nginx · sanathkumarbs · Nov 10, 2022 · Nov 3, 2022
@@ -47,67 +47,57 @@ message ActivityEvent {
 
 // SecurityViolationEvent represents a Security Violation that is emitted by the Agent
 message SecurityViolationEvent {
-    string DateTime = 1 [(gogoproto.jsontag) = "date_time" ];
-    string PolicyName = 2 [(gogoproto.jsontag) = "policy_name" ];
-    string SupportID = 3 [(gogoproto.jsontag) = "support_id" ];
-
-    string Outcome = 4 [(gogoproto.jsontag) = "outcome" ];
-    string OutcomeReason = 5 [(gogoproto.jsontag) = "outcome_reason" ];
-    string BlockingExceptionReason = 6 [(gogoproto.jsontag) = "blocking_exception_reason" ];
-
-    string Method = 7 [(gogoproto.jsontag) = "method" ];
-    string Protocol = 8 [(gogoproto.jsontag) = "protocol" ];
-    string XForwardedForHeaderValue = 9 [(gogoproto.jsontag) = "xff_header_value" ];
-
-    string URI = 10 [(gogoproto.jsontag) = "uri" ];
-    string Request = 11 [(gogoproto.jsontag) = "request" ];
-    string IsTruncated = 12 [(gogoproto.jsontag) = "is_truncated" ];
-    string RequestStatus = 13 [(gogoproto.jsontag) = "request_status" ];
-    string ResponseCode = 14 [(gogoproto.jsontag) = "response_code" ];
-
-    string GeoIP = 15 [(gogoproto.jsontag) = "geo_ip" ];
-    string Host = 16 [(gogoproto.jsontag) = "host" ];
-    string UnitHostname = 17 [(gogoproto.jsontag) = "unit_hostname" ];
-    string SourceHost = 18 [(gogoproto.jsontag) = "source_host" ];
-    string VSName = 19 [(gogoproto.jsontag) = "vs_name" ];
-    string IPClient = 20 [(gogoproto.jsontag) = "ip_client" ];
-    string DestinationPort = 21 [(gogoproto.jsontag) = "destination_port" ];
-    string SourcePort = 22 [(gogoproto.jsontag) = "source_port" ];
-
-    string Violations = 23 [(gogoproto.jsontag) = "violations" ];
-    string SubViolations = 24 [(gogoproto.jsontag) = "sub_violations" ];
-    string ViolationRating = 25 [(gogoproto.jsontag) = "violation_rating" ];
-
-    string SigID = 26 [(gogoproto.jsontag) = "sig_id" ];
-    string SigNames = 27 [(gogoproto.jsontag) = "sig_names" ];
-    string SigSetNames = 28 [(gogoproto.jsontag) = "sig_set_names" ];
-    string SigCVEs = 29 [(gogoproto.jsontag) = "sig_cves" ];
-
-    string ClientClass = 30 [(gogoproto.jsontag) = "client_class" ];
-    string ClientApplication = 31 [(gogoproto.jsontag) = "client_application" ];
-    string ClientApplicationVersion = 32 [(gogoproto.jsontag) = "client_application_version" ];
-
-    string Severity = 33 [(gogoproto.jsontag) = "severity" ];
-    // NOTE: Severity Label might be deprecated if we have no use for it
-    string SeverityLabel = 34 [(gogoproto.jsontag) = "severity_label" ];
-    string Priority = 35 [(gogoproto.jsontag) = "priority" ];
-
-    string ThreatCampaignNames = 36 [(gogoproto.jsontag) = "threat_campaign_names" ];
-
-    string BotAnomalies = 37 [(gogoproto.jsontag) = "bot_anomalies" ];
-    string BotCategory = 38 [(gogoproto.jsontag) = "bot_category" ];
-    string EnforcedBotAnomalies = 39 [(gogoproto.jsontag) = "enforced_bot_anomalies" ];
-    string BotSignatureName = 40 [(gogoproto.jsontag) = "bot_signature_name" ];
-
-    string ViolationContexts = 41 [(gogoproto.jsontag) = "violation_contexts" ];
-    repeated ViolationData ViolationsData = 42 [(gogoproto.jsontag) = "violations_data" ];
-
-    string SystemID = 43 [(gogoproto.jsontag) = "system_id" ];
-    string Hostname = 44 [(gogoproto.jsontag) = "hostname" ];
-    string InstanceTags = 45 [(gogoproto.jsontag) = "instance_tags" ];
-    string InstanceGroup = 46 [(gogoproto.jsontag) = "instance_group" ];
-    string DisplayName = 47 [(gogoproto.jsontag) = "display_name" ];
-    string NginxID = 48 [(gogoproto.jsontag) = "nginx_id" ];
+    string PolicyName = 1 [(gogoproto.jsontag) = "policy_name" ];
+    string SupportID = 2 [(gogoproto.jsontag) = "support_id" ];
+
+    string Outcome = 3 [(gogoproto.jsontag) = "outcome" ];
+    string OutcomeReason = 4 [(gogoproto.jsontag) = "outcome_reason" ];
+    string BlockingExceptionReason = 5 [(gogoproto.jsontag) = "blocking_exception_reason" ];
+
+    string Method = 6 [(gogoproto.jsontag) = "method" ];
+    string Protocol = 7 [(gogoproto.jsontag) = "protocol" ];
+    string XForwardedForHeaderValue = 8 [(gogoproto.jsontag) = "xff_header_value" ];
+
+    string URI = 9 [(gogoproto.jsontag) = "uri" ];
+    string Request = 10 [(gogoproto.jsontag) = "request" ];
+    string IsTruncated = 11 [(gogoproto.jsontag) = "is_truncated" ];
+    string RequestStatus = 12 [(gogoproto.jsontag) = "request_status" ];
+    string ResponseCode = 13 [(gogoproto.jsontag) = "response_code" ];
+
+    string ServerAddr = 14 [(gogoproto.jsontag) = "server_addr" ];
+    string VSName = 15 [(gogoproto.jsontag) = "vs_name" ];
+    string RemoteAddr = 16[(gogoproto.jsontag) = "remote_addr" ];
+    string RemotePort = 17 [(gogoproto.jsontag) = "destination_port" ];
+    string ServerPort = 18 [(gogoproto.jsontag) = "server_port" ];
+
+    string Violations = 19 [(gogoproto.jsontag) = "violations" ];
+    string SubViolations = 20 [(gogoproto.jsontag) = "sub_violations" ];
+    string ViolationRating = 21 [(gogoproto.jsontag) = "violation_rating" ];
+
+    string SigSetNames = 22 [(gogoproto.jsontag) = "sig_set_names" ];
+    string SigCVEs = 23 [(gogoproto.jsontag) = "sig_cves" ];
+
+    string ClientClass = 24 [(gogoproto.jsontag) = "client_class" ];
+    string ClientApplication = 25 [(gogoproto.jsontag) = "client_application" ];
+    string ClientApplicationVersion = 26 [(gogoproto.jsontag) = "client_application_version" ];
+
+    string Severity = 27 [(gogoproto.jsontag) = "severity" ];
+    string ThreatCampaignNames = 28 [(gogoproto.jsontag) = "threat_campaign_names" ];
+
+    string BotAnomalies = 29 [(gogoproto.jsontag) = "bot_anomalies" ];
+    string BotCategory = 30 [(gogoproto.jsontag) = "bot_category" ];
+    string EnforcedBotAnomalies = 31 [(gogoproto.jsontag) = "enforced_bot_anomalies" ];
+    string BotSignatureName = 32 [(gogoproto.jsontag) = "bot_signature_name" ];
+
+    string ViolationContexts = 33 [(gogoproto.jsontag) = "violation_contexts" ];
+    repeated ViolationData ViolationsData = 34 [(gogoproto.jsontag) = "violations_data" ];
+
+    string SystemID = 35 [(gogoproto.jsontag) = "system_id" ];
+    string InstanceTags = 36 [(gogoproto.jsontag) = "instance_tags" ];
+    string InstanceGroup = 37 [(gogoproto.jsontag) = "instance_group" ];
+    string DisplayName = 38 [(gogoproto.jsontag) = "display_name" ];
+    string NginxID = 39 [(gogoproto.jsontag) = "nginx_id" ];
+    string ParentHostname = 40 [(gogoproto.jsontag) = "parent_hostname" ];
 }
 
 message SignatureData {

@@ -93,7 +93,7 @@ func (nap *NAPCollector) Collect(ctx context.Context, wg *sync.WaitGroup, collec
 				break
 			}
 
-			nap.logger.Infof("collected log line succesfully.")
+			nap.logger.Tracef("collected log line succesfully: %v", line)
 			collect <- &monitoring.RawLog{Origin: monitoring.NAP, Logline: line}
 		case <-ctx.Done():
 			nap.logger.Infof("Context cancellation, collector is wrapping up...")

@@ -16,7 +16,7 @@ import (
 )
 
 const (
-	componentName              = "security-events-manager"
+	componentName              = "nginx-app-protect-monitoring"
 	defaultCollectorBufferSize = 50000
 	defaultProcessorBufferSize = 50000
 )