Skip to content

[8.6](backport #34605) [winlog/winlogbeat] Gracefully handle event channel not found errors#34655

Merged
taylor-swanson merged 4 commits into8.6from
mergify/bp/8.6/pr-34605
Feb 23, 2023
Merged

[8.6](backport #34605) [winlog/winlogbeat] Gracefully handle event channel not found errors#34655
taylor-swanson merged 4 commits into8.6from
mergify/bp/8.6/pr-34605

Conversation

@mergify
Copy link
Copy Markdown
Contributor

@mergify mergify bot commented Feb 23, 2023
edited by zube bot
Loading

This is an automatic backport of pull request #34605 done by Mergify.
Cherry-pick of 34a87e5 has failed:

On branch mergify/bp/8.6/pr-34605
Your branch is up to date with 'origin/8.6'.

You are currently cherry-picking commit 34a87e51a5.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	modified:   CHANGELOG.next.asciidoc
	modified:   filebeat/input/winlog/input.go
	modified:   winlogbeat/beater/eventlogger.go
	modified:   winlogbeat/eventlog/errors_unix.go
	modified:   winlogbeat/eventlog/errors_windows.go
	modified:   winlogbeat/sys/wineventlog/syscall_windows.go

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   winlogbeat/eventlog/eventlog.go
	both modified:   winlogbeat/eventlog/wineventlog.go
	both modified:   winlogbeat/eventlog/wineventlog_experimental.go

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/github/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

Mergify commands and options

More conditions and actions can be found in the documentation.

You can also trigger Mergify actions by commenting on this pull request:

  • @Mergifyio refresh will re-evaluate the rules
  • @Mergifyio rebase will rebase this PR on its base branch
  • @Mergifyio update will merge the base branch into this PR
  • @Mergifyio backport <destination> will backport this PR on <destination> branch

Additionally, on Mergify dashboard you can:

  • look at your merge queues
  • generate the Mergify configuration with the config editor.

Finally, you can contact us on https://mergify.com

@taylor-swanson @mergify
[winlog/winlogbeat] Gracefully handle event channel not found errors (#…
3a7d742 
…34605)

- Added logic to gracefully handle event channel not found errors. This will
only apply to event subscriptions and not reading event files (evtx). If
a channel not found error is encountered, either during intial open or
during reading, the application will attempt to open a subscription to the
event after a short delay.
- Added Channel and IsFile methods to the EventLog interface.
- Added IsChannelNotFound function
- Improved logging through further use of structured logging fields.

(cherry picked from commit 34a87e5)

# Conflicts:
#	winlogbeat/eventlog/eventlog.go
#	winlogbeat/eventlog/wineventlog.go
#	winlogbeat/eventlog/wineventlog_experimental.go
@mergify mergify bot requested a review from a team as a code owner February 23, 2023 15:30
@mergify mergify bot added backport conflicts There is a conflict in the backported pull request labels Feb 23, 2023
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Feb 23, 2023
@botelastic
Copy link
Copy Markdown

botelastic bot commented Feb 23, 2023

This pull request doesn't have a Team:<team> label.

@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Feb 23, 2023
edited by jenkins-beats-ci bot
Loading

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2023-02-23T16:43:26.060+0000

  • Duration: 81 min 30 sec

Test stats 🧪

Test Results
Failed 0
Passed 25027
Skipped 1959
Total 26986

💚 Flaky test report

Tests succeeded.

🤖 GitHub comments

Expand to view the GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

  • /package : Generate the packages and run the E2E tests.

  • /beats-tester : Run the installation tests with beats-tester.

  • run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

@taylor-swanson taylor-swanson merged commit 6fefe79 into 8.6 Feb 23, 2023
@taylor-swanson taylor-swanson deleted the mergify/bp/8.6/pr-34605 branch February 23, 2023 18:18
GLMONTER
GLMONTER reviewed May 11, 2023
View reviewed changes
winlogbeat/beater/eventlogger.go
case !api.IsFile() && eventlog.IsChannelNotFound(err):
e.log.Warnw("Open() encountered channel not found error. Trying again...", "error", err, "channel", api.Channel())
time.Sleep(time.Second * 5)
continue
Copy link
Copy Markdown

@GLMONTER GLMONTER May 11, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When running winlogbeat as a service under windows, the continue causes the service to never stop if requested to if a channel is not found. Is this expected behavior?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@GLMONTER GLMONTER GLMONTER left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@taylor-swanson taylor-swanson

Labels

backport conflicts There is a conflict in the backported pull request needs_team Indicates that the issue/PR needs a Team:* label

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@elasticmachine @GLMONTER @taylor-swanson