Akto Website Start free Book a demo Discord GitHub

Connect Akto on TLS service

PreviousConnect Akto with Docker NextConnect Akto with TCP Agent

Last updated 14 days ago

Was this helpful?

Connect Akto on TLS service

Akto can automatically detect and analyze your API traffic—even if it's encrypted using TLS. This is achieved using Akto Traffic Collector, which leverages eBPF to passively observe kernel-level network activity.

You can deploy this collector on any Linux-based system (VM, bare metal, or cloud instance) to forward traffic insights to Akto. Here's how:

Step 1: Set Up Akto Traffic Processor (Mini-Runtime)

First, set up and configure the Akto Traffic Processor (Mini-Runtime).

You’ll get a runtime service URL or Kafka IP once setup is complete.
If you're using on-prem Akto, this will be your internal runtime URL.

📘 for instructions.

Step 2: Deploy Traffic Collector (Supports TLS via eBPF)

This Docker container uses eBPF to mirror all API traffic at the kernel level—including TLS-encrypted traffic—without needing to decrypt it manually or modify applications.

⚠ Prerequisites:

Linux VM or system with kernel headers installed (required for eBPF)
Docker daemon installed and running
Access to your Akto runtime (Kafka IP)

Run the Traffic Collector

The kafka_ip here is the mini-runtime/runtime service URL we saved in the previous step.

docker run -d \
  --name akto-api-security-traffic-collector \
  --restart always \
  --network host \
  --privileged \
  --cap-add SYS_PTRACE \
  --cap-add SYS_ADMIN \
  -v /lib/modules:/lib/modules \
  -v /sys/kernel:/sys/kernel \
  -v /usr/src:/usr/src \
  -v /:/host \
  -e AKTO_TRAFFIC_BATCH_TIME_SECS=10 \
  -e AKTO_TRAFFIC_BATCH_SIZE=100 \
  -e AKTO_KAFKA_BROKER_MAL="<kafka_ip>" \
  aktosecurity/mirror-api-logging:k8s_ebpf

In case you face an issue with the spaces in the command above

docker run -d --name akto-api-security-traffic-collector --restart always --network host --privileged --cap-add SYS_PTRACE --cap-add SYS_ADMIN -v /lib/modules:/lib/modules -v /sys/kernel:/sys/kernel -v /usr/src:/usr/src -v /:/host -e AKTO_TRAFFIC_BATCH_TIME_SECS=10 -e AKTO_TRAFFIC_BATCH_SIZE=100 -e AKTO_KAFKA_BROKER_MAL="<kafka_ip>" aktosecurity/mirror-api-logging:k8s_ebpf

What’s Happening Behind the Scenes?

eBPF hooks into your Linux kernel to capture real-time traffic—even if it’s encrypted (TLS).
No code changes, no traffic proxying, no SSL termination.
The collector forwards API traces to Akto for real-time inventory and security analysis.

Get Support for your Akto setup

There are multiple ways to request support from Akto. We are 24X7 available on the following:

In-app intercom support. Message us with your query on intercom in Akto dashboard and someone will reply.
Contact help@akto.io for email support.

PreviousConnect Akto with Docker NextConnect Akto with TCP Agent

Last updated 14 days ago

Was this helpful?

You can deploy this collector on any Linux-based system (VM, bare metal, or cloud instance) to forward traffic insights to Akto. Here's how:

Step 1: Set Up Akto Traffic Processor (Mini-Runtime)

First, set up and configure the Akto Traffic Processor (Mini-Runtime).

You’ll get a runtime service URL or Kafka IP once setup is complete.
If you're using on-prem Akto, this will be your internal runtime URL.

📘 for instructions.

Step 2: Deploy Traffic Collector (Supports TLS via eBPF)

This Docker container uses eBPF to mirror all API traffic at the kernel level—including TLS-encrypted traffic—without needing to decrypt it manually or modify applications.

⚠ Prerequisites:

Linux VM or system with kernel headers installed (required for eBPF)
Docker daemon installed and running
Access to your Akto runtime (Kafka IP)

Run the Traffic Collector

The kafka_ip here is the mini-runtime/runtime service URL we saved in the previous step.

docker run -d \
  --name akto-api-security-traffic-collector \
  --restart always \
  --network host \
  --privileged \
  --cap-add SYS_PTRACE \
  --cap-add SYS_ADMIN \
  -v /lib/modules:/lib/modules \
  -v /sys/kernel:/sys/kernel \
  -v /usr/src:/usr/src \
  -v /:/host \
  -e AKTO_TRAFFIC_BATCH_TIME_SECS=10 \
  -e AKTO_TRAFFIC_BATCH_SIZE=100 \
  -e AKTO_KAFKA_BROKER_MAL="<kafka_ip>" \
  aktosecurity/mirror-api-logging:k8s_ebpf

In case you face an issue with the spaces in the command above

docker run -d --name akto-api-security-traffic-collector --restart always --network host --privileged --cap-add SYS_PTRACE --cap-add SYS_ADMIN -v /lib/modules:/lib/modules -v /sys/kernel:/sys/kernel -v /usr/src:/usr/src -v /:/host -e AKTO_TRAFFIC_BATCH_TIME_SECS=10 -e AKTO_TRAFFIC_BATCH_SIZE=100 -e AKTO_KAFKA_BROKER_MAL="<kafka_ip>" aktosecurity/mirror-api-logging:k8s_ebpf

What’s Happening Behind the Scenes?

eBPF hooks into your Linux kernel to capture real-time traffic—even if it’s encrypted (TLS).
No code changes, no traffic proxying, no SSL termination.
The collector forwards API traces to Akto for real-time inventory and security analysis.

Get Support for your Akto setup

There are multiple ways to request support from Akto. We are 24X7 available on the following:

In-app intercom support. Message us with your query on intercom in Akto dashboard and someone will reply.
Join our for community support.
Contact help@akto.io for email support.
Contact us .