Update project description and add access log documentation

.asf.yaml

@@ -16,7 +16,7 @@
 #
 
 github:
-  description: Metrics collector and profiler powered by eBPF to diagnose CPU and network performance.
+  description: Monitor and profiler powered by eBPF to monitor network traffic, and diagnose CPU and network performance.
   homepage: https://skywalking.apache.org/
   labels:
     - skywalking

README.md

@@ -3,11 +3,12 @@ Apache SkyWalking Rover
 
 <img src="http://skywalking.apache.org/assets/logo.svg" alt="Sky Walking logo" height="90px" align="right" />
 
-**SkyWalking Rover**: Metrics collector and profiler powered by eBPF to diagnose CPU and network performance.
+**SkyWalking Rover**: Monitor and profiler powered by eBPF to monitor network traffic, and diagnose CPU and network performance.
 
 - CPU On/Off profiling for C, C++, Golang, and Rust.
 - Network profiling for TCP, TCP(TLS), HTTP(s) traffic with topology and metrics.
 - Tracing enhancement. Collect extra information from OS level as attached events for the existing tracing system, such as attach raw data of HTTP request and reponse.
+- Kubernetes network monitoring for generating network access logs. 
 
 [![GitHub stars](https://img.shields.io/github/stars/apache/skywalking.svg?style=for-the-badge&label=Stars&logo=github)](https://github.com/apache/skywalking)
 [![Twitter Follow](https://img.shields.io/twitter/follow/asfskywalking.svg?style=for-the-badge&label=Follow&logo=twitter)](https://twitter.com/AsfSkyWalking)

docs/en/concepts-and-designs/overview.md

@@ -1,15 +1,16 @@
 # Overview
 
-SkyWalking Rover is an open-source collector, which provides a metrics collector and eBPF-based profiler for C, C++, Golang, and Rust.
+SkyWalking Rover is an open-source collector, which provides a eBPF-based monitor and profiler in the Kubernetes.
 
 ## Why use SkyWalking Rover?
 
-On the Linux platform, we could collect a lot of telemetry data. Rover could collect them based on the eBPF technology,
+On the Kubernetes platform, we could collect a lot of telemetry data. Rover could collect them based on the eBPF technology,
 and upload them to the SkyWalking backend for analysis, aggregate, and visualize them.
 
 1. EBPF-based profiling for C, C++, Golang, and Rust.
 2. Network profiling for L4(TCP) and L7(HTTP) traffic, including with TLS.
-3. Tracing enhancement. Collect extra information from OS level as attached events for the existing tracing system, such as attach raw data of HTTP request and reponse.
+3. Tracing enhancement. Collect extra information from OS level as attached events for the existing tracing system, such as attach raw data of HTTP request and response.
+4. Network monitoring for generating network access logs.
 
 ## Architecture
 

docs/en/setup/configuration/accesslog.md

@@ -0,0 +1,47 @@
+# Access Log Module
+
+The access log module is used to collecting the network access logs from the [Kerbernetes Module](process_discovery/kubernetes.md),
+and send [access logs](https://github.com/apache/skywalking-data-collect-protocol/blob/master/ebpf/accesslog.proto) to the backend server for analyze.
+
+## Configuration
+
+| Name                                       | Default | Environment Key                                  | Description                                                |
+|--------------------------------------------|---------|--------------------------------------------------|------------------------------------------------------------|
+| access_log.active                          | false   | ROVER_ACCESS_LOG_ACTIVE                          | Is active the access log monitoring.                       |
+| access_log.flush.max_count                 | 2000    | ROVER_ACCESS_LOG_FLUSH_MAX_COUNT                 | The max count of the access log when flush to the backend. |
+| access_log.flush.period                    | 5s      | ROVER_ACCESS_LOG_FLUSH_PERIOD                    | The period of flush access log to the backend.             |
+| access_log_protocol_analyze.per_cpu_buffer | 400KB   | ROVER_ACCESS_LOG_PROTOCOL_ANALYZE_PER_CPU_BUFFER | The size of socket data buffer on each CPU.                |
+| access_log.protocol_analyze.parallels      | 2       | ROVER_ACCESS_LOG_PROTOCOL_ANALYZE_PARALLELS      | The count of parallel protocol analyzer.                   |
+| access_log.protocol_analyze.queue_size     | 5000    | ROVER_ACCESS_LOG_PROTOCOL_ANALYZE_QUEUE_SIZE     | The size of per paralleled analyze queue.                  |
+
+
+## Collectors
+
+### Socket Connect/Accept/Close
+
+Monitor all socket `connect`, `accept`, and `close` events from monitored processes by attaching eBPF program to the respective [trace points](https://docs.kernel.org/trace/tracepoints.html).
+
+### Socket traffic
+
+Capture all socket traffic from monitored processes by attaching eBPF program to [network syscalls](https://linasm.sourceforge.net/docs/syscalls/network.php). 
+
+#### Protocol
+
+Data collection is followed by protocol analysis. Currently, the supported protocols include:
+
+1. HTTP/1.x
+2. HTTP/2
+
+Note: As HTTP2 is a stateful protocol, it only supports monitoring processes that start after monitor. Processes already running at the time of monitoring may fail to provide complete data, leading to unsuccessful analysis.
+
+#### TLS
+
+When a process uses the TLS protocol for data transfer, Rover monitors libraries such as OpenSSL, BoringSSL, GoTLS, and NodeTLS to access the raw content. 
+This feature is also applicable for protocol analysis. 
+
+Note: the parsing of TLS protocols in Java is currently not supported.
+
+#### L2-L4
+
+During data transmission, Rover records each packet's through the network layers L2 to L4 using [kprobes](https://docs.kernel.org/trace/kprobes.html). 
+This approach enhances the understanding of each packet's transmission process, facilitating easier localization and troubleshooting of network issues.

docs/en/setup/configuration/core.md

@@ -5,13 +5,13 @@ It provides APIs for other modules to establish connections with the backend.
 
 ## Configuration
 
-| Name | Default | Environment Key | Description |
-|------|---------|-----------------|-------------|
-| core.backend.addr | localhost:11800 | ROVER_BACKEND_ADDR | The backend server address. |
-| core.backend.enable_TLS | false | ROVER_BACKEND_ENABLE_TLS | The TLS switch. |
-| core.backend.client_pem_path | client.pem | ROVER_BACKEND_PEM_PATH | The file path of client.pem. The config only works when opening the TLS switch.|
-| core.backend.client_key_path | client.key | ROVER_BACKEND_KEY_PATH | The file path of client.key. The config only works when opening the TLS switch.|
-| core.backend.insecure_skip_verify | false | ROVER_BACKEND_INSECURE_SKIP_VERIFY | InsecureSkipVerify controls whether a client verifies the server's certificate chain and host name. |
-| core.backend.ca_pem_path | ca.pem | ROVER_BACKEND_CA_PEM_PATH | The file path oca.pem. The config only works when opening the TLS switch. |
-| core.backend.check_period | 5 | ROVER_BACKEND_CHECK_PERIOD | How frequently to check the connection(second). |
-| core.backend.authentication | | ROVER_BACKEND_AUTHENTICATION | The auth value when send request. |
+| Name                              | Default         | Environment Key                    | Description                                                                                         |
+|-----------------------------------|-----------------|------------------------------------|-----------------------------------------------------------------------------------------------------|
+| core.backend.addr                 | localhost:11800 | ROVER_BACKEND_ADDR                 | The backend server address.                                                                         |
+| core.backend.enable_TLS           | false           | ROVER_BACKEND_ENABLE_TLS           | The TLS switch.                                                                                     |
+| core.backend.client_pem_path      | client.pem      | ROVER_BACKEND_PEM_PATH             | The file path of client.pem. The config only works when opening the TLS switch.                     |
+| core.backend.client_key_path      | client.key      | ROVER_BACKEND_KEY_PATH             | The file path of client.key. The config only works when opening the TLS switch.                     |
+| core.backend.insecure_skip_verify | false           | ROVER_BACKEND_INSECURE_SKIP_VERIFY | InsecureSkipVerify controls whether a client verifies the server's certificate chain and host name. |
+| core.backend.ca_pem_path          | ca.pem          | ROVER_BACKEND_CA_PEM_PATH          | The file path oca.pem. The config only works when opening the TLS switch.                           |
+| core.backend.check_period         | 5               | ROVER_BACKEND_CHECK_PERIOD         | How frequently to check the connection(second).                                                     |
+| core.backend.authentication       |                 | ROVER_BACKEND_AUTHENTICATION       | The auth value when send request.                                                                   |

docs/en/setup/configuration/logger.md

@@ -4,6 +4,6 @@ Logger module is used to configure the system log.
 
 ## Configuration
 
-| Name | Default | Environment Key | Description |
-|------|---------|-----------------|-------------|
-| logger.level | INFO | ROVER_LOGGER_LEVEL | The lowest level of printing allowed. |
+| Name          | Default | Environment Key     | Description                            |
+|---------------|---------|---------------------|----------------------------------------|
+| logger.level  | INFO    | ROVER_LOGGER_LEVEL  | The lowest level of printing allowed.  |