This topic describes possible issues users might encounter when using the Security Monitoring module. When possible, suggested workarounds are provided.
If a Security Violation event is not received by the Security Monitoring module, the data representing the attack is lost.
NGINX App Protect supports logging to multiple destinations, enabling the user to send a log to NGINX agent and a copy to be stored as a backup. In the event of a failure to receive Security Events in Security Monitoring, the backup log can be checked to verify attack details. Change the settings below to enable backup logging:
- Instance with Security Monitoring only
app_protect_policy_file "/etc/app_protect/conf/NginxDefaultPolicy.json"; app_protect_security_log_enable on; app_protect_security_log "/etc/app_protect/conf/log_sm.json" syslog:server=127.0.0.1:514; app_protect_security_log "/etc/app_protect/conf/log_sm.json" <Path to store log file>; # Example: app_protect_security_log "/etc/app_protect/conf/log_sm.json" /var/log/app_protect/security.log;
- Instance with Security Monitoring and Instance Manager
app_protect_policy_file "/etc/nms/NginxDefaultPolicy.tgz"; app_protect_security_log_enable on; app_protect_security_log "/etc/nms/secops_dashboard.tgz" syslog:server=127.0.0.1:514; app_protect_security_log "/etc/nms/secops_dashboard.tgz" <Path to store log file>; # Example: app_protect_security_log "/etc/nms/secops_dashboard.tgz" /var/log/app_protect/security.log;
If you need additional assistance, refer to the following topics for guidance on how to contact Support and create a Support Package: