Status: ✅ PRODUCTION READY | Version: 2.0.2 | Last Updated: September 2025
NoC Raven is a high‑performance, turn‑key telemetry collection and forwarding appliance designed for venue environments. Fully tested and certified for production deployment.
Core services
- Web control panel (nginx) on container port 8080
- Config API (Go) on 5004, proxied by nginx at /api/
- Fluent Bit (syslog collection, dynamic port)
- GoFlow2 (NetFlow v5, IPFIX, sFlow collectors)
- Telegraf (SNMP traps, system metrics, dynamic port)
- Vector (log/metric pipeline + local file sinks)
- Log retention daemon enforcing size budgets
Quick start
-
Build the image DOCKER_BUILDKIT=1 docker build -t noc-raven:test .
-
Terminal mode (first-time configuration) ./scripts/run-terminal.sh
docker attach noc-raven-term
Notes:
- Terminal mode uses root + CAP_NET_ADMIN so hostname/timezone/IP/gateway can be applied inside the container.
- Settings are persisted under ./.noc-raven-config (bind-mounted to /config).
-
Web/Auto mode ./scripts/run-web.sh
Alternative direct docker run (auto-detects DHCP, shows terminal menu if needed): docker run -d --name noc-raven
-p 9080:8080
-p 8084:8084
-p 1514:1514/udp -p 2055:2055/udp -p 4739:4739/udp -p 6343:6343/udp
-p 162:162/udp
-v noc-raven-data:/data -v noc-raven-config:/config
noc-raven:test
Default ports (inside the container)
- Web UI: 8080/tcp (expose on host)
- Windows Events HTTP (Vector): 8084/tcp (expose on host for event ingestion)
- Config-service API: 5004/tcp (internal, proxied by Nginx at /api; do not expose in production)
- Collectors (UDP): Syslog 1514, NetFlow v5 2055, IPFIX 4739, sFlow 6343, SNMP traps 162
Dynamic configuration
- JSON config path: /opt/noc-raven/web/api/config.json
- GET/POST /api/config (proxied by nginx to local config-service on 5004)
- POST /api/services//restart to restart: fluent-bit | goflow2 | telegraf | nginx | vector
Examples
-
Change syslog port to 5514 curl -s http://localhost:9080/api/config | jq '.collection.syslog.port=5514' |
curl -sX POST http://localhost:9080/api/config -H 'Content-Type: application/json' --data-binary @- -
Restart Fluent Bit after config changes curl -sX POST http://localhost:9080/api/services/fluent-bit/restart
What’s persisted
- /data: telemetry buffers and logs (bind to docker volume)
- /config: user config (bind to docker volume)
Notes
- The container runs as non-root (user: nocraven). Certain kernel tunings and privileged ports may not be available in all environments.
- If host ports 514 or 162 are occupied, map alternative host ports as shown above.
Health
- Web health: http://localhost:9080/health (OK JSON)
- Config-service health: http://localhost:9080/api/config (GET)
- Vector health: internal http://localhost:8084/health
Production image tag
- Canonical Dockerfile for builds: Dockerfile (see docs/DOCKERFILES.md)
- Deprecated: Dockerfile.web (reference only)
- Legacy: Dockerfile.production (if present)
- rectitude369/noc-raven:latest
Recent changes
- Node backend removed in favor of Go config-service (canonical API behind Nginx /api)
- React Router enabled; dev server proxies /api to container for local development
- Added Playwright smoke tests and CI workflow for basic end-to-end validation
Release notes and validation
- See docs/FINAL_VALIDATION.md and docs/RELEASE_NOTES_v1.0.0.md for details.
Optional API authentication (disabled by default)
- You can protect the Config API with a static API key. By default, auth is disabled.
- For this beta (v.90-beta), API auth is intentionally disabled (no key is set in the container).
- To enable later, set an env var when running the container: NOC_RAVEN_API_KEY=
- Clients must send either:
- Header: X-API-Key:
- OR Header: Authorization: Bearer
- CORS preflight (OPTIONS) is always allowed. Example: curl -s -H "X-API-Key: $KEY" http://localhost:9080/api/config | jq .
Recommended Production Command:
docker run -d --name noc-raven \
--restart unless-stopped \
-p 9080:8080 \
-p 8084:8084/tcp \
-p 1514:1514/udp \
-p 2055:2055/udp \
-p 4739:4739/udp \
-p 6343:6343/udp \
-p 162:162/udp \
--cap-add NET_ADMIN \
noc-raven:productionHealth Check:
curl http://localhost:9080/api/system/statusWeb Interface: http://localhost:9080
See TESTING_REPORT.md for comprehensive testing results and production readiness certification.