattern by keyword: "slug". Following will templatize the url Path: /api/v1/chinchikrqwertyuiop/ -> /api/v1/{{slug}}/
          - replace_pattern(attributes["url.template"], "chinchikrqwertyuiop", "{{slug}}")
          ## Redact MasterCard credit card number 
          #- replace_all_patterns(attributes, "value", "^5[1-5][0-9]{14}$", "{{card}}")


Create macOS service file under /Library/LaunchDaemons/com.astra.traffic-collector.plist
The service file allows the Astra Traffic Collector to be managed as a launch daemon, enabling easy start, stop, restart, and automatic start on boot.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>com.astra.traffic-collector</string>
    <key>ProgramArguments</key>
    <array>
        <string>/usr/local/bin/docker</string>
        <string>compose</string>
        <string>-f</string>
        <string>/opt/astra-traffic-collector/docker-compose.yaml</string>
        <string>up</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
    <key>KeepAlive</key>
    <true/>
</dict>
</plist>


Manage the service by using launchctl
# Load the service
sudo launchctl load /Library/LaunchDaemons/com.astra.traffic-collector.plist

# Manage the service
sudo launchctl start com.astra.traffic-collector
sudo launchctl stop com.astra.traffic-collector

# Unload the service
sudo launchctl unload /Library/LaunchDaemons/com.astra.traffic-collector.plist


Customizing the behavior of astra-traffic-collector



Stop the astra-traffic-collector by running
sudo launchctl stop com.astra.traffic-collector


To customize the traffic collector edit the /opt/astra-traffic-collector/config_custom.yaml. Refer here

Start the traffic collector by running
sudo launchctl start com.astra.traffic-collector


Upgrade



Docker container upgrade


This process updates the astra-traffic-collector container to a new version of the collector while retaining any customization you've made via configuration files, such as custom_config.yaml

Execute the following commands to stop, upgrade and then start the service

sudo launchctl stop com.astra.traffic-collector
cd /opt/astra-traffic-collector/
docker-compose pull
sudo launchctl start com.astra.traffic-collector


Troubleshooting



Unable to send traces from traffic collector to ga collector

Symptoms

No entries in inventory/ inventory not getting updated

Following or similar error seen in traffic-collector container log

error	exporterhelper/queue_sender.go:92	Exporting failed. Dropping data.	{"kind": "exporter", "data_type": "traces", "name": "otlp", "error": "not retryable error: Permanent error: rpc error: code = Unauthenticated desc = transport: per-RPC creds failed due to error: failed to get security token from token endpoint (endpoint \"https://kc-admin.getastra.dev/realms/astra_api_scanner/protocol/openid-connect/token\"); oauth2: \"unauthorized_client\" \"Invalid client or Invalid client credentials\"", "dropped_items": 1}


Cause

Authenication fails with IAM server

Solution

Edit /opt/astra-traffic-collector/.env and update it with right credentials.

Restart astra-traffic-collector
sudo launchctl stop com.astra.traffic-collector
sudo launchctl start com.astra.traffic-collector


Unable to see entries in inventory

Symptoms

No entries in inventory/ inventory not getting updated

No error in nginx/traffic-collector log

Cause

Unregistered hostname

Solution

Double check if the hostname is registered under Scope URI for Report in Target setup page

FAQ (Frequently Asked Questions)



Can I see what trace are sent from my environment?

Yes, one can see the traces sent by traffic-collector by inspecting docker logs. Run docker logs <traffic-collector-container name>

Updated on: 06/02/2025

Was this article helpful?

Share your feedback

Cancel

Thank you!