We’ve released two new backends for Orb agent: pktvisor and OpenTelemetry-Infinity. These are the first observability-focused backends for Orb agent, opening up a whole new set of use cases beyond the discovery capabilities you might already know.
If you’re coming from NetBox Discovery, you’ve already seen Orb agent in action. It’s the lightweight, modular agent that powers network and device discovery, SNMP collection, and custom integrations through the extensible Worker backend. Basically, it helps you automatically find devices, gather inventory, and keep your network source of truth up to date.
Orb agent is packaged as a lightweight container that runs anywhere you can run containers, and you configure it with simple YAML policies. We’ve extended it with observability backends: same agent, new capabilities.
These new backends let Orb agent analyze network traffic, collect application telemetry, and send insights to your existing observability tools. If you’re already running Orb agents for discovery, you can add observability policies to those same agents. And if you haven’t tried Orb agent yet, you now have discovery and observability in one lightweight package.
Here’s a common challenge with network observability: modern networks generate massive amounts of data. Shipping all that raw traffic to centralized systems gets expensive fast, and by the time you process it, you’ve already lost precious seconds. pktvisor takes a different approach by analyzing data right where it’s generated and only sending the meaningful signals.
pktvisor has been analyzing millions of packets per second of production network traffic, particularly in critical internet infrastructure. Instead of just forwarding raw packets or flow data, pktvisor does the hard work of analysis at the edge and generates metrics that plug directly into tools like Prometheus and Grafana.
pktvisor can tap into multiple network data sources: packet capture (PCAP) for deep inspection, dnstap for DNS analysis, sFlow for sampled flows, and NetFlow/IPFIX for flow data. Once it’s connected to these streams, it generates a rich set of metrics—counters for volume and protocol distribution, histograms for latency, heavy hitters for identifying significant traffic patterns, and even GeoIP mapping to understand where traffic is coming from.
The pktvisor backend really shines when you need to understand what’s happening on your network right now. Whether you’re tracking down a DDoS attack, optimizing traffic engineering decisions, monitoring DNS resolver health, or just keeping tabs on network performance, pktvisor gives you the visibility you need without drowning you in raw packet captures. Check out the full capabilities at the pktvisor GitHub repository.
The second backend is OpenTelemetry-Infinity, which brings the entire opentelemetry-collector-contrib distribution into the Orb agent ecosystem. If you’re not familiar with OpenTelemetry, it’s become the industry standard for collecting traces, metrics, and logs from cloud-native applications and infrastructure. The Collector is the central piece that receives telemetry, processes it, and sends it wherever you need it to go.
The contrib distribution is extensive. It includes receivers for collecting telemetry from hundreds of sources—everything from application instrumentation (OTLP, Jaeger, Zipkin) to infrastructure metrics (Prometheus, Docker, Kubernetes) to cloud platforms (AWS, GCP, Azure). It has processors for transforming and filtering that data. And it has exporters for sending processed telemetry to most backends you can think of, from open source tools like Prometheus and Jaeger to commercial observability platforms.
What OpenTelemetry-Infinity does is wrap all of this into a single binary that you can configure dynamically through Orb agent policies, opening all sorts of full-stack observability possibilities. You can monitor application performance and distributed traces to understand how your services interact, collect host and container metrics to track resource usage, aggregate logs from across your infrastructure, and monitor cloud resources with native integrations. It complements pktvisor’s network focus by giving you visibility into everything else. Dive deeper at the opentelemetry-infinity GitHub repository.
Both observability backends are configured the same way you configure discovery workflows in Orb agent: through YAML policies. You define what data to collect, how to process it, and where to send it. Different policies can be applied to different groups of agents based on tags, so you might run DNS analysis on edge nodes while collecting application traces from your Kubernetes clusters.
Orb agent also supports Git-based configuration management, so you can store all your policies in version control and automatically deploy updates across your agent fleet. And if you’re dealing with credentials or API keys, the agent integrates with HashiCorp Vault and other secret managers to keep sensitive data secure. These capabilities work the same way for observability backends as they do for discovery backends.
Both pktvisor and OpenTelemetry-Infinity are completely open source, developed in public, and available now. This fits with the Big Tent approach we take at NetBox Labs—building tools that work well together and with the broader ecosystem, all developed in the open.
These observability backends join the existing Orb agent capabilities: network discovery with Nmap, device discovery with NAPALM, SNMP discovery, and custom integrations through the Worker framework. Whether you need discovery, observability, or both, it’s all there in one agent.
Want to give these backends a spin? Head over to the Orb agent repository for complete setup instructions and configuration examples. The documentation walks through everything from basic policies to more advanced configurations.The latest Orb agent image includes both backends, so you can pull it from Docker Hub and start experimenting.
For a deeper dive, check out the pktvisor, OpenTelemetry-Infinity and OpenTelemetry Collector Contrib repositories on GitHub.
Adding observability backends to Orb agent opens up a lot of possibilities. You can now run discovery and monitoring from the same agent framework, getting a more complete picture of your infrastructure, from what devices you have to how they’re performing right now.
We’d love to hear what you think. Whether you’re using these backends for network security, application monitoring, or something else entirely, your feedback helps us figure out where to go next. Drop by our NetDev Community Slack (#orb channel), open issues on GitHub, or email us at product@netboxlabs.com.