fix logs

aphralG · aphralG · commit 7ccfa4951320 · 2025-07-16T15:27:19.000+01:00
diff --git a/internal/datasource/config/nginx_config_parser.go b/internal/datasource/config/nginx_config_parser.go
@@ -109,6 +109,7 @@ func (ncp *NginxConfigParser) createNginxConfigContext(
 	payload *crossplane.Payload,
 ) (*model.NginxConfigContext, error) {
 	napSyslogServersFound := make(map[string]bool)
+	napEnabled := false
 
 	nginxConfigContext := &model.NginxConfigContext{
 		InstanceID: instance.GetInstanceMeta().GetInstanceId(),
@@ -175,17 +176,11 @@ func (ncp *NginxConfigParser) createNginxConfigContext(
 					}
 				case "app_protect_security_log":
 					if len(directive.Args) > 1 {
-						sysLogServers := ncp.findValidSysLogServers(directive.Args)
-						if len(sysLogServers) == 0 {
-							slog.WarnContext(ctx, "Could not find usable NAP syslog server, "+
-								"security violations will be unavailable")
-						}
-						for i := range sysLogServers {
-							sysLogServer := sysLogServers[i]
-							if !napSyslogServersFound[sysLogServer] {
-								napSyslogServersFound[sysLogServer] = true
-								slog.DebugContext(ctx, "Found NAP syslog server", "address", sysLogServer)
-							}
+						napEnabled = true
+						sysLogServer := ncp.findValidSysLogServers(directive.Args[1])
+						if sysLogServer != "" && !napSyslogServersFound[sysLogServer] {
+							napSyslogServersFound[sysLogServer] = true
+							slog.DebugContext(ctx, "Found NAP syslog server", "address", sysLogServer)
 						}
 					}
 				}
@@ -213,6 +208,9 @@ func (ncp *NginxConfigParser) createNginxConfigContext(
 				nginxConfigContext.NAPSysLogServer = syslogServer
 				ncp.previousNAPSysLogServer = syslogServer
 			}
+		} else if napEnabled {
+			slog.WarnContext(ctx, "Could not find usable NAP syslog server, "+
+				"security violations will be unavailable")
 		}
 
 		fileMeta, err := files.FileMeta(conf.File)
@@ -236,40 +234,37 @@ func (ncp *NginxConfigParser) parseSyslogDirective(ctx context.Context, napSyslo
 	for napSyslogServer := range napSyslogServers {
 		ln, err := net.Listen("tcp", napSyslogServer)
 		if err != nil {
-			slog.WarnContext(ctx, "NAP syslog server is not reachable", "address", napSyslogServer,
+			slog.DebugContext(ctx, "NAP syslog server is not reachable", "address", napSyslogServer,
 				"error", err)
 
 			continue
 		}
 		ln.Close()
+
 		slog.DebugContext(ctx, "Found valid NAP syslog server", "address", napSyslogServer)
 
 		return napSyslogServer
 	}
-	slog.WarnContext(ctx, "Could not find usable NAP syslog server, security violations will be unavailable")
 
 	return ""
 }
 
-func (ncp *NginxConfigParser) findValidSysLogServers(sysLogServers []string) []string {
+func (ncp *NginxConfigParser) findValidSysLogServers(sysLogServer string) string {
 	re := regexp.MustCompile(`syslog:server=([\S]+)`)
-	var servers []string
-	for i := range sysLogServers {
-		matches := re.FindStringSubmatch(sysLogServers[i])
-		if len(matches) > 1 {
-			host, _, err := net.SplitHostPort(matches[1])
-			if err != nil {
-				continue
-			}
+	matches := re.FindStringSubmatch(sysLogServer)
+	if len(matches) > 1 {
+		host, _, err := net.SplitHostPort(matches[1])
+		if err != nil {
+			return ""
+		}
 
-			ip := net.ParseIP(host)
-			if ip.IsLoopback() || strings.EqualFold(host, "localhost") {
-				servers = append(servers, matches[1])
-			}
+		ip := net.ParseIP(host)
+		if ip.IsLoopback() || strings.EqualFold(host, "localhost") {
+			return matches[1]
 		}
 	}
 
-	return servers
+	return ""
 }
 
 func (ncp *NginxConfigParser) parseIncludeDirective(directive *crossplane.Directive) string {
diff --git a/internal/datasource/config/nginx_config_parser_test.go b/internal/datasource/config/nginx_config_parser_test.go
@@ -506,6 +506,34 @@ func TestNginxConfigParser_Parse(t *testing.T) {
 			),
 			allowedDirectories: []string{dir},
 		},
+		{
+			name:     "Test 10: Check with multiple syslog servers",
+			instance: protos.NginxPlusInstance([]string{}),
+			content: testconfig.NginxConfigWithMultipleSysLogs(errorLog.Name(), accessLog.Name(),
+				"192.168.12.34:1517", "my.domain.com:1517", "127.0.0.1:1515"),
+			expectedConfigContext: modelHelpers.ConfigContextWithSysLog(
+				accessLog.Name(),
+				errorLog.Name(),
+				protos.NginxPlusInstance([]string{}).GetInstanceMeta().GetInstanceId(),
+				"127.0.0.1:1515",
+			),
+			allowedDirectories: []string{dir},
+			expectedLog:        "Found valid NAP syslog server",
+		},
+		{
+			name:     "Test 10: Check with multiple syslog servers",
+			instance: protos.NginxPlusInstance([]string{}),
+			content: testconfig.NginxConfigWithMultipleSysLogs(errorLog.Name(), accessLog.Name(),
+				"192.168.12.34:1517", "my.domain.com:1517", "not.allowed:1515"),
+			expectedConfigContext: modelHelpers.ConfigContextWithSysLog(
+				accessLog.Name(),
+				errorLog.Name(),
+				protos.NginxPlusInstance([]string{}).GetInstanceMeta().GetInstanceId(),
+				"",
+			),
+			allowedDirectories: []string{dir},
+			expectedLog:        "Could not find usable NAP syslog server, security violations will be unavailable",
+		},
 	}
 
 	for _, test := range tests {
@@ -637,7 +665,7 @@ func TestNginxConfigParser_SyslogServerParse(t *testing.T) {
 			expectedSyslogServers: "",
 			content: testconfig.NginxConfigWithMultipleSysLogs(errorLog.Name(), accessLog.Name(),
 				"my.domain.com:1517", "127.0.0.1:1515", "my.domain.com:1517"),
-			expectedLog: "Could not find usable NAP syslog server",
+			expectedLog: "NAP syslog server is not reachable",
 			portInUse:   true,
 		},
 		{
@@ -684,17 +712,17 @@ func TestNginxConfigParser_SyslogServerParse(t *testing.T) {
 
 func TestNginxConfigParser_findValidSysLogServers(t *testing.T) {
 	servers := []string{
-		"/etc/app_protect/conf/log_default.json", "syslog:server=192.168.12.34:1517",
-		"app_protect_security_log", "/etc/app_protect/conf/log_default1.json", "syslog:server=my.domain.com:1517",
-		"app_protect_security_log", "/etc/app_protect/conf/log_default2.json", "syslog:server=127.0.0.1:1515",
-		"app_protect_security_log", "/etc/app_protect/conf/log_default3.json", "syslog:server=localhost:1516",
-		"app_protect_security_log\", \"/etc/app_protect/conf/log_default3.json\", \"syslog:server=127.255.255.255:1517",
+		"syslog:server=192.168.12.34:1517", "syslog:server=my.domain.com:1517", "syslog:server=127.0.0.1:1515",
+		"syslog:server=localhost:1516", "syslog:server=127.255.255.255:1517",
 	}
-	expected := []string{"127.0.0.1:1515", "localhost:1516", "127.255.255.255:1517"}
+	expected := []string{"", "", "127.0.0.1:1515", "localhost:1516", "127.255.255.255:1517"}
 	ncp := NewNginxConfigParser(types.AgentConfig())
-	result := ncp.findValidSysLogServers(servers)
 
-	assert.Equal(t, expected, result)
+	for i, server := range servers {
+		result := ncp.findValidSysLogServers(server)
+
+		assert.Equal(t, expected[i], result)
+	}
 }
 
 func TestNginxConfigParser_checkLog(t *testing.T) {
diff --git a/test/config/nginx/nginx-with-multiple-syslog-servers.conf b/test/config/nginx/nginx-with-multiple-syslog-servers.conf
@@ -19,17 +19,6 @@ http {
 }
 
 http {
-    log_format ltsv "time:$time_local"
-            "\thost:$remote_addr"
-            "\tmethod:$request_method"
-            "\turi:$request_uri"
-            "\tprotocol:$server_protocol"
-            "\tstatus:$status"
-            "\tsize:$body_bytes_sent"
-            "\treferer:$http_referer"
-            "\tua:$http_user_agent"
-            "\treqtime:$request_time"
-            "\tapptime:$upstream_response_time";
 
     server {
       listen 9093;
@@ -42,9 +31,9 @@ http {
    
     server {
         
-        app_protect_security_log "/etc/app_protect/conf/log_default.json" syslog:server=%s
-        app_protect_security_log "/etc/app_protect/conf/log_default1.json" syslog:server=%s
-        app_protect_security_log "/etc/app_protect/conf/log_default2.json" syslog:server=%s
-        app_protect_security_log "/etc/app_protect/conf/log_default3.json" syslog:server=%s
+        app_protect_security_log "/etc/app_protect/conf/log_default.json" syslog:server=%s;
+        app_protect_security_log "/etc/app_protect/conf/log_default1.json" syslog:server=%s;
+        app_protect_security_log "/etc/app_protect/conf/log_default2.json" syslog:server=%s;
+        app_protect_security_log "/etc/app_protect/conf/log_default3.json" syslog:server=%s;
     }
 } 
diff --git a/test/model/config.go b/test/model/config.go
@@ -160,3 +160,41 @@ func ConfigContextWithFiles(
 		NAPSysLogServer: syslogServers,
 	}
 }
+
+func ConfigContextWithSysLog(
+	accessLogName,
+	errorLogName string,
+	instanceID string,
+	syslogServers string,
+) *model.NginxConfigContext {
+	return &model.NginxConfigContext{
+		StubStatus: &model.APIDetails{
+			URL:      "",
+			Listen:   "",
+			Location: "",
+		},
+		PlusAPI: &model.APIDetails{
+			URL:      "",
+			Listen:   "",
+			Location: "",
+		},
+		AccessLogs: []*model.AccessLog{
+			{
+				Name:        accessLogName,
+				Format:      "$remote_addr - $remote_user [$time_local]",
+				Readable:    true,
+				Permissions: "0600",
+			},
+		},
+		ErrorLogs: []*model.ErrorLog{
+			{
+				Name:        errorLogName,
+				Readable:    true,
+				LogLevel:    "notice",
+				Permissions: "0600",
+			},
+		},
+		InstanceID:      instanceID,
+		NAPSysLogServer: syslogServers,
+	}
+}
