diff --git a/src/core/metrics/sources/nginx_access_log.go b/src/core/metrics/sources/nginx_access_log.go
index f18dc9fb7..69d0dcf43 100644
--- a/src/core/metrics/sources/nginx_access_log.go
+++ b/src/core/metrics/sources/nginx_access_log.go
@@ -18,6 +18,10 @@ import (
 	"github.com/nginx/agent/v2/src/core/metrics/sources/tailer"
 )
 
+const (
+	spaceDelim = " "
+)
+
 // This metrics source is used to tail the NGINX access logs to retrieve http metrics.
 
 type NginxAccessLog struct {
@@ -207,26 +211,30 @@ func (c *NginxAccessLog) logStats(ctx context.Context, logFile, logFormat string
 			}
 
 			if access.Request != "" {
-				splitRequest := strings.Split(access.Request, " ")
-				n := fmt.Sprintf("method.%s", strings.ToLower(splitRequest[0]))
+				method, _, protocol := getParsedRequest(access.Request)
+				n := fmt.Sprintf("method.%s", strings.ToLower(method))
 				if isOtherMethod(n) {
 					n = "method.others"
 				}
 				counters[n] = counters[n] + 1
 
 				if access.ServerProtocol == "" {
-					httpProtocolVersion := strings.Split(splitRequest[2], "/")[1]
-					httpProtocolVersion = strings.ReplaceAll(httpProtocolVersion, ".", "_")
-					n = fmt.Sprintf("v%s", httpProtocolVersion)
-					counters[n] = counters[n] + 1
+					if strings.Count(protocol, "/") == 1 {
+						httpProtocolVersion := strings.Split(protocol, "/")[1]
+						httpProtocolVersion = strings.ReplaceAll(httpProtocolVersion, ".", "_")
+						n = fmt.Sprintf("v%s", httpProtocolVersion)
+						counters[n] = counters[n] + 1
+					}
 				}
 			}
 
 			if access.ServerProtocol != "" {
-				httpProtocolVersion := strings.Split(access.ServerProtocol, "/")[1]
-				httpProtocolVersion = strings.ReplaceAll(httpProtocolVersion, ".", "_")
-				n := fmt.Sprintf("v%s", httpProtocolVersion)
-				counters[n] = counters[n] + 1
+				if strings.Count(access.ServerProtocol, "/") == 1 {
+					httpProtocolVersion := strings.Split(access.ServerProtocol, "/")[1]
+					httpProtocolVersion = strings.ReplaceAll(httpProtocolVersion, ".", "_")
+					n := fmt.Sprintf("v%s", httpProtocolVersion)
+					counters[n] = counters[n] + 1
+				}
 			}
 
 			// don't need the http status for NGINX Plus
@@ -294,6 +302,35 @@ func (c *NginxAccessLog) logStats(ctx context.Context, logFile, logFormat string
 	}
 }
 
+func getParsedRequest(request string) (method string, uri string, protocol string) {
+	if len(request) == 0 {
+		return
+	}
+
+	startURIIdx := strings.Index(request, spaceDelim)
+	if startURIIdx == -1 {
+		return
+	}
+
+	endURIIdx := strings.LastIndex(request, spaceDelim)
+	// Ideally, endURIIdx should never be -1 here, as startURIIdx should have handled it already
+	if endURIIdx == -1 {
+		return
+	}
+
+	// For Example: GET /user/register?ahref<random>p' or '</random> HTTP/1.1
+
+	// method -> GET
+	method = request[:startURIIdx]
+
+	// uri -> /user/register?ahref<random>p' or '</random>
+	uri = request[startURIIdx+1 : endURIIdx]
+
+	// protocol -> HTTP/1.1
+	protocol = request[endURIIdx+1:]
+	return
+}
+
 func getRequestLengthMetricValue(requestLengths []float64) float64 {
 	value := 0.0
 
diff --git a/src/core/metrics/sources/nginx_access_log_test.go b/src/core/metrics/sources/nginx_access_log_test.go
index 5f650a500..0b46f7e8e 100644
--- a/src/core/metrics/sources/nginx_access_log_test.go
+++ b/src/core/metrics/sources/nginx_access_log_test.go
@@ -74,7 +74,7 @@ func TestAccessLogStats(t *testing.T) {
 			`$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"`,
 			[]string{
 				"127.0.0.1 - - [19/May/2022:09:30:39 +0000] \"GET /nginx_status HTTP/1.1\" 200 98 \"-\" \"Go-http-client/1.1\" \"-\"\n",
-				"127.0.0.1 - - [19/May/2022:09:30:39 +0000] \"GET /nginx_status HTTP/1.1\" 200 98 \"-\" \"Go-http-client/1.1\" \"-\"\n",
+				`127.0.0.1 - - [19/May/2022:09:30:39 +0000] "GET /user/register?ahref<Script>p' or 's' = 's</Script> HTTP/1.1" 200 98 "-" "-" "-"`,
 			},
 			make(chan *proto.StatsEntity, 1),
 			&proto.StatsEntity{
diff --git a/src/extensions/nginx-app-protect/monitoring/processor/nap.go b/src/extensions/nginx-app-protect/monitoring/processor/nap.go
index ea34ce712..4ee606406 100644
--- a/src/extensions/nginx-app-protect/monitoring/processor/nap.go
+++ b/src/extensions/nginx-app-protect/monitoring/processor/nap.go
@@ -81,7 +81,6 @@ var (
 		subViolations,
 		supportID,
 		threatCampaignNames,
-		httpURI,
 		violationRating,
 		httpHostname,
 		xForwardedForHeaderVal,
@@ -97,6 +96,7 @@ var (
 		clientApplication,
 		clientApplicationVersion,
 		transportProtocol,
+		httpURI,
 	}
 )
 
diff --git a/src/extensions/nginx-app-protect/monitoring/processor/testdata/expanded_nap_waf.log.txt b/src/extensions/nginx-app-protect/monitoring/processor/testdata/expanded_nap_waf.log.txt
index d2d9b3a78..3580c2d44 100644
--- a/src/extensions/nginx-app-protect/monitoring/processor/testdata/expanded_nap_waf.log.txt
+++ b/src/extensions/nginx-app-protect/monitoring/processor/testdata/expanded_nap_waf.log.txt
@@ -1 +1 @@
-N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592513,N/A,/,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' encoding='UTF-8'?><BAD_MSG><violation_masks><block>410000000200c00-3a03030c30000072-8000000000000000-0</block><alarm>477f0ffcbbd0fea-befbf35cb000007e-8000000000000000-0</alarm><learn>0-20-0-0</learn><staging>0-0-0-0</staging></violation_masks><request-violations><violation><viol_index>42</viol_index><viol_name>VIOL_ATTACK_SIGNATURE</viol_name><context>parameter</context><parameter_data><value_error/><enforcement_level>global</enforcement_level><name>YQ==</name><auto_detected_type>alpha-numeric</auto_detected_type><value>PHNjcmlwdD4=</value><location>query</location><param_name_pattern>*</param_name_pattern><staging>0</staging></parameter_data><staging>0</staging><sig_data><sig_id>200001475</sig_id><blocking_mask>3</blocking_mask><kw_data><buffer>YT08c2NyaXB0Pg==</buffer><offset>3</offset><length>7</length></kw_data></sig_data><sig_data><sig_id>200000098</sig_id><blocking_mask>3</blocking_mask><kw_data><buffer>YT08c2NyaXB0Pg==</buffer><offset>2</offset><length>7</length></kw_data></sig_data></violation><violation><viol_index>14</viol_index><viol_name>VIOL_HTTP_PROTOCOL</viol_name><http_sanity_checks_status>2048</http_sanity_checks_status><http_sub_violation_status>2048</http_sub_violation_status><http_sub_violation>SG9zdCBoZWFkZXIgd2l0aCBJUCB2YWx1ZTogMTAuMTQ2LjE3OS4xMTk=</http_sub_violation></violation><violation><viol_index>24</viol_index><viol_name>VIOL_PARAMETER_VALUE_METACHAR</viol_name><parameter_data><value_error/><enforcement_level>global</enforcement_level><name>YQ==</name><auto_detected_type>alpha-numeric</auto_detected_type><value>PHNjcmlwdD4=</value><location>query</location></parameter_data><wildcard_entity>*</wildcard_entity><staging>0</staging><language_type>4</language_type><metachar_index>60</metachar_index><metachar_index>62</metachar_index></violation></request-violations></BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n,HTTP/1.1
\ No newline at end of file
+N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592513,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' encoding='UTF-8'?><BAD_MSG><violation_masks><block>410000000200c00-3a03030c30000072-8000000000000000-0</block><alarm>477f0ffcbbd0fea-befbf35cb000007e-8000000000000000-0</alarm><learn>0-20-0-0</learn><staging>0-0-0-0</staging></violation_masks><request-violations><violation><viol_index>42</viol_index><viol_name>VIOL_ATTACK_SIGNATURE</viol_name><context>parameter</context><parameter_data><value_error/><enforcement_level>global</enforcement_level><name>YQ==</name><auto_detected_type>alpha-numeric</auto_detected_type><value>PHNjcmlwdD4=</value><location>query</location><param_name_pattern>*</param_name_pattern><staging>0</staging></parameter_data><staging>0</staging><sig_data><sig_id>200001475</sig_id><blocking_mask>3</blocking_mask><kw_data><buffer>YT08c2NyaXB0Pg==</buffer><offset>3</offset><length>7</length></kw_data></sig_data><sig_data><sig_id>200000098</sig_id><blocking_mask>3</blocking_mask><kw_data><buffer>YT08c2NyaXB0Pg==</buffer><offset>2</offset><length>7</length></kw_data></sig_data></violation><violation><viol_index>14</viol_index><viol_name>VIOL_HTTP_PROTOCOL</viol_name><http_sanity_checks_status>2048</http_sanity_checks_status><http_sub_violation_status>2048</http_sub_violation_status><http_sub_violation>SG9zdCBoZWFkZXIgd2l0aCBJUCB2YWx1ZTogMTAuMTQ2LjE3OS4xMTk=</http_sub_violation></violation><violation><viol_index>24</viol_index><viol_name>VIOL_PARAMETER_VALUE_METACHAR</viol_name><parameter_data><value_error/><enforcement_level>global</enforcement_level><name>YQ==</name><auto_detected_type>alpha-numeric</auto_detected_type><value>PHNjcmlwdD4=</value><location>query</location></parameter_data><wildcard_entity>*</wildcard_entity><staging>0</staging><language_type>4</language_type><metachar_index>60</metachar_index><metachar_index>62</metachar_index></violation></request-violations></BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n,HTTP/1.1
\ No newline at end of file
diff --git a/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_header_data.log.txt b/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_header_data.log.txt
index 0efb3c7b4..146caaff4 100644
--- a/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_header_data.log.txt
+++ b/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_header_data.log.txt
@@ -1 +1 @@
-N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592514,N/A,/,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?> <BAD_MSG> <violation_masks> <block>410000000200c00-3a03030c30000072-8000000000000000-0</block> <alarm>477f0ffcbbd0fea-befbf35cb000007e-8000000000000000-0</alarm> <learn>0-2-0-0</learn> <staging>0-0-0-0</staging> </violation_masks> <request-violations> <violation> <viol_index>42</viol_index> <viol_name>VIOL_ATTACK_SIGNATURE</viol_name> <context>header</context> <header> <header_name>Rm9v</header_name> <header_value>ZWNobzwhLS0gI2VjaG8=</header_value> <header_pattern>*</header_pattern> <staging>0</staging> </header> <staging>0</staging> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
+N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592514,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?> <BAD_MSG> <violation_masks> <block>410000000200c00-3a03030c30000072-8000000000000000-0</block> <alarm>477f0ffcbbd0fea-befbf35cb000007e-8000000000000000-0</alarm> <learn>0-2-0-0</learn> <staging>0-0-0-0</staging> </violation_masks> <request-violations> <violation> <viol_index>42</viol_index> <viol_name>VIOL_ATTACK_SIGNATURE</viol_name> <context>header</context> <header> <header_name>Rm9v</header_name> <header_value>ZWNobzwhLS0gI2VjaG8=</header_value> <header_pattern>*</header_pattern> <staging>0</staging> </header> <staging>0</staging> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
diff --git a/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_parameter_data.log.txt b/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_parameter_data.log.txt
index 320b2e8e8..d3dfcbcc2 100644
--- a/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_parameter_data.log.txt
+++ b/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_parameter_data.log.txt
@@ -1 +1 @@
-N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592515,N/A,/,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?> <BAD_MSG> <request-violations> <violation> <viol_index>42</viol_index> <viol_name>VIOL_ATTACK_SIGNATURE</viol_name> <context>parameter</context> <parameter_data> <value_error/> <enforcement_level>global</enforcement_level> <name/> <value>ZjVwYXJhbWF1dG90ZXN0Pg==</value> <param_name_pattern>*</param_name_pattern> <staging>0</staging> </parameter_data> <staging>0</staging> <sig_data> <sig_id>300000110</sig_id> <blocking_mask>7</blocking_mask> <kw_data> <buffer>PWY1cGFyYW1hdXRvdGVzdD4=</buffer> <offset>1</offset> <length>15</length> </kw_data> </sig_data> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
+N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592515,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?> <BAD_MSG> <request-violations> <violation> <viol_index>42</viol_index> <viol_name>VIOL_ATTACK_SIGNATURE</viol_name> <context>parameter</context> <parameter_data> <value_error/> <enforcement_level>global</enforcement_level> <name/> <value>ZjVwYXJhbWF1dG90ZXN0Pg==</value> <param_name_pattern>*</param_name_pattern> <staging>0</staging> </parameter_data> <staging>0</staging> <sig_data> <sig_id>300000110</sig_id> <blocking_mask>7</blocking_mask> <kw_data> <buffer>PWY1cGFyYW1hdXRvdGVzdD4=</buffer> <offset>1</offset> <length>15</length> </kw_data> </sig_data> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
diff --git a/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_parameter_data_as_param_data.log.txt b/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_parameter_data_as_param_data.log.txt
index 316acfaca..0a626b9e3 100644
--- a/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_parameter_data_as_param_data.log.txt
+++ b/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_parameter_data_as_param_data.log.txt
@@ -1 +1 @@
-N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592516,N/A,/,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' encoding='UTF-8'?> <BAD_MSG> <request-violations> <violation> <viol_index>52</viol_index> <viol_name>VIOL_JSON_MALFORMED</viol_name> <context>parameter</context> <param_data> <param_name>anNvbg==</param_name> <staging>0</staging> <param_value>eyAiYSI6ICLW1iJ9</param_value> </param_data> <staging>0</staging> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
+N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592516,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' encoding='UTF-8'?> <BAD_MSG> <request-violations> <violation> <viol_index>52</viol_index> <viol_name>VIOL_JSON_MALFORMED</viol_name> <context>parameter</context> <param_data> <param_name>anNvbg==</param_name> <staging>0</staging> <param_value>eyAiYSI6ICLW1iJ9</param_value> </param_data> <staging>0</staging> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
diff --git a/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_parameter_data_empty_context.log.txt b/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_parameter_data_empty_context.log.txt
index f52e9254e..d4426a383 100644
--- a/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_parameter_data_empty_context.log.txt
+++ b/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_parameter_data_empty_context.log.txt
@@ -1 +1 @@
-N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592517,N/A,/,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?> <BAD_MSG> <request-violations> <violation> <viol_index>33</viol_index> <viol_name>VIOL_PARAMETER</viol_name> <parameter_data> <value_error/> <enforcement_level>unknown level</enforcement_level> <name>eA==</name> <value>MQ==</value> </parameter_data> </violation> <violation> <viol_index>33</viol_index> <viol_name>VIOL_PARAMETER</viol_name> <parameter_data> <value_error/> <enforcement_level>unknown level</enforcement_level> <name>eQ==</name> <value>JQ==</value> </parameter_data> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
+N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592517,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?> <BAD_MSG> <request-violations> <violation> <viol_index>33</viol_index> <viol_name>VIOL_PARAMETER</viol_name> <parameter_data> <value_error/> <enforcement_level>unknown level</enforcement_level> <name>eA==</name> <value>MQ==</value> </parameter_data> </violation> <violation> <viol_index>33</viol_index> <viol_name>VIOL_PARAMETER</viol_name> <parameter_data> <value_error/> <enforcement_level>unknown level</enforcement_level> <name>eQ==</name> <value>JQ==</value> </parameter_data> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
diff --git a/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_signature_data.log.txt b/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_signature_data.log.txt
index 1fdd04fc9..8571bf8ed 100644
--- a/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_signature_data.log.txt
+++ b/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_signature_data.log.txt
@@ -1 +1 @@
-N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592518,N/A,/,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' encoding='UTF-8'?> <BAD_MSG> <request-violations> <violation> <viol_index>42</viol_index> <viol_name>VIOL_ATTACK_SIGNATURE</viol_name> <sig_data> <sig_id>200021094</sig_id> <blocking_mask>4</blocking_mask> <kw_data> <buffer>Q29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KSG9zdDogYS5jb20NClVzZXItQWdlbnQ6IEphdmEvMS43LjBfNTENCkFjY2VwdDogdGV4dC9odG1sLCBpbWFnZS9naWYsIGltYWdlL2pwZWcsICo7IHE9LjIsICovKjsgcT0uMg0KDQo=</buffer> <offset>37</offset> <length>16</length> </kw_data> </sig_data> <sig_data> <sig_id>200011034</sig_id> <blocking_mask>2</blocking_mask> <kw_data> <buffer>cHQ6ICovKg0KRm9vOiBBdXRob3JpemF0aW9uOiAlbiVuJW4lbg0KRm9vOiBlY2hvPCEtLSAjZWNobw0KWDE4</buffer> <offset>29</offset> <length>6</length> </kw_data> </sig_data> <sig_data> <sig_id>200000179</sig_id> <blocking_mask>3</blocking_mask> <kw_data> <buffer>Nw0KQWNjZXB0OiAqLyoNCkZvbzogQXV0aG9yaXphdGlvbjogJW4lbiVuJW4NCkZvbzogZWNobzwhLS0gI2Vj</buffer> <offset>21</offset> <length>23</length> </kw_data> </sig_data> <sig_data> <sig_id>200004106</sig_id> <blocking_mask>2</blocking_mask> <kw_data> <buffer>emF0aW9uOiAlbiVuJW4lbg0KRm9vOiBlY2hvPCEtLSAjZWNobw0KWDE4OTI6IGVjaG8NClgxODkzOiAnPCEt</buffer> <offset>27</offset> <length>10</length> </kw_data> </sig_data> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
+N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592518,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' encoding='UTF-8'?> <BAD_MSG> <request-violations> <violation> <viol_index>42</viol_index> <viol_name>VIOL_ATTACK_SIGNATURE</viol_name> <sig_data> <sig_id>200021094</sig_id> <blocking_mask>4</blocking_mask> <kw_data> <buffer>Q29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KSG9zdDogYS5jb20NClVzZXItQWdlbnQ6IEphdmEvMS43LjBfNTENCkFjY2VwdDogdGV4dC9odG1sLCBpbWFnZS9naWYsIGltYWdlL2pwZWcsICo7IHE9LjIsICovKjsgcT0uMg0KDQo=</buffer> <offset>37</offset> <length>16</length> </kw_data> </sig_data> <sig_data> <sig_id>200011034</sig_id> <blocking_mask>2</blocking_mask> <kw_data> <buffer>cHQ6ICovKg0KRm9vOiBBdXRob3JpemF0aW9uOiAlbiVuJW4lbg0KRm9vOiBlY2hvPCEtLSAjZWNobw0KWDE4</buffer> <offset>29</offset> <length>6</length> </kw_data> </sig_data> <sig_data> <sig_id>200000179</sig_id> <blocking_mask>3</blocking_mask> <kw_data> <buffer>Nw0KQWNjZXB0OiAqLyoNCkZvbzogQXV0aG9yaXphdGlvbjogJW4lbiVuJW4NCkZvbzogZWNobzwhLS0gI2Vj</buffer> <offset>21</offset> <length>23</length> </kw_data> </sig_data> <sig_data> <sig_id>200004106</sig_id> <blocking_mask>2</blocking_mask> <kw_data> <buffer>emF0aW9uOiAlbiVuJW4lbg0KRm9vOiBlY2hvPCEtLSAjZWNobw0KWDE4OTI6IGVjaG8NClgxODkzOiAnPCEt</buffer> <offset>27</offset> <length>10</length> </kw_data> </sig_data> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
diff --git a/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_violation_name.log.txt b/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_violation_name.log.txt
index c717463a8..8d10ae6c7 100644
--- a/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_violation_name.log.txt
+++ b/src/extensions/nginx-app-protect/monitoring/processor/testdata/xml_violation_name.log.txt
@@ -1 +1 @@
-N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592519,N/A,/,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?><BAD_MSG><request-violations><violation><viol_index>55</viol_index><viol_name>VIOL_ASM_COOKIE_MODIFIED</viol_name><cookie_name>VFMwMTQ0ZTkxNF8x</cookie_name></violation><violation><viol_index>55</viol_index><viol_name>VIOL_ASM_COOKIE_MODIFIED</viol_name><cookie_name>VFMwMTQ0ZTkxNF8zMQ==</cookie_name></violation><violation><viol_index>55</viol_index><viol_name>VIOL_ASM_COOKIE_MODIFIED</viol_name><cookie_name>VFMwMTQ0ZTkxNF8x</cookie_name></violation><violation><viol_index>55</viol_index><viol_name>VIOL_ASM_COOKIE_MODIFIED</viol_name><cookie_name>VFMwMTQ0ZTkxNF8zMQ==</cookie_name></violation></request-violations></BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
+N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592519,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?><BAD_MSG><request-violations><violation><viol_index>55</viol_index><viol_name>VIOL_ASM_COOKIE_MODIFIED</viol_name><cookie_name>VFMwMTQ0ZTkxNF8x</cookie_name></violation><violation><viol_index>55</viol_index><viol_name>VIOL_ASM_COOKIE_MODIFIED</viol_name><cookie_name>VFMwMTQ0ZTkxNF8zMQ==</cookie_name></violation><violation><viol_index>55</viol_index><viol_name>VIOL_ASM_COOKIE_MODIFIED</viol_name><cookie_name>VFMwMTQ0ZTkxNF8x</cookie_name></violation><violation><viol_index>55</viol_index><viol_name>VIOL_ASM_COOKIE_MODIFIED</viol_name><cookie_name>VFMwMTQ0ZTkxNF8zMQ==</cookie_name></violation></request-violations></BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
diff --git a/test/component/nginx-app-protect/monitoring/testData/events-out/expanded_nap_waf.log.txt.out b/test/component/nginx-app-protect/monitoring/testData/events-out/expanded_nap_waf.log.txt.out
index 793d833b7..6871bc85e 100755
--- a/test/component/nginx-app-protect/monitoring/testData/events-out/expanded_nap_waf.log.txt.out
+++ b/test/component/nginx-app-protect/monitoring/testData/events-out/expanded_nap_waf.log.txt.out
@@ -1,8 +1,8 @@
 
-j
-Agent$638d54bc-6135-11ed-8afe-5671f551701b4355056874564592513"��������*ERROR2Nginx:
-AppProtect�
-app_protect_default_policy4355056874564592513REJECTED"SECURITY_WAF_VIOLATION*N/A2GET:HTTPBN/AJ/RHTTP/1.1bblockedjBlockedz1-localhost:1-/�	127.0.0.1�61478�80��HTTP protocol compliance failed,Illegal meta character in value,Attack signature detected,Violation Rating Threat detected,Bot Client Detected�?HTTP protocol compliance failed:Host header contains IP address�5�u{Cross Site Scripting Signatures;High Accuracy Signatures},{Cross Site Scripting Signatures;High Accuracy Signatures}�,�Untrusted Bot�N/A�N/A�critical�N/A�N/A�HTTP Library�N/A�curl�	parameter�u
+i
+Agent$9dde6a00-6209-11ed-8365-5671f551701b4355056874564592513"�������8*ERROR2Nginx:
+AppProtect�
+app_protect_default_policy4355056874564592513REJECTED"SECURITY_WAF_VIOLATION*N/A2GET:HTTPBN/AJ^GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\nRHTTP/1.1bblockedjBlockedz1-localhost:1-/�	127.0.0.1�61478�80��HTTP protocol compliance failed,Illegal meta character in value,Attack signature detected,Violation Rating Threat detected,Bot Client Detected�?HTTP protocol compliance failed:Host header contains IP address�5�u{Cross Site Scripting Signatures;High Accuracy Signatures},{Cross Site Scripting Signatures;High Accuracy Signatures}�,�Untrusted Bot�N/A�N/A�critical�N/A�N/A�HTTP Library�N/A�curl�	parameter�u
 VIOL_ATTACK_SIGNATURE	parameter
 a<script>" 
 	2000014753
diff --git a/test/component/nginx-app-protect/monitoring/testData/events-out/xml_header_data.log.txt.out b/test/component/nginx-app-protect/monitoring/testData/events-out/xml_header_data.log.txt.out
index 90b615cdc..fca92ae42 100755
--- a/test/component/nginx-app-protect/monitoring/testData/events-out/xml_header_data.log.txt.out
+++ b/test/component/nginx-app-protect/monitoring/testData/events-out/xml_header_data.log.txt.out
@@ -1,6 +1,6 @@
 
-j
-Agent$6986d064-6135-11ed-8afe-5671f551701b4355056874564592514"��������*ERROR2Nginx:
+i
+Agent$a3d7c42e-6209-11ed-8365-5671f551701b4355056874564592514"�������B*ERROR2Nginx:
 AppProtect�
 app_protect_default_policy4355056874564592514REJECTED"SECURITY_WAF_VIOLATION*N/A2GET:HTTPBN/AJ/R^GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\nbblockedjBlockedz1-localhost:1-/�	127.0.0.1�61478�80��HTTP protocol compliance failed,Illegal meta character in value,Attack signature detected,Violation Rating Threat detected,Bot Client Detected�?HTTP protocol compliance failed:Host header contains IP address�5�u{Cross Site Scripting Signatures;High Accuracy Signatures},{Cross Site Scripting Signatures;High Accuracy Signatures}�,�Untrusted Bot�N/A�N/A�critical�N/A�N/A�HTTP Library�N/A�curl�header�6
 VIOL_ATTACK_SIGNATUREheader
diff --git a/test/component/nginx-app-protect/monitoring/testData/events-out/xml_parameter_data.log.txt.out b/test/component/nginx-app-protect/monitoring/testData/events-out/xml_parameter_data.log.txt.out
index 7bed45d0c..42c039810 100755
--- a/test/component/nginx-app-protect/monitoring/testData/events-out/xml_parameter_data.log.txt.out
+++ b/test/component/nginx-app-protect/monitoring/testData/events-out/xml_parameter_data.log.txt.out
@@ -1,6 +1,6 @@
 
-j
-Agent$65f12080-6135-11ed-8afe-5671f551701b4355056874564592515"��������*ERROR2Nginx:
+i
+Agent$a042502c-6209-11ed-8365-5671f551701b4355056874564592515"�������=*ERROR2Nginx:
 AppProtect�
 app_protect_default_policy4355056874564592515REJECTED"SECURITY_WAF_VIOLATION*N/A2GET:HTTPBN/AJ/R^GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\nbblockedjBlockedz1-localhost:1-/�	127.0.0.1�61478�80��HTTP protocol compliance failed,Illegal meta character in value,Attack signature detected,Violation Rating Threat detected,Bot Client Detected�?HTTP protocol compliance failed:Host header contains IP address�5�u{Cross Site Scripting Signatures;High Accuracy Signatures},{Cross Site Scripting Signatures;High Accuracy Signatures}�,�Untrusted Bot�N/A�N/A�critical�N/A�N/A�HTTP Library�N/A�curl�	parameter�`
 VIOL_ATTACK_SIGNATURE	parameterf5paramautotest>"(
diff --git a/test/component/nginx-app-protect/monitoring/testData/events-out/xml_parameter_data_as_param_data.log.txt.out b/test/component/nginx-app-protect/monitoring/testData/events-out/xml_parameter_data_as_param_data.log.txt.out
index 265d42efd..3ae2ff1d6 100755
--- a/test/component/nginx-app-protect/monitoring/testData/events-out/xml_parameter_data_as_param_data.log.txt.out
+++ b/test/component/nginx-app-protect/monitoring/testData/events-out/xml_parameter_data_as_param_data.log.txt.out
@@ -1,6 +1,6 @@
 
-j
-Agent$6854ee9c-6135-11ed-8afe-5671f551701b4355056874564592516"��������*ERROR2Nginx:
+i
+Agent$a2a60b2e-6209-11ed-8365-5671f551701b4355056874564592516"������A*ERROR2Nginx:
 AppProtect�
 app_protect_default_policy4355056874564592516REJECTED"SECURITY_WAF_VIOLATION*N/A2GET:HTTPBN/AJ/R^GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\nbblockedjBlockedz1-localhost:1-/�	127.0.0.1�61478�80��HTTP protocol compliance failed,Illegal meta character in value,Attack signature detected,Violation Rating Threat detected,Bot Client Detected�?HTTP protocol compliance failed:Host header contains IP address�5�u{Cross Site Scripting Signatures;High Accuracy Signatures},{Cross Site Scripting Signatures;High Accuracy Signatures}�,�Untrusted Bot�N/A�N/A�critical�N/A�N/A�HTTP Library�N/A�curl�	parameter�6
 VIOL_JSON_MALFORMED	parameter
diff --git a/test/component/nginx-app-protect/monitoring/testData/events-out/xml_parameter_data_empty_context.log.txt.out b/test/component/nginx-app-protect/monitoring/testData/events-out/xml_parameter_data_empty_context.log.txt.out
index 3bbfe732a..4b2f1aab1 100755
--- a/test/component/nginx-app-protect/monitoring/testData/events-out/xml_parameter_data_empty_context.log.txt.out
+++ b/test/component/nginx-app-protect/monitoring/testData/events-out/xml_parameter_data_empty_context.log.txt.out
@@ -1,6 +1,6 @@
 
-j
-Agent$672307c0-6135-11ed-8afe-5671f551701b4355056874564592517"�����Ք�*ERROR2Nginx:
+i
+Agent$a174355a-6209-11ed-8365-5671f551701b4355056874564592517"�������>*ERROR2Nginx:
 AppProtect�
 app_protect_default_policy4355056874564592517REJECTED"SECURITY_WAF_VIOLATION*N/A2GET:HTTPBN/AJ/R^GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\nbblockedjBlockedz1-localhost:1-/�	127.0.0.1�61478�80��HTTP protocol compliance failed,Illegal meta character in value,Attack signature detected,Violation Rating Threat detected,Bot Client Detected�?HTTP protocol compliance failed:Host header contains IP address�5�u{Cross Site Scripting Signatures;High Accuracy Signatures},{Cross Site Scripting Signatures;High Accuracy Signatures}�,�Untrusted Bot�N/A�N/A�critical�N/A�N/A�HTTP Library�N/A�curl�
 VIOL_PARAMETER
diff --git a/test/component/nginx-app-protect/monitoring/testData/events-out/xml_signature_data.log.txt.out b/test/component/nginx-app-protect/monitoring/testData/events-out/xml_signature_data.log.txt.out
index 32fb5254a..17bf0c5e1 100755
--- a/test/component/nginx-app-protect/monitoring/testData/events-out/xml_signature_data.log.txt.out
+++ b/test/component/nginx-app-protect/monitoring/testData/events-out/xml_signature_data.log.txt.out
@@ -1,6 +1,6 @@
 
-j
-Agent$6ab883d8-6135-11ed-8afe-5671f551701b4355056874564592518"��������*ERROR2Nginx:
+i
+Agent$a509bc08-6209-11ed-8365-5671f551701b4355056874564592518"�������E*ERROR2Nginx:
 AppProtect�
 app_protect_default_policy4355056874564592518REJECTED"SECURITY_WAF_VIOLATION*N/A2GET:HTTPBN/AJ/R^GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\nbblockedjBlockedz1-localhost:1-/�	127.0.0.1�61478�80��HTTP protocol compliance failed,Illegal meta character in value,Attack signature detected,Violation Rating Threat detected,Bot Client Detected�?HTTP protocol compliance failed:Host header contains IP address�5�u{Cross Site Scripting Signatures;High Accuracy Signatures},{Cross Site Scripting Signatures;High Accuracy Signatures}�,�Untrusted Bot�N/A�N/A�critical�N/A�N/A�HTTP Library�N/A�curl��
 VIOL_ATTACK_SIGNATURE"�
diff --git a/test/component/nginx-app-protect/monitoring/testData/events-out/xml_violation_name.log.txt.out b/test/component/nginx-app-protect/monitoring/testData/events-out/xml_violation_name.log.txt.out
index e70abc8e3..1653b26f1 100755
--- a/test/component/nginx-app-protect/monitoring/testData/events-out/xml_violation_name.log.txt.out
+++ b/test/component/nginx-app-protect/monitoring/testData/events-out/xml_violation_name.log.txt.out
@@ -1,6 +1,6 @@
 
-j
-Agent$64bf3aa8-6135-11ed-8afe-5671f551701b4355056874564592519"��������*ERROR2Nginx:
+i
+Agent$9f103ade-6209-11ed-8365-5671f551701b4355056874564592519"�������:*ERROR2Nginx:
 AppProtect�
 app_protect_default_policy4355056874564592519REJECTED"SECURITY_WAF_VIOLATION*N/A2GET:HTTPBN/AJ/R^GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\nbblockedjBlockedz1-localhost:1-/�	127.0.0.1�61478�80��HTTP protocol compliance failed,Illegal meta character in value,Attack signature detected,Violation Rating Threat detected,Bot Client Detected�?HTTP protocol compliance failed:Host header contains IP address�5�u{Cross Site Scripting Signatures;High Accuracy Signatures},{Cross Site Scripting Signatures;High Accuracy Signatures}�,�Untrusted Bot�N/A�N/A�critical�N/A�N/A�HTTP Library�N/A�curl�
 VIOL_ASM_COOKIE_MODIFIED�
diff --git a/test/component/nginx-app-protect/monitoring/testData/logs-in/expanded_nap_waf.log.txt b/test/component/nginx-app-protect/monitoring/testData/logs-in/expanded_nap_waf.log.txt
index d2d9b3a78..3580c2d44 100644
--- a/test/component/nginx-app-protect/monitoring/testData/logs-in/expanded_nap_waf.log.txt
+++ b/test/component/nginx-app-protect/monitoring/testData/logs-in/expanded_nap_waf.log.txt
@@ -1 +1 @@
-N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592513,N/A,/,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' encoding='UTF-8'?><BAD_MSG><violation_masks><block>410000000200c00-3a03030c30000072-8000000000000000-0</block><alarm>477f0ffcbbd0fea-befbf35cb000007e-8000000000000000-0</alarm><learn>0-20-0-0</learn><staging>0-0-0-0</staging></violation_masks><request-violations><violation><viol_index>42</viol_index><viol_name>VIOL_ATTACK_SIGNATURE</viol_name><context>parameter</context><parameter_data><value_error/><enforcement_level>global</enforcement_level><name>YQ==</name><auto_detected_type>alpha-numeric</auto_detected_type><value>PHNjcmlwdD4=</value><location>query</location><param_name_pattern>*</param_name_pattern><staging>0</staging></parameter_data><staging>0</staging><sig_data><sig_id>200001475</sig_id><blocking_mask>3</blocking_mask><kw_data><buffer>YT08c2NyaXB0Pg==</buffer><offset>3</offset><length>7</length></kw_data></sig_data><sig_data><sig_id>200000098</sig_id><blocking_mask>3</blocking_mask><kw_data><buffer>YT08c2NyaXB0Pg==</buffer><offset>2</offset><length>7</length></kw_data></sig_data></violation><violation><viol_index>14</viol_index><viol_name>VIOL_HTTP_PROTOCOL</viol_name><http_sanity_checks_status>2048</http_sanity_checks_status><http_sub_violation_status>2048</http_sub_violation_status><http_sub_violation>SG9zdCBoZWFkZXIgd2l0aCBJUCB2YWx1ZTogMTAuMTQ2LjE3OS4xMTk=</http_sub_violation></violation><violation><viol_index>24</viol_index><viol_name>VIOL_PARAMETER_VALUE_METACHAR</viol_name><parameter_data><value_error/><enforcement_level>global</enforcement_level><name>YQ==</name><auto_detected_type>alpha-numeric</auto_detected_type><value>PHNjcmlwdD4=</value><location>query</location></parameter_data><wildcard_entity>*</wildcard_entity><staging>0</staging><language_type>4</language_type><metachar_index>60</metachar_index><metachar_index>62</metachar_index></violation></request-violations></BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n,HTTP/1.1
\ No newline at end of file
+N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592513,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' encoding='UTF-8'?><BAD_MSG><violation_masks><block>410000000200c00-3a03030c30000072-8000000000000000-0</block><alarm>477f0ffcbbd0fea-befbf35cb000007e-8000000000000000-0</alarm><learn>0-20-0-0</learn><staging>0-0-0-0</staging></violation_masks><request-violations><violation><viol_index>42</viol_index><viol_name>VIOL_ATTACK_SIGNATURE</viol_name><context>parameter</context><parameter_data><value_error/><enforcement_level>global</enforcement_level><name>YQ==</name><auto_detected_type>alpha-numeric</auto_detected_type><value>PHNjcmlwdD4=</value><location>query</location><param_name_pattern>*</param_name_pattern><staging>0</staging></parameter_data><staging>0</staging><sig_data><sig_id>200001475</sig_id><blocking_mask>3</blocking_mask><kw_data><buffer>YT08c2NyaXB0Pg==</buffer><offset>3</offset><length>7</length></kw_data></sig_data><sig_data><sig_id>200000098</sig_id><blocking_mask>3</blocking_mask><kw_data><buffer>YT08c2NyaXB0Pg==</buffer><offset>2</offset><length>7</length></kw_data></sig_data></violation><violation><viol_index>14</viol_index><viol_name>VIOL_HTTP_PROTOCOL</viol_name><http_sanity_checks_status>2048</http_sanity_checks_status><http_sub_violation_status>2048</http_sub_violation_status><http_sub_violation>SG9zdCBoZWFkZXIgd2l0aCBJUCB2YWx1ZTogMTAuMTQ2LjE3OS4xMTk=</http_sub_violation></violation><violation><viol_index>24</viol_index><viol_name>VIOL_PARAMETER_VALUE_METACHAR</viol_name><parameter_data><value_error/><enforcement_level>global</enforcement_level><name>YQ==</name><auto_detected_type>alpha-numeric</auto_detected_type><value>PHNjcmlwdD4=</value><location>query</location></parameter_data><wildcard_entity>*</wildcard_entity><staging>0</staging><language_type>4</language_type><metachar_index>60</metachar_index><metachar_index>62</metachar_index></violation></request-violations></BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n,HTTP/1.1
\ No newline at end of file
diff --git a/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_header_data.log.txt b/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_header_data.log.txt
index 0efb3c7b4..146caaff4 100644
--- a/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_header_data.log.txt
+++ b/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_header_data.log.txt
@@ -1 +1 @@
-N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592514,N/A,/,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?> <BAD_MSG> <violation_masks> <block>410000000200c00-3a03030c30000072-8000000000000000-0</block> <alarm>477f0ffcbbd0fea-befbf35cb000007e-8000000000000000-0</alarm> <learn>0-2-0-0</learn> <staging>0-0-0-0</staging> </violation_masks> <request-violations> <violation> <viol_index>42</viol_index> <viol_name>VIOL_ATTACK_SIGNATURE</viol_name> <context>header</context> <header> <header_name>Rm9v</header_name> <header_value>ZWNobzwhLS0gI2VjaG8=</header_value> <header_pattern>*</header_pattern> <staging>0</staging> </header> <staging>0</staging> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
+N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592514,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?> <BAD_MSG> <violation_masks> <block>410000000200c00-3a03030c30000072-8000000000000000-0</block> <alarm>477f0ffcbbd0fea-befbf35cb000007e-8000000000000000-0</alarm> <learn>0-2-0-0</learn> <staging>0-0-0-0</staging> </violation_masks> <request-violations> <violation> <viol_index>42</viol_index> <viol_name>VIOL_ATTACK_SIGNATURE</viol_name> <context>header</context> <header> <header_name>Rm9v</header_name> <header_value>ZWNobzwhLS0gI2VjaG8=</header_value> <header_pattern>*</header_pattern> <staging>0</staging> </header> <staging>0</staging> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
diff --git a/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_parameter_data.log.txt b/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_parameter_data.log.txt
index 320b2e8e8..d3dfcbcc2 100644
--- a/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_parameter_data.log.txt
+++ b/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_parameter_data.log.txt
@@ -1 +1 @@
-N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592515,N/A,/,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?> <BAD_MSG> <request-violations> <violation> <viol_index>42</viol_index> <viol_name>VIOL_ATTACK_SIGNATURE</viol_name> <context>parameter</context> <parameter_data> <value_error/> <enforcement_level>global</enforcement_level> <name/> <value>ZjVwYXJhbWF1dG90ZXN0Pg==</value> <param_name_pattern>*</param_name_pattern> <staging>0</staging> </parameter_data> <staging>0</staging> <sig_data> <sig_id>300000110</sig_id> <blocking_mask>7</blocking_mask> <kw_data> <buffer>PWY1cGFyYW1hdXRvdGVzdD4=</buffer> <offset>1</offset> <length>15</length> </kw_data> </sig_data> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
+N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592515,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?> <BAD_MSG> <request-violations> <violation> <viol_index>42</viol_index> <viol_name>VIOL_ATTACK_SIGNATURE</viol_name> <context>parameter</context> <parameter_data> <value_error/> <enforcement_level>global</enforcement_level> <name/> <value>ZjVwYXJhbWF1dG90ZXN0Pg==</value> <param_name_pattern>*</param_name_pattern> <staging>0</staging> </parameter_data> <staging>0</staging> <sig_data> <sig_id>300000110</sig_id> <blocking_mask>7</blocking_mask> <kw_data> <buffer>PWY1cGFyYW1hdXRvdGVzdD4=</buffer> <offset>1</offset> <length>15</length> </kw_data> </sig_data> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
diff --git a/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_parameter_data_as_param_data.log.txt b/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_parameter_data_as_param_data.log.txt
index 316acfaca..0a626b9e3 100644
--- a/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_parameter_data_as_param_data.log.txt
+++ b/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_parameter_data_as_param_data.log.txt
@@ -1 +1 @@
-N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592516,N/A,/,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' encoding='UTF-8'?> <BAD_MSG> <request-violations> <violation> <viol_index>52</viol_index> <viol_name>VIOL_JSON_MALFORMED</viol_name> <context>parameter</context> <param_data> <param_name>anNvbg==</param_name> <staging>0</staging> <param_value>eyAiYSI6ICLW1iJ9</param_value> </param_data> <staging>0</staging> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
+N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592516,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' encoding='UTF-8'?> <BAD_MSG> <request-violations> <violation> <viol_index>52</viol_index> <viol_name>VIOL_JSON_MALFORMED</viol_name> <context>parameter</context> <param_data> <param_name>anNvbg==</param_name> <staging>0</staging> <param_value>eyAiYSI6ICLW1iJ9</param_value> </param_data> <staging>0</staging> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
diff --git a/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_parameter_data_empty_context.log.txt b/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_parameter_data_empty_context.log.txt
index f52e9254e..d4426a383 100644
--- a/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_parameter_data_empty_context.log.txt
+++ b/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_parameter_data_empty_context.log.txt
@@ -1 +1 @@
-N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592517,N/A,/,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?> <BAD_MSG> <request-violations> <violation> <viol_index>33</viol_index> <viol_name>VIOL_PARAMETER</viol_name> <parameter_data> <value_error/> <enforcement_level>unknown level</enforcement_level> <name>eA==</name> <value>MQ==</value> </parameter_data> </violation> <violation> <viol_index>33</viol_index> <viol_name>VIOL_PARAMETER</viol_name> <parameter_data> <value_error/> <enforcement_level>unknown level</enforcement_level> <name>eQ==</name> <value>JQ==</value> </parameter_data> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
+N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592517,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?> <BAD_MSG> <request-violations> <violation> <viol_index>33</viol_index> <viol_name>VIOL_PARAMETER</viol_name> <parameter_data> <value_error/> <enforcement_level>unknown level</enforcement_level> <name>eA==</name> <value>MQ==</value> </parameter_data> </violation> <violation> <viol_index>33</viol_index> <viol_name>VIOL_PARAMETER</viol_name> <parameter_data> <value_error/> <enforcement_level>unknown level</enforcement_level> <name>eQ==</name> <value>JQ==</value> </parameter_data> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
diff --git a/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_signature_data.log.txt b/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_signature_data.log.txt
index 1fdd04fc9..8571bf8ed 100644
--- a/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_signature_data.log.txt
+++ b/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_signature_data.log.txt
@@ -1 +1 @@
-N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592518,N/A,/,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' encoding='UTF-8'?> <BAD_MSG> <request-violations> <violation> <viol_index>42</viol_index> <viol_name>VIOL_ATTACK_SIGNATURE</viol_name> <sig_data> <sig_id>200021094</sig_id> <blocking_mask>4</blocking_mask> <kw_data> <buffer>Q29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KSG9zdDogYS5jb20NClVzZXItQWdlbnQ6IEphdmEvMS43LjBfNTENCkFjY2VwdDogdGV4dC9odG1sLCBpbWFnZS9naWYsIGltYWdlL2pwZWcsICo7IHE9LjIsICovKjsgcT0uMg0KDQo=</buffer> <offset>37</offset> <length>16</length> </kw_data> </sig_data> <sig_data> <sig_id>200011034</sig_id> <blocking_mask>2</blocking_mask> <kw_data> <buffer>cHQ6ICovKg0KRm9vOiBBdXRob3JpemF0aW9uOiAlbiVuJW4lbg0KRm9vOiBlY2hvPCEtLSAjZWNobw0KWDE4</buffer> <offset>29</offset> <length>6</length> </kw_data> </sig_data> <sig_data> <sig_id>200000179</sig_id> <blocking_mask>3</blocking_mask> <kw_data> <buffer>Nw0KQWNjZXB0OiAqLyoNCkZvbzogQXV0aG9yaXphdGlvbjogJW4lbiVuJW4NCkZvbzogZWNobzwhLS0gI2Vj</buffer> <offset>21</offset> <length>23</length> </kw_data> </sig_data> <sig_data> <sig_id>200004106</sig_id> <blocking_mask>2</blocking_mask> <kw_data> <buffer>emF0aW9uOiAlbiVuJW4lbg0KRm9vOiBlY2hvPCEtLSAjZWNobw0KWDE4OTI6IGVjaG8NClgxODkzOiAnPCEt</buffer> <offset>27</offset> <length>10</length> </kw_data> </sig_data> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
+N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592518,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' encoding='UTF-8'?> <BAD_MSG> <request-violations> <violation> <viol_index>42</viol_index> <viol_name>VIOL_ATTACK_SIGNATURE</viol_name> <sig_data> <sig_id>200021094</sig_id> <blocking_mask>4</blocking_mask> <kw_data> <buffer>Q29ubmVjdGlvbjoga2VlcC1hbGl2ZQ0KSG9zdDogYS5jb20NClVzZXItQWdlbnQ6IEphdmEvMS43LjBfNTENCkFjY2VwdDogdGV4dC9odG1sLCBpbWFnZS9naWYsIGltYWdlL2pwZWcsICo7IHE9LjIsICovKjsgcT0uMg0KDQo=</buffer> <offset>37</offset> <length>16</length> </kw_data> </sig_data> <sig_data> <sig_id>200011034</sig_id> <blocking_mask>2</blocking_mask> <kw_data> <buffer>cHQ6ICovKg0KRm9vOiBBdXRob3JpemF0aW9uOiAlbiVuJW4lbg0KRm9vOiBlY2hvPCEtLSAjZWNobw0KWDE4</buffer> <offset>29</offset> <length>6</length> </kw_data> </sig_data> <sig_data> <sig_id>200000179</sig_id> <blocking_mask>3</blocking_mask> <kw_data> <buffer>Nw0KQWNjZXB0OiAqLyoNCkZvbzogQXV0aG9yaXphdGlvbjogJW4lbiVuJW4NCkZvbzogZWNobzwhLS0gI2Vj</buffer> <offset>21</offset> <length>23</length> </kw_data> </sig_data> <sig_data> <sig_id>200004106</sig_id> <blocking_mask>2</blocking_mask> <kw_data> <buffer>emF0aW9uOiAlbiVuJW4lbg0KRm9vOiBlY2hvPCEtLSAjZWNobw0KWDE4OTI6IGVjaG8NClgxODkzOiAnPCEt</buffer> <offset>27</offset> <length>10</length> </kw_data> </sig_data> </violation> </request-violations> </BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
diff --git a/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_violation_name.log.txt b/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_violation_name.log.txt
index c717463a8..8d10ae6c7 100644
--- a/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_violation_name.log.txt
+++ b/test/component/nginx-app-protect/monitoring/testData/logs-in/xml_violation_name.log.txt
@@ -1 +1 @@
-N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592519,N/A,/,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?><BAD_MSG><request-violations><violation><viol_index>55</viol_index><viol_name>VIOL_ASM_COOKIE_MODIFIED</viol_name><cookie_name>VFMwMTQ0ZTkxNF8x</cookie_name></violation><violation><viol_index>55</viol_index><viol_name>VIOL_ASM_COOKIE_MODIFIED</viol_name><cookie_name>VFMwMTQ0ZTkxNF8zMQ==</cookie_name></violation><violation><viol_index>55</viol_index><viol_name>VIOL_ASM_COOKIE_MODIFIED</viol_name><cookie_name>VFMwMTQ0ZTkxNF8x</cookie_name></violation><violation><viol_index>55</viol_index><viol_name>VIOL_ASM_COOKIE_MODIFIED</viol_name><cookie_name>VFMwMTQ0ZTkxNF8zMQ==</cookie_name></violation></request-violations></BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
+N/A,80,127.0.0.1,,GET,app_protect_default_policy,HTTP,blocked,0,Critical,::,{Cross Site Scripting Signatures;High Accuracy Signatures}::{Cross Site Scripting Signatures;High Accuracy Signatures},61478,HTTP protocol compliance failed:Host header contains IP address,4355056874564592519,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,HTTP protocol compliance failed::Illegal meta character in value::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' ?><BAD_MSG><request-violations><violation><viol_index>55</viol_index><viol_name>VIOL_ASM_COOKIE_MODIFIED</viol_name><cookie_name>VFMwMTQ0ZTkxNF8x</cookie_name></violation><violation><viol_index>55</viol_index><viol_name>VIOL_ASM_COOKIE_MODIFIED</viol_name><cookie_name>VFMwMTQ0ZTkxNF8zMQ==</cookie_name></violation><violation><viol_index>55</viol_index><viol_name>VIOL_ASM_COOKIE_MODIFIED</viol_name><cookie_name>VFMwMTQ0ZTkxNF8x</cookie_name></violation><violation><viol_index>55</viol_index><viol_name>VIOL_ASM_COOKIE_MODIFIED</viol_name><cookie_name>VFMwMTQ0ZTkxNF8zMQ==</cookie_name></violation></request-violations></BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/,GET /?a=<script> HTTP/1.1\r\nHost: 127.0.0.1\r\nUser-Agent: curl/7.64.1\r\nAccept: */*\r\n\r\n
\ No newline at end of file
