# Configuring OTEL Event Collection with BlueRock

### Overview

When deploying BlueRock without a terraform or CloudFormation template, no OTEL collector information is specified to send events to a collector for event monitoring in a solution such as AWS CloudWatch.  This documentation provides instructions to configure and launch the AWS OTEL collector and have BlueRock events sent to AWS CloudWatch via the OTEL Collector.

### Instructions

#### Configure AWS CloudWatch

1. Login to the AWS Console
2. Navigate to CloudWatch.  Additional documentation for CloudWatch can be found [here](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/WhatIsCloudWatch.html)
3. Select Log Groups
4. Create Log Group
5. Provide a Log Group Name.  Note the Log Group Name
6. Click on the newly created Log Group
7. Create Log Stream.  Note the Log Stream Name<br>

#### Stage a BlueRock Configuration File

In the current version 1.3, the file needs to be fetched from an https source.  There are multiple ways to support this.  The below steps walk-through using an S3 bucket as the https source.  In an update release, this can be staged on the local instance file system.<br>

1. Below is a sample config.toml file for BlueRock that runs on startup. &#x20;

```toml
hostid = "hostname"
event_format = "OTEL"
event_url =  "http://internal_ip.address.of.instance:4318"
[ucecache]
k8slistener = false
containerlistener = true
containertype="docker"
```

2. Place this file in an S3 bucket or alternate hosting location.  **If it is in an S3 bucket then the file object needs to be publicly readable**.

#### Configure BlueRock with AWS OTEL Collector

1. Login into the BlueRock EC2 instance.
2. Navigate to `/opt/bluerock/etc`
3. Type `sudo vi config.source`
4. Enter the following in the file modifying the `bucket_name` and `region` information below:\
   \
   https\://{bucket\_name}.s3.{region}.amazonaws.com/config.toml<br>
5. Save the file
6. Navigate to the OTEL configuration directory: `cd /opt/bluerock/otel`
7. Edit the `otel-config.yaml` file
8. Populate the following parameters:\
   \
   **log\_group\_name** - enter the log group name from the above CloudWatch configuration steps\
   \
   **log\_stream\_name** - enter the log stream name from the above CloudWatch configuration steps\
   \
   **region** - modify the region as needed<br>

```yaml
receivers:
  otlp:
    protocols:
      http:
        endpoint: 0.0.0.0:4318

processors:
  batch:
    timeout: 1s
    send_batch_size: 1024

exporters:
  debug:
    verbosity: detailed
  awscloudwatchlogs:
    log_group_name: "your_log_group_name_from_above"
    log_stream_name: "your_log_stream_name_from_above"
    region: "us-east-1"
    endpoint: https://logs.us-east-1.amazonaws.com

service:
  pipelines:
    traces:
      receivers: [otlp]
      processors: [batch]
      exporters: [debug]
    logs:
      receivers: [otlp]
      processors: [batch]
      exporters: [awscloudwatchlogs]
  telemetry:
    logs:
      level: "debug"
```

9. Save the file
10. Run `docker-compose up -d`
11. Run `docker ps` to verify the otel collector is running
12. Execute `sudo systemctl restart uc-docker.service`  This will restart the BlueRock UltraControl policy engine and event generator.

You should now see events appear in the CloudWatch Log Group