I recently started to use OpenObserve to collect logs from my home lab and I wanted to add NetFlow. The documentation is good but unfortunately, running the binary directly from Docker Compose did not work. I had to package it with a trivial bash script.
Here is how I fixed it.
The Dockerfile to build the container image:
FROM debian:12
ADD --chown=root:root --chmod=755 https://github.com/openobserve/goflow2/releases/download/v100.0.1/goflow2-100.0.1-linux-x86_64 /goflow2
ADD --chown=root:root --chmod=755 ./run.sh /run.sh
RUN apt-get update && apt-get upgrade -y && rm -vrf -- /var/cache/apt
ENTRYPOINT /run.sh
EXPOSE 2055/udp
EXPOSE 6343/udp
The run.sh to start the collector:
#!/usr/bin/env bash
set -euf -o pipefail
/goflow2 -transport http -transport.http.destination "$HTTP_DESTINATION" -transport.http.batchSize "$HTTP_BATCHSIZE" -transport.http.auth.header "$HTTP_HEADER" -transport.http.auth.credentials "$HTTP_CREDENTIALS"
The Docker Compose service:
services:
goflow2:
build: goflow2
restart: always
env_file:
- .env.goflow2
environment:
TZ: Etc/UTC
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
ports:
- 2055:2055/udp
- 6343:6343/udp
deploy:
resources:
limits:
cpus: "1.0"
memory: 1g
memswap_limit: 1g
The .env.goflow2 file:
HTTP_DESTINATION=http://openobserve:5080/api/default/netflow/_json
HTTP_BATCHSIZE=100
HTTP_HEADER=Authorization
HTTP_CREDENTIALS="Basic dXNlcm5hbWU6cGFzc3dvcmQ="
Start the container and look at your OpenObserve instance, you should see a new stream named netflow pretty quickly.
OpenObserve is, according to them, a fast, scalable and cost-effective open source observability platform.