Skip to content

NGINX App Protect OTel syslog processor #1262

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dhurley merged 14 commits into from
Oct 24, 2025
Merged

NGINX App Protect OTel syslog processor #1262

Changes from 1 commit
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
d11de3d
feat: Add syslog log processor for nap
devbgv Aug 4, 2025
c73fb0c
fix: address review comments
devbgv Aug 22, 2025
5f92180
fix: remove duplicate attributes
devbgv Sep 11, 2025
09b005f
Merge branch 'main' into bgv/nim-nap-otel-log-parser
devbgv Sep 11, 2025
e8085c2
fix: lint, UT and Race UT
devbgv Sep 11, 2025
02820ee
fix: add more UT for syslog processor increase coverage
devbgv Sep 11, 2025
4237dd1
fix: address review comments
devbgv Sep 26, 2025
9042087
Merge remote-tracking branch 'origin/main' into bgv/nim-nap-otel-log-…
devbgv Sep 26, 2025
192457a
fix: lint issues fix
devbgv Sep 29, 2025
08646a5
fix: add benchmarks for securityviolationsprocessor
devbgv Sep 29, 2025
867dba5
fix: address review comments var name changes
devbgv Oct 21, 2025
d69ca18
fix: format and lint
devbgv Oct 21, 2025
28948e3
Merge branch 'nginx:main' into bgv/nim-nap-otel-log-parser
devbgv Oct 23, 2025
ddae701
fix: fix ut
devbgv Oct 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
fix: add benchmarks for securityviolationsprocessor
  • Loading branch information
@devbgv
devbgv committed Sep 29, 2025
commit 08646a580dd397bf3457b9ddc2dd5e26a0167ec5
78 changes: 78 additions & 0 deletions internal/collector/securityviolationsprocessor/processor_bench_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
// Copyright (c) F5, Inc.
//
// This source code is licensed under the Apache License, Version 2.0 license found in the
// LICENSE file in the root directory of this source tree.

package securityviolationsprocessor

import (
"context"
"testing"

"go.opentelemetry.io/collector/consumer/consumertest"
"go.opentelemetry.io/collector/pdata/plog"
"go.opentelemetry.io/collector/processor/processortest"
)

//nolint:lll // long test string kept for readability
const (
sampleAppProtectSyslog = `<130>Aug 22 03:28:35 ip-172-16-0-213 ASM:N/A,80,127.0.0.1,false,GET,nms_app_protect_default_policy,HTTP,blocked,0,N/A,N/A::N/A,{High Accuracy Signatures;Cross Site Scripting Signatures}::{High Accuracy Signatures; Cross Site Scripting Signatures},56064,N/A,5377540117854870581,N/A,5,1-localhost:1-/,N/A,REJECTED,SECURITY_WAF_VIOLATION,Illegal meta character in URL::Attack signature detected::Violation Rating Threat detected::Bot Client Detected,<?xml version='1.0' encoding='UTF-8'?><BAD_MSG><violation_masks><block>414000000200c00-3a03030c30000072-8000000000000000-0</block><alarm>475f0ffcbbd0fea-befbf35cb000007e-f400000000000000-0</alarm><learn>0-0-0-0</learn><staging>0-0-0-0</staging></violation_masks><request-violations><violation><viol_index>42</viol_index><viol_name>VIOL_ATTACK_SIGNATURE</viol_name><context>url</context><sig_data><sig_id>200000099</sig_id><blocking_mask>3</blocking_mask><kw_data><buffer>Lzw+PHNjcmlwdD4=</buffer><offset>3</offset><length>7</length></kw_data></sig_data><sig_data><sig_id>200000093</sig_id><blocking_mask>3</blocking_mask><kw_data><buffer>Lzw+PHNjcmlwdD4=</buffer><offset>4</offset><length>7</length></kw_data></sig_data></violation><violation><viol_index>26</viol_index><viol_name>VIOL_URL_METACHAR</viol_name><uri>Lzw+PHNjcmlwdD4=</uri><metachar_index>60</metachar_index><wildcard_entity>*</wildcard_entity><staging>0</staging></violation><violation><viol_index>26</viol_index><viol_name>VIOL_URL_METACHAR</viol_name><uri>Lzw+PHNjcmlwdD4=</uri><metachar_index>62</metachar_index><wildcard_entity>*</wildcard_entity><staging>0</staging></violation><violation><viol_index>122</viol_index><viol_name>VIOL_BOT_CLIENT</viol_name></violation><violation><viol_index>93</viol_index><viol_name>VIOL_RATING_THREAT</viol_name></violation></request-violations></BAD_MSG>,curl,HTTP Library,N/A,N/A,Untrusted Bot,N/A,N/A,HTTP/1.1,/<><script>,GET /<><script> HTTP/1.1\\r\\nHost: localhost\\r\\nUser-Agent: curl/7.81.0\\r\\nAccept: */*\\r\\n\\r\\n`
)

//nolint:lll,revive // long test string kept for readability
func generateSecurityViolationLogs(numRecords int, message string) plog.Logs {
logs := plog.NewLogs()
rl := logs.ResourceLogs().AppendEmpty()
sl := rl.ScopeLogs().AppendEmpty()

for range numRecords {
lr := sl.LogRecords().AppendEmpty()
lr.Body().SetStr(message)
}

return logs
}

func newBenchmarkProcessor() *securityViolationsProcessor {
settings := processortest.NewNopSettings(processortest.NopType)
return newSecurityViolationsProcessor(consumertest.NewNop(), settings)
}

func BenchmarkSecurityViolationsProcessor(b *testing.B) {
benchmarks := []struct {
name string
message string
numRecords int
}{
{name: "AppProtect_100", message: sampleAppProtectSyslog, numRecords: 100},
{name: "AppProtect_1000", message: sampleAppProtectSyslog, numRecords: 1000},
}

for _, bm := range benchmarks {
b.Run(bm.name, func(b *testing.B) {
p := newBenchmarkProcessor()
logs := generateSecurityViolationLogs(bm.numRecords, bm.message)

b.ReportAllocs()
b.ResetTimer()
for range b.N {
_ = p.ConsumeLogs(context.Background(), logs)
}
})
}
}

func BenchmarkSecurityViolationsProcessor_Concurrent(b *testing.B) {
p := newBenchmarkProcessor()
logs := generateSecurityViolationLogs(200, sampleAppProtectSyslog)

b.ReportAllocs()
b.ResetTimer()
b.RunParallel(func(pb *testing.PB) {
for pb.Next() {
logsCopy := plog.NewLogs()
logs.CopyTo(logsCopy)
_ = p.ConsumeLogs(context.Background(), logsCopy)
}
})
}
Loading