Outcold Solutions - Monitoring Kubernetes, OpenShift and Docker in Splunk
Monitoring Docker in Splunk Monitoring Kubernetes in Splunk Monitoring OpenShift in Splunk Monitoring Linux in Splunk Monitoring Windows Containers in Splunk Forwarding Logs to Elasticsearch and OpenSearch Forwarding Logs to QRadar
Documentation Blog Contact Us Pricing Evaluation licenses Partners License Agreement Privacy Policy FAQ
Monitoring Docker

License server

If you run Collectord on more than a handful of Docker hosts, rotating a license key by editing every container gets old fast. Starting with version 5.17, Collectord can pull its license from a remote URL instead — so you update the key in one place and every host picks it up on the next refresh.

A few things to know before you wire this up:

  • A local license server only distributes the license to your clusters and nodes — it doesn’t replace the license verification that Outcold Solutions runs.
  • Collectord must reach the URL on first start. If it can’t load a license, it won’t start.
  • After that, Collectord caches the license internally — if the URL is unreachable on a later restart, it falls back to the cached copy.
  • Collectord polls the URL every 30 minutes for a new license.
  • A new license takes effect immediately, no restart required.
  • If your license requires internet verification, the license clients still talk to the License Server hosted by Outcold Solutions for that step.

Configure the remote license URL

Serve the license from your own HTTP server

Collectord doesn’t care how the license is served — anything that returns the file over HTTP works. The simplest approach is to drop the key into a file named license and start a quick HTTP server:

bash
1python3 -m http.server 9199

Confirm the file is reachable:

bash
1curl http://license-server.example.local:9199/license

Run Collectord as the license server

You can also use Collectord itself as the license server. The advantage — it tracks license usage for you and reports it on a schedule.

Run it like this, replacing ... with your license key. Drop the basicAuth line if you don’t want auth, or set a credential pair in username:password form. The example below leaves the username blank and uses password as the password:

bash
 1docker run -d \
 2  --name collectordlicenseserver \
 3  --cpus=0.5 \
 4  --cpu-shares=102 \
 5  --memory=64M \
 6  --restart=always \
 7  --publish 9199:9199 \
 8  --env "COLLECTOR__ACCEPTLICENSE=general__acceptLicense=true" \
 9  --env "COLLECTOR__HTTP_BINDING=general__httpServerBinding=0.0.0.0:9199" \
10  --env "COLLECTOR__LICENSE_KEY=general__license=..." \
11  --env "COLLECTOR__LICENSESERVER_BASICAUTH=license.server__basicAuth=:password" \
12  --entrypoint /collectord \
13  outcoldsolutions/collectorfordocker:26.04.1 license-server

Verify with curl:

bash
1curl -u :password http://license-server.example.local:9199/license

The license server prints usage reports to stdout every hour:

text
1INFO 2021/10/15 18:36:32.205219 outcoldsolutions.com/collectord/license_server.go:71: LicenseID: C5KBS5R69NH9G, Expiration: 1642116759, Limit: 200, Count: 54

Point collectorfordocker at the remote URL

Instead of passing the license key directly on the docker run command, point Collectord at your license URL. The example below also uses basic authentication (:password) — matching the Collectord-as-license-server setup above:

bash
 1docker run -d \
 2    --name collectorfordocker \
 3    --volume /sys/fs/cgroup:/rootfs/sys/fs/cgroup:ro \
 4    --volume /proc:/rootfs/proc:ro \
 5    --volume /var/log:/rootfs/var/log:ro \
 6    --volume /var/lib/docker/:/rootfs/var/lib/docker/:ro \
 7    --volume /var/run/docker.sock:/rootfs/var/run/docker.sock:ro \
 8    --volume collector_data:/data/ \
 9    --cpus=1 \
10    --cpu-shares=204 \
11    --memory=256M \
12    --restart=always \
13    --env "COLLECTOR__SPLUNK_URL=output.splunk__url=https://hec.example.com:8088/services/collector/event/1.0" \
14    --env "COLLECTOR__SPLUNK_TOKEN=output.splunk__token=B5A79AAD-D822-46CC-80D1-819F80D7BFB0"  \
15    --env "COLLECTOR__SPLUNK_INSECURE=output.splunk__insecure=true"  \
16    --env "COLLECTOR__ACCEPTLICENSE=general__acceptLicense=true" \
17    --env "COLLECTOR__LICENSE_URL=license.client__url=http://license-server.example.local:9199/license" \
18    --env "COLLECTOR__LICENSECLIENT_BASICAUTH=license.client__basicAuth=:password" \
19    --env "COLLECTOR__CLUSTER=general__fields.docker_cluster=-" \
20    --privileged \
21    outcoldsolutions/collectorfordocker:26.04.1

Update the license fleet-wide

To roll out a new license to every Collectord that reads from the remote URL, replace it in one place — on the License Server. Restart the license server with the new key and every host picks it up on its next 30-minute poll.