Start by reviewing the OpenTelemetry Collector security documentation.
Please DO NOT report security vulnerabilities via public GitHub issue reports. Please report security issues here.
This project relies on a variety of external dependencies. These dependencies are monitored by Dependabot. Dependencies are checked daily and associated pull requests are opened automatically. Upgrading to the latest release is recommended to ensure you have the latest security updates. If a security vulnerability is detected for a dependency of this project then either:
- You are running an older release
- A new release with the updates has not been cut yet
- The updated dependency has not been merged likely due to some breaking change (in this case, we will actively work to resolve the issue and open a tracking GitHub issues with details)
- The dependency has not released an updated version with the patch
By default, the Splunk OpenTelemetry Connector exposes several endpoints. Endpoints will either be exposed:
- Locally (
localhost
): Within the service - Publicly (
0.0.0.0
): On all network interfaces
The endpoints exposed depends on which mode the Splunk OpenTelemetry Connector is configured in.
http(s)://0.0.0.0:13133/
Health endpoint useful for load balancer monitoringhttp(s)://0.0.0.0:[6831|6832|14250|14268]/api/traces
Jaeger [gRPC|Thrift HTTP] receiverhttp(s)://localhost:55679/debug/[tracez|pipelinez]
zPages monitoringhttp(s)://0.0.0.0:4317
OpenTelemetry gRPC receiverhttp(s)://0.0.0.0:6060
HTTP Forwarder used to receive Smart AgentapiUrl
datahttp(s)://0.0.0.0:7276
SignalFx Infrastructure Monitoring gRPC receiverhttp(s)://localhost:8888/metrics
Prometheus metrics for the Collectorhttp(s)://localhost:8006
Fluent forward receiverhttp(s)://0.0.0.0:9080
SignalFx forwarder receiverhttp(s)://0.0.0.0:9411/api/[v1|v2]/spans
Zipkin JSON (can be set to proto) receiverhttp(s)://0.0.0.0:9943/v2/trace
SignalFx APM receiver
Components, especially receivers, can and should be disabled if not required for an environment.