How to setup Astra Traffic Collector in Windows
Here's how to configure Astra Traffic Collector for traffic monitoring inside a Windows based VM (AWS/GCP/Azure/DO). It also covers troubleshooting common issues encountered during configuration.
SSH into the VM.
Pre-requisite
Install Docker Desktop version 4.34 or later in your machine by following the official doc.
Follow these five steps to enable host network mode which is essential
- Sign in to your Docker account in Docker Desktop.
- Navigate to Settings.
- Under the Resources tab, select Network.
- Check the Enable host networking option.
- Select Apply and restart.
Create a directory for the Astra Traffic Collector
Create docker-compose.yaml file
Create .env file
Replace <collectorId> with the COLLECTOR_ID displayed during the creation of astra traffic collector integration.
Replace <clientId> with the CLIENT_ID displayed during the creation of astra traffic collector integration.
Replace <clientSecret> with the CLIENT_SECRET displayed during the creation of astra traffic collector integration.
Create config_custom.yaml file
Create Windows service file using NSSM (Non-Sucking Service Manager)
The service file allows the Astra Traffic Collector to be managed as a Windows service, enabling easy start, stop, restart, and automatic start on boot.
Download and install NSSM from nssm.cc.
Open Command Prompt as Administrator and run:
In the GUI that appears, set the following:
- Path: C:\Program Files\Docker\Docker\resources\bin\docker.exe
- Startup directory: C:\opt\astra-traffic-collector
- Arguments: compose -f docker-compose.yaml up
Click "Install service".
Manage the service by using sc command
Stop the astra-traffic-collector by running
To customize the traffic collector edit the C:\opt\astra-traffic-collector\config_custom.yaml. Refer here
Start the traffic collector by running
This process updates the astra-traffic-collector container to a new version of the collector while retaining any customization you've made via configuration files, such as custom_config.yaml
Execute the following commands to stop, upgrade and then start the service
Unable to send traces from traffic collector to ga collector
Symptoms
No entries in inventory/ inventory not getting updated
Following or similar error seen in traffic-collector container log
Cause
Authentication fails with IAM server
Solution
Edit C:\opt\astra-traffic-collector\.env and update it with right credentials.
Restart astra-traffic-collector
Unable to see entries in inventory
Symptoms
No entries in inventory/ inventory not getting updated
No error in nginx/traffic-collector log
Cause
Unregistered hostname
Solution
Double check if the hostname is registered under Scope URI for Report in Target setup page
Can I see what trace are sent from my environment?
Yes, one can see the traces sent by traffic-collector by inspecting docker logs. Run docker logs <traffic-collector-container name>
Traffic Collector integration
Quick Installation
SSH into the VM.
Pre-requisite
Install Docker Desktop version 4.34 or later in your machine by following the official doc.
Follow these five steps to enable host network mode which is essential
- Sign in to your Docker account in Docker Desktop.
- Navigate to Settings.
- Under the Resources tab, select Network.
- Check the Enable host networking option.
- Select Apply and restart.
Create a directory for the Astra Traffic Collector
mkdir C:\opt\astra-traffic-collector
cd C:\opt\astra-traffic-collector
Create docker-compose.yaml file
version: '3.3'
services:
my-service-init:
image: busybox:1.35.0-uclibc
user: root
volumes:
- "collector-message:/tmp/message_data"
command: chown -R 10001:10001 /tmp/message_data
otel-sensor:
image: docker.io/getastra/traffic-collector
container_name: astra-traffic-collector
volumes:
- "collector-message:/var/lib/otelcol/file_storage:z"
- "C:/opt/astra-traffic-collector/config_custom.yaml:/etc/otelcol-contrib/config_custom.yaml:ro"
network_mode: host
env_file:
- .env
restart: always
depends_on:
- my-service-init
volumes:
collector-message:
Create .env file
Replace <collectorId> with the COLLECTOR_ID displayed during the creation of astra traffic collector integration.
Replace <clientId> with the CLIENT_ID displayed during the creation of astra traffic collector integration.
Replace <clientSecret> with the CLIENT_SECRET displayed during the creation of astra traffic collector integration.
COLLECTOR_ID=<collectorId>
CLIENT_ID=<clientId>
CLIENT_SECRET=<clientSecret>
TOKEN_URL=https://auth.getastra.com/realms/astra_api_scanner/protocol/openid-connect/token
REMOTE_ADDR_IDENTIFIER_HEADER=x-forwarded-for
Create config_custom.yaml file
processors:
# https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/processor/filterprocessor
filter/custom:
error_mode: ignore
traces:
span:
## allowing traces based on hostname regex pattern. Following will drop all traces originated from host other than: localhost*
# - IsMatch(attributes["url.host"], "localhost*") == false
## excluding traces based on hostname regex pattern. Following will drop all traces originated from host: localhost*
# - IsMatch(attributes["url.host"], "localhost*")
## excluding traces based on template regex pattern. Following will drop all traces having url_template: _wdt*
# - IsMatch(attributes["url.template"], "_wdt*")
## exclude traces with method set to OPTIONS. Comment below line to allow the traces with http method OPTIONS
- ConvertCase(attributes["http.method"], "upper") == "OPTIONS"
# https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/processor/transformprocessor
transform/custom:
error_mode: ignore
trace_statements:
- context: span
statements:
## Templatize url path regex pattern by keyword: "slug". Following will templatize the url Path: /api/v1/chinchikrqwertyuiop/ -> /api/v1/{{slug}}/
- replace_pattern(attributes["url.template"], "chinchikrqwertyuiop", "{{slug}}")
## Redact MasterCard credit card number
#- replace_all_patterns(attributes, "value", "^5[1-5][0-9]{14}$", "{{card}}")
Create Windows service file using NSSM (Non-Sucking Service Manager)
The service file allows the Astra Traffic Collector to be managed as a Windows service, enabling easy start, stop, restart, and automatic start on boot.
Download and install NSSM from nssm.cc.
Open Command Prompt as Administrator and run:
nssm install astra-traffic-collector
In the GUI that appears, set the following:
- Path: C:\Program Files\Docker\Docker\resources\bin\docker.exe
- Startup directory: C:\opt\astra-traffic-collector
- Arguments: compose -f docker-compose.yaml up
Click "Install service".
Manage the service by using sc command
# Manage the service
sc start astra-traffic-collector
sc stop astra-traffic-collector
sc restart astra-traffic-collector
sc query astra-traffic-collector
# Disable the service
sc delete astra-traffic-collector
Customizing the behavior of astra-traffic-collector
Stop the astra-traffic-collector by running
sc stop astra-traffic-collector
To customize the traffic collector edit the C:\opt\astra-traffic-collector\config_custom.yaml. Refer here
Start the traffic collector by running
sc start astra-traffic-collector
Upgrade
Docker container upgrade
This process updates the astra-traffic-collector container to a new version of the collector while retaining any customization you've made via configuration files, such as custom_config.yaml
Execute the following commands to stop, upgrade and then start the service
sc stop astra-traffic-collector
cd C:\opt\astra-traffic-collector\
docker-compose pull
sc start astra-traffic-collector
Troubleshooting
Unable to send traces from traffic collector to ga collector
Symptoms
No entries in inventory/ inventory not getting updated
Following or similar error seen in traffic-collector container log
error exporterhelper/queue_sender.go:92 Exporting failed. Dropping data. {"kind": "exporter", "data_type": "traces", "name": "otlp", "error": "not retryable error: Permanent error: rpc error: code = Unauthenticated desc = transport: per-RPC creds failed due to error: failed to get security token from token endpoint (endpoint \"https://kc-admin.getastra.dev/realms/astra_api_scanner/protocol/openid-connect/token\"); oauth2: \"unauthorized_client\" \"Invalid client or Invalid client credentials\"", "dropped_items": 1}
Cause
Authentication fails with IAM server
Solution
Edit C:\opt\astra-traffic-collector\.env and update it with right credentials.
Restart astra-traffic-collector
sc stop astra-traffic-collector
sc start astra-traffic-collector
Unable to see entries in inventory
Symptoms
No entries in inventory/ inventory not getting updated
No error in nginx/traffic-collector log
Cause
Unregistered hostname
Solution
Double check if the hostname is registered under Scope URI for Report in Target setup page
FAQ (Frequently Asked Questions)
Can I see what trace are sent from my environment?
Yes, one can see the traces sent by traffic-collector by inspecting docker logs. Run docker logs <traffic-collector-container name>
Updated on: 03/02/2025
Thank you!