Skip to content

NGINX App Protect OTel syslog processor #1262

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 14 commits into
base: main
Choose a base branch
from
Open

NGINX App Protect OTel syslog processor #1262

wants to merge 14 commits into from
+897 −10

Conversation

devbgv
Copy link

@devbgv devbgv commented Sep 11, 2025

Proposed changes

Introduce a syslog log processor that parses RFC 3164‑formatted log lines and enriches them with structured attributes such as timestamp, hostname, app name, and severity.
Register the processor in internal/collector/factories so it can be used in the agent’s processing pipeline.
Add the github.com/leodido/go-syslog/v4 dependency and wire it into the build.
Provide unit tests that validate successful parsing and attribute extraction from sample syslog messages.

Checklist

  • I have read the CONTRIBUTING document
  • I have run make install-tools and have attached any dependency changes to this pull request
  • If applicable, I have added tests that prove my fix is effective or that my feature works
  • If applicable, I have checked that any relevant tests pass after adding my changes
  • If applicable, I have updated any relevant documentation (README.md)
  • If applicable, I have tested my cross-platform changes on Ubuntu 22, Redhat 8, SUSE 15 and FreeBSD 13
@devbgv devbgv requested a review from a team as a code owner September 11, 2025 14:25
@github-actions
Copy link
Contributor

github-actions bot commented Sep 11, 2025
edited
Loading

✅ All required contributors have signed the F5 CLA for this PR. Thank you!
Posted by the CLA Assistant Lite bot.
@github-actions github-actions bot added chore Pull requests for routine tasks dependencies documentation Improvements or additions to documentation labels Sep 11, 2025
@devbgv devbgv changed the title Bgv/nim nap otel log parser nap otel syslog parser Sep 11, 2025
@devbgv
Copy link
Author

devbgv commented Sep 11, 2025

I have hereby read the F5 CLA and agree to its terms
@devbgv devbgv force-pushed the bgv/nim-nap-otel-log-parser branch from c3c63df to 5f92180 Compare September 11, 2025 14:48
@devbgv devbgv force-pushed the bgv/nim-nap-otel-log-parser branch from 0139f27 to e8085c2 Compare September 11, 2025 15:37
dhurley
dhurley reviewed Sep 24, 2025
View reviewed changes
Copy link
Collaborator

@dhurley dhurley left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR looks good just have a few additional comments.

  1. Could we actually rename the processor to securityviolationsprocessor? syslogprocessor seems too generic since it wont be able to be used for other syslog messages that have a different message format
  2. Could we add benchmark tests as well similar to these ones? https://github.com/nginx/agent/blob/main/internal/collector/logsgzipprocessor/processor_benchmark_test.go
@dhurley dhurley changed the title nap otel syslog parser NGINX App Protect OTel syslog processor Sep 24, 2025
aphralG
aphralG approved these changes Sep 24, 2025
View reviewed changes
dhurley
dhurley reviewed Oct 21, 2025
View reviewed changes
Copy link
Collaborator

@dhurley dhurley left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry @devbgv I think we missed some variables that need to renamed
@codecov
Copy link

codecov bot commented Oct 23, 2025

Codecov Report

❌ Patch coverage is 85.71429% with 50 lines in your changes missing coverage. Please review.
✅ Project coverage is 85.01%. Comparing base (3bee777) to head (ddae701).

Files with missing lines Patch % Lines
...collector/securityviolationsprocessor/processor.go 88.35% 29 Missing and 10 partials ⚠️
internal/config/config.go 0.00% 4 Missing and 2 partials ⚠️
...l/collector/securityviolationsprocessor/factory.go 37.50% 4 Missing and 1 partial ⚠️
Additional details and impacted files 
@@ Coverage Diff @@ ## main #1262 +/- ## ========================================== + Coverage 85.00% 85.01% +0.01%  ========================================== Files 100 102 +2 Lines 14528 14878 +350 ========================================== + Hits 12349 12649 +300  - Misses 1716 1753 +37  - Partials 463 476 +13
Files with missing lines Coverage Δ
internal/collector/factories.go 100.00% <100.00%> (ø)
internal/config/types.go 85.41% <ø> (ø)
...l/collector/securityviolationsprocessor/factory.go 37.50% <37.50%> (ø)
internal/config/config.go 85.14% <0.00%> (-0.43%) ⬇️
...collector/securityviolationsprocessor/processor.go 88.35% <88.35%> (ø)

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3bee777...ddae701. Read the comment docs.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

chore Pull requests for routine tasks dependencies documentation Improvements or additions to documentation

5 participants

@devbgv @dhurley @craigell @sean-breen @aphralG