kubernetes-ingress
kubernetes-ingress copied to clipboard
nginxinc
nginx plus dos log invalid value for key: 'format': "user-defined"
Issue Description:
there is an issue with Nginx dos log format with the resource kind APDosLogConf, when I change the default format which is "splunk" to user-defined the Nginx reports an issue "failed to import config from '/etc/nginx/dos/policies/nginx-ingress_default-dos-policy.json': invalid value for key: 'format'. Using default: 'splunk'" }
To Reproduce:
Steps to reproduce the behavior:
change format from Splunk to user-defined for the logs config yaml file resource kind APDosLogConf then check Nginx logs
Versions:
nginx plus + dos versions nginx version: nginx/1.21.6 (nginx-plus-r27) app-protect-dos 27+2.4.1-1~bionic amd64
Note: the existing crd in the cluster has the values of user-defined for the format type as bellow
Hi @AhmedAsimMetwally thanks for reporting!
Be sure to check out the docs while you wait for a human to take a look at this :slightly_smiling_face:
Cheers!
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
NGINX AppProtect DOS only appears to support the splunk format: https://docs.nginx.com/nginx-app-protect-dos/monitoring/security-log/
@brianehlert thanks for your reply but how did you come up with this conclusion as it's not mentioned anywhere in the documentation that it only supports Splunk format, especially since we have used custom format in the app protect waf but for some reason, it's not working with dos.
NAP WAF and NAP DOS are not the same code base for starters. So they differ in what options and how they support them.