A Docker container for NetObserv SNMP Trap is available on Docker Hub. docker-compose is a good way to run the container. It allows for the various environment variables, used to configure the collector, to be easily managed in one place without having to enter them on the command line.
docker-compose.yml
The following docker-compose.yml file provides a starting point that can be further customized for your environment and needs.
Image
The name of the currently released image is elastiflow/trap-collector:{constants.version}.
Restart
restart is set to unless-stopped so that the collector will restart automatically if it fails for some reason.
Ports
This compose file assumes you need to listen to port 162, and that you will be running Docker using sudo to allow Docker to mount to the privileged port 162. If your context is different, or you configured trap-collector differently, you should adjust the compose contents as needed.
Volumes
There are a few scenarios where you will want to mount volumes in the compose file. The container can work without any volume mounting, but you also will not be able to persist any configuration files that way.
It is also possible to build a new container, adding additional files as needed. This may the best choice if running the container in a dynamically orchestrated environment (e.g. running in Kubernetes). However for an instance dedicated to a specific host, using bind mounted volumes can be very convenient.
Mounting /var/lib/elastiflow/trapcoll
The /var/lib/elastiflow/trapcoll path can be mounted for a couple of reasons.
the devices.yml file is used to store information about devices that have sent traps to the collector. That will be automatically created by the container when it starts, and will reside at /var/lib/elastiflow/trapcoll/devices.yml.
If you anticipate devices sending v3 traps, you will need to provide the collector with the necessary credentials. This can be done by mounting your credentials configurations (see credentials.yml for a template) to /etc/elastiflow/snmp/traps/credentials in the container. More information regarding v3 trap credentials can be found here
Make sure, on your host machine, /var/lib/elastiflow/trapcoll is owned by a user named 'ElastiFlow' since that is the user which the container will use. For example:
Mounting /var/lib/elastiflow/snmp
If you want to customize the 'rules' for how trap-collector interprets traps and OIDs, then
volume mount the the below /var/lib/elastiflow/snmp
download the latest release of the 'snmp' repo to that location on your host machine.
Now you can add additional folders or files inside /var/lib/elastiflow/snmp on your host machine, and you'll have more customizable control over how trap-collector interprets traps.
Environment variables
NetObserv SNMP Trap is configured using environment variables.
For a complete reference of all configuration options please refer to the Configuration Reference.
At minimum, you will need to set the following license related variables. NetObserv SNMP Trap requires a license to run at all.
EF_LICENSE_ACCEPTED should be set to "true". This indicates you accept the EULA of trap-collector.
EF_ACCOUNT_ID and EF_LICENSE_KEY will be provided by ElastiFlow when you purchase a license.
Running the Container
After completing configuration of the collector in the docker-compose.yml file, you can start the container using one of the below commands.
For many linux environments, you might have to run sudo to run Docker compose.
From within the same path as the docker-compose.yml file:
