NGINX App Protect DoS Operation Log
Overview
The operation logs consists of system operational and health events. The events are sent to the NGINX error log and are distinguished by the APP_PROTECT_DOS
prefix followed by JSON body. The log level depends on the event: success is usually notice
while failure is error
. The timestamp is inherent in the error log.
Events
Event Type | Level | Meaning |
---|---|---|
Configuration Error | error | There were errors in the directives in the nginx.conf file. Configuration error event is produced when one of F5 NGINX App Protect DoS directives is supplied with an incorrect data. An additional information will be added to the message, describing what was incorrect. NGINX will run with default values for this directive. Please note that if the directive supplied with an incorrect number of arguments then NGINX will issue an error and NGINX will not run. It is a generic NGINX behavior. |
{
"event": "configuration_error",
"error_message": "unknown argument",
"line_number": 58
}
Event Type | Level | Meaning |
---|---|---|
Configuration Load Failure | error | There was an error in one of the configuration files: file not found, failed to parse. |
{
"event": "configuration_load_failure",
"error_message": "Failed to load Policy '/etc/app_protect_dos/BADOSDefaultPolicy.json' : Fail parse JSON Policy: malformed JSON string, neither tag, array, object, number, string or atom, at character offset 0 (before \"xxxx\\nhdjk\\n\\n555\\n\") \n.\n",
"error_line_number": 58
}
Event Type | Level | Meaning |
---|---|---|
Configuration Load Success | notice | The APP_PROTECT_DOS configuration process ended successfully: all policies, log configuration and global settings were loaded to NGINX App Protect DoS and all traffic will be handled by this configuration. The error_message contains warnings. This event is also generated on the initial configuration (when NGINX Plus starts). |
{
"event": "configuration_load_success",
"software_version": "x.x.x.x.x",
"error_message": "warning if exists..."
}
Event Type | Level | Meaning |
---|---|---|
Shared Memory Failure | error | A worker attempted to connect to shared memory but the operation failed. One time error (per worker) - upon switch from init or operational mode to failure . The mode should be failure . |
{
"event": "shared_memory_failure",
"worker_pid": 4928,
"mode": "failure",
"mode_changed": true
}
Event Type | Level | Meaning |
---|---|---|
Shared Memory Connected | notice | A worker successfully connected to shared memory. One time message (per worker) - upon switch from init or failure mode to operational . The mode attribute should be operational , unless there is an ongoing problem. |
{
"event": "shared_memory_connected",
"worker_pid": 4928,
"mode": "operational",
"mode_changed": true
}
Event Type | Level | Meaning |
---|---|---|
eBPF Failure | error | A worker attempted to connect to eBPF maps but the operation failed. One time error (per worker) - upon switch from init or operational mode to failure . The mode should be failure . |
{
"event": "ebpf_failure",
"worker_pid": 4928,
"mode": "failure",
"mode_changed": true
}
Event Type | Level | Meaning |
---|---|---|
eBPF Connected | notice | A worker successfully connected to eBPF maps. One time message (per worker) - upon switch from init or failure mode to operational . The mode attribute should be operational , unless there is an ongoing problem. |
{
"event": "ebpf_connected",
"worker_pid": 4928,
"mode": "operational",
"mode_changed": true
}
Last modified August 22, 2024