Update project description and add access log documentation

.asf.yaml

@@ -16,7 +16,7 @@
 #
 
 github:
-  description: Metrics collector and profiler powered by eBPF to diagnose CPU and network performance.
+  description: Monitor and profiler powered by eBPF to monitor network traffic, and diagnose CPU and network performance.
   homepage: https://skywalking.apache.org/
   labels:
     - skywalking

README.md

@@ -3,11 +3,12 @@ Apache SkyWalking Rover
 
 <img src="http://skywalking.apache.org/assets/logo.svg" alt="Sky Walking logo" height="90px" align="right" />
 
-**SkyWalking Rover**: Metrics collector and profiler powered by eBPF to diagnose CPU and network performance.
+**SkyWalking Rover**: Monitor and profiler powered by eBPF to monitor network traffic, and diagnose CPU and network performance.
 
 - CPU On/Off profiling for C, C++, Golang, and Rust.
 - Network profiling for TCP, TCP(TLS), HTTP(s) traffic with topology and metrics.
 - Tracing enhancement. Collect extra information from OS level as attached events for the existing tracing system, such as attach raw data of HTTP request and reponse.
+- Kubernetes network monitoring for generating network access logs. 
 
 [![GitHub stars](https://img.shields.io/github/stars/apache/skywalking.svg?style=for-the-badge&label=Stars&logo=github)](https://github.com/apache/skywalking)
 [![Twitter Follow](https://img.shields.io/twitter/follow/asfskywalking.svg?style=for-the-badge&label=Follow&logo=twitter)](https://twitter.com/AsfSkyWalking)

docs/en/setup/configuration/accesslog.md

@@ -0,0 +1,47 @@
+# Access Log Module
+
+The access log module is used to collecting the network access logs from the [Kerbernetes Module](process_discovery/kubernetes.md),
+and send [access logs](https://github.com/apache/skywalking-data-collect-protocol/blob/master/ebpf/accesslog.proto) to the backend server for analyze.
+
+## Configuration
+
+| Name                                       | Default | Environment Key                                  | Description                                                |
+|--------------------------------------------|---------|--------------------------------------------------|------------------------------------------------------------|
+| access_log.active                          | false   | ROVER_ACCESS_LOG_ACTIVE                          | Is active the access log monitoring.                       |
+| access_log.flush.max_count                 | 2000    | ROVER_ACCESS_LOG_FLUSH_MAX_COUNT                 | The max count of the access log when flush to the backend. |
+| access_log.flush.period                    | 5s      | ROVER_ACCESS_LOG_FLUSH_PERIOD                    | The period of flush access log to the backend.             |
+| access_log_protocol_analyze.per_cpu_buffer | 400KB   | ROVER_ACCESS_LOG_PROTOCOL_ANALYZE_PER_CPU_BUFFER | The size of socket data buffer on each CPU.                |
+| access_log.protocol_analyze.parallels      | 2       | ROVER_ACCESS_LOG_PROTOCOL_ANALYZE_PARALLELS      | The count of parallel protocol analyzer.                   |
+| access_log.protocol_analyze.queue_size     | 5000    | ROVER_ACCESS_LOG_PROTOCOL_ANALYZE_QUEUE_SIZE     | The size of per paralleled analyze queue.                  |
+
+
+## Collectors
+
+### Socket Connect/Accept/Close
+
+Monitor all socket `connect`, `accept`, and `close` events from monitored processes by attaching eBPF program to the respective [trace points](https://docs.kernel.org/trace/tracepoints.html).
+
+### Socket traffic
+
+Capture all socket traffic from monitored processes by attaching eBPF program to [network syscalls](https://linasm.sourceforge.net/docs/syscalls/network.php). 
+
+#### Protocol
+
+Data collection is followed by protocol analysis. Currently, the supported protocols include:
+
+1. HTTP/1.x
+2. HTTP/2
+
+Note: As HTTP2 is a stateful protocol, it only supports monitoring processes that start after monitor. Processes already running at the time of monitoring may fail to provide complete data, leading to unsuccessful analysis.
+
+#### TLS
+
+When a process uses the TLS protocol for data transfer, Rover monitors libraries such as OpenSSL, BoringSSL, GoTLS, and NodeTLS to access the raw content. 
+This feature is also applicable for protocol analysis. 
+
+Note: the parsing of TLS protocols in Java is currently not supported.
+
+#### L2-L4
+
+During data transmission, Rover records each packet's through the network layers L2 to L4 using [kprobes](https://docs.kernel.org/trace/kprobes.html). 
+This approach enhances the understanding of each packet's transmission process, facilitating easier localization and troubleshooting of network issues.