Security
Collector
Image
Started from version 5.2
we build our docker.io image from scratch (0 size image). Collector image contains a binary (collector),
the set of root certificates and timezone database. Our collector is a statically compiled binary. We use a Go language
to produce this binary. We do not use dynamic runtime. Our binary only can do what we programmed it to do.
Alternatively we provide a certified image hosted on RedHat registry. This image is based on RHEL image. We keep it up to date and track vulnerabilities in the base image.
Container configuration
With the default configuration we ask read-only access to the system. Including host paths for docker runtime, proc filesystem, cgroup filesystem. We require read-only access to the API service and limit it with RBAC to be able only to read data from API Server. We require write access only to the place where we write acknowledgement information.
Using secrets to manage configurations
Please follow our instructions to learn how to use secrets to manage Token and License Key.
Internet access
Default license requires internet access for the license verification. We can offer a license, that does not require internet access.
Collector forwards telemetry to our license server. You can turn off telemetry with our configuration.
Connection to Splunk HTTP Event Collector
We recommend to use SSL for connection to Splunk HEC. Please follow our manual on how to configure secure SSL connection between the collector and Splunk HEC.
Links
-
Installation
- Start monitoring your docker environments in under 10 minutes.
- Automatically forward host, container and application logs.
- Test our solution with the embedded 30 days evaluation license.
-
Collector Configuration
- Collector configuration reference.
- Build custom image on top collector image with embedded configuration.
-
Container Annotations
- Forwarding application logs.
- Multi-line container logs.
- Fields extraction for application and container logs (including timestamp extractions).
- Hiding sensitive data, stripping terminal escape codes and colors.
-
Configuring Splunk Indexes
- Using not default HTTP Event Collector index.
- Configure the Splunk application to use not searchable by default indexes.
-
Splunk fields extraction for container logs
- Configure search-time fields extractions for container logs.
- Container logs source pattern.
-
Configurations for Splunk HTTP Event Collector
- Configure multiple HTTP Event Collector endpoints for Load Balancing and Fail-overs.
- Secure HTTP Event Collector endpoint.
- Configure the Proxy for HTTP Event Collector endpoint.
-
Collecting metrics from Prometheus format
- Configure collector to forward metrics from the services in Prometheus format.
-
Monitoring multiple clusters
- Learn how you can monitor multiple clusters.
- Learn how to set up ACL in Splunk.
-
Streaming Docker Objects from API Engine
- Learn how you can poll docker containers and images and forward them to Splunk.
-
License Server
- Learn how you can configure remote License URL for Collectord.
- Alerts
- Troubleshooting
- Release History
- Upgrade instructions
- Security
- FAQ and the common questions
- License agreement
- Pricing
- Contact