Configuring OTEL Event Collection with BlueRock

Overview

When deploying BlueRock without a terraform or CloudFormation template, no OTEL collector information is specified to send events to a collector for event monitoring in a solution such as AWS CloudWatch. This documentation provides instructions to configure and launch the AWS OTEL collector and have BlueRock events sent to AWS CloudWatch via the OTEL Collector.

Instructions

Configure AWS CloudWatch

Login to the AWS Console
Navigate to CloudWatch. Additional documentation for CloudWatch can be found here
Select Log Groups
Create Log Group
Provide a Log Group Name. Note the Log Group Name
Click on the newly created Log Group
Create Log Stream. Note the Log Stream Name

Stage a BlueRock Configuration File

In the current version 1.3, the file needs to be fetched from an https source. There are multiple ways to support this. The below steps walk-through using an S3 bucket as the https source. In an update release, this can be staged on the local instance file system.

Below is a sample config.toml file for BlueRock that runs on startup.

hostid = "hostname"
event_format = "OTEL"
event_url =  "http://internal_ip.address.of.instance:4318"
[ucecache]
k8slistener = false
containerlistener = true
containertype="docker"

Place this file in an S3 bucket or alternate hosting location. If it is in an S3 bucket then the file object needs to be publicly readable.

Configure BlueRock with AWS OTEL Collector

Login into the BlueRock EC2 instance.
Navigate to /opt/bluerock/etc
Type sudo vi config.source
Enter the following in the file modifying the bucket_name and region information below: https://{bucket_name}.s3.{region}.amazonaws.com/config.toml
Save the file
Navigate to the OTEL configuration directory: cd /opt/bluerock/otel
Edit the otel-config.yaml file
Populate the following parameters: log_group_name - enter the log group name from the above CloudWatch configuration steps log_stream_name - enter the log stream name from the above CloudWatch configuration steps region - modify the region as needed

receivers:
  otlp:
    protocols:
      http:
        endpoint: 0.0.0.0:4318

processors:
  batch:
    timeout: 1s
    send_batch_size: 1024

exporters:
  debug:
    verbosity: detailed
  awscloudwatchlogs:
    log_group_name: "your_log_group_name_from_above"
    log_stream_name: "your_log_stream_name_from_above"
    region: "us-east-1"
    endpoint: https://logs.us-east-1.amazonaws.com

service:
  pipelines:
    traces:
      receivers: [otlp]
      processors: [batch]
      exporters: [debug]
    logs:
      receivers: [otlp]
      processors: [batch]
      exporters: [awscloudwatchlogs]
  telemetry:
    logs:
      level: "debug"

Save the file
Run docker-compose up -d
Run docker ps to verify the otel collector is running
Execute sudo systemctl restart uc-docker.service This will restart the BlueRock UltraControl policy engine and event generator.

You should now see events appear in the CloudWatch Log Group

PreviousGetting Started with BlueRock Secure MCP Server NextUsing the BlueRock Secure MCP Server for FastMCP

Last updated 1 month ago