SSH access to the Docker host, with the ability to launch new containers.
Configured network devices to send syslog to the host running the ktranslate docker container. Here's how to configure network syslog data collection in some devices:
The default listening port for ktranslate is 5143 (TCP/UDP). If you need to use the default syslog port of 514, you can do so by removing --net=host from your run command, replacing it with -p 514:5143/udp. To bind the listener to a port above 1024, add -syslog.source="0.0.0.0:<port>" to the end of the run command instead.
Copy the snmp-base.yaml file to the local $HOME directory of your Docker user, and discard the container by running the following:
bash
$
cd.
$
id=$(docker create kentik/ktranslate:v2)
$
docker cp$id:/etc/ktranslate/snmp-base.yaml .
$
docker rm -v $id
In the snmp-base.yaml file, add your network syslog devices inside the devices key with the following structure:
devices:
syslogDevice:
device_name: edge-router
device_ip: 10.10.1.254
ping_only:true
# Optional user tags
user_tags:
owning_team: net_eng
environment: production
팁
If you're already monitoring SNMP data devices that send network syslog, you don't need to add them in your snmp-base.yaml file a second time. The ping_only attribute used in the configuration file can optionally be replaced with flow_only to remove response time monitoring and only collect syslog messages from the host.
Run ktranslate to listen for network syslog by running:
bash
$
docker run -d --name ktranslate-syslog --restart unless-stopped --net=host \
>
-v `pwd`/snmp-base.yaml:/snmp-base.yaml \
>
-e NEW_RELIC_API_KEY=$YOUR_NR_LICENSE_KEY\
>
kentik/ktranslate:v2 \
>
-snmp /snmp-base.yaml \
>
-nr_account_id=$YOUR_NR_ACCOUNT_ID\
>
## If your account is located in Europe, add the following option:
$
## -nr_region=EU \
$
## If you want to use FedRAMP, add the following flag to use the FedRAMP authorized endpoints:
$
## -nr_region=GOV \
$
-metrics=jchf \
>
-tee_logs=true \
>
-service_name=syslog \
>
## Optional: To override the default listening port of "0.0.0.0:5143":