Skip to content

Commit

Permalink
[8.16] Revert "[filebeat][winlog] implement status reporter for winlo…
Browse files Browse the repository at this point in the history
…g input… (#41468)

* Revert "[filebeat][winlog] implement status reporter for winlog input (#40163)"

This reverts commit 5e4e7e5.

* Remove changelog entry.
  • Loading branch information
cmacknz authored Oct 28, 2024
1 parent 7aae4c8 commit 05125a9
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 23 deletions.
5 changes: 2 additions & 3 deletions CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff]
- Fix high IO and handling of a corrupted registry log file. {pull}35893[35893]
- Enable file ingestion to report detailed status to Elastic Agent {pull}40075[40075]
- Filebeat, when running with Elastic-Agent, reports status for Filestream input. {pull}40121[40121]
- Implement Elastic Agent status and health reporting for Winlog Filebeat input. {pull}40163[40163]
- Fix filestream's registry GC: registry entries will never be removed if clean_inactive is set to "-1". {pull}40258[40258]
- Fix filestream's registry GC: registry entries will never be removed if clean_inactive is set to s"-1". {pull}40258[40258]
- Added `ignore_empty_values` flag in `decode_cef` Filebeat processor. {pull}40268[40268]
- Added support for hyphens in extension keys in `decode_cef` Filebeat processor. {pull}40427[40427]
- Journald: removed configuration options `include_matches.or`, `include_matches.and`, `backoff`, `max_backoff`, `cursor_seek_fallback`. {pull}40061[40061]
Expand Down Expand Up @@ -356,7 +355,7 @@ https://github.com/elastic/beats/compare/v8.8.1\...main[Check the HEAD diff]
- Add metrics for the vSphere Virtualmachine metricset. {pull}40485[40485]
- Log the total time taken for GCP `ListTimeSeries` and `AggregatedList` requests {pull}40661[40661]
- Add metrics related to triggered alarms in all the vSphere metricsets. {pull}40714[40714] {pull}40876[40876]
- Add new metricset datastorecluster for vSphere module. {pull}40634[40634]
- Add new metricset datastorecluster for vSphere module. {pull}40634[40634]
- Add support for new metrics in datastorecluster metricset. {pull}40694[40694]
- Add metrics related to alert in all the vSphere metricsets. {pull}40714[40714]
- Add new metrics fot datastore and minor changes to overall vSphere metrics {pull}40766[40766]
Expand Down
25 changes: 5 additions & 20 deletions filebeat/input/winlog/input.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@ import (
input "github.com/elastic/beats/v7/filebeat/input/v2"
cursor "github.com/elastic/beats/v7/filebeat/input/v2/input-cursor"
"github.com/elastic/beats/v7/libbeat/feature"
"github.com/elastic/beats/v7/libbeat/management/status"
"github.com/elastic/elastic-agent-libs/logp"
"github.com/elastic/go-concert/ctxtool"
"github.com/elastic/go-concert/timed"
Expand All @@ -40,10 +39,6 @@ type eventlogRunner struct{}

const pluginName = "winlog"

const channelNotFoundError = "Encountered channel not found error when opening Windows Event Log"
const eventLogReadingError = "Error occurred while reading from Windows Event Log"
const resetError = "Error resetting Windows Event Log handle"

// Plugin create a stateful input Plugin collecting logs from Windows Event Logs.
func Plugin(log *logp.Logger, store cursor.StateStore) input.Plugin {
return input.Plugin{
Expand Down Expand Up @@ -104,7 +99,6 @@ func (eventlogRunner) Run(

// Flag used to detect repeat "channel not found" errors, eliminating log spam.
channelNotFoundErrDetected := false
ctx.UpdateStatus(status.Running, "")

runLoop:
for {
Expand All @@ -115,9 +109,6 @@ runLoop:

evtCheckpoint := initCheckpoint(log, cursor)
openErr := api.Open(evtCheckpoint)
// Mark the input running.
// Status will be changed to "Degraded" if any error are encountered during opening/reading
ctx.UpdateStatus(status.Running, "")

switch {
case eventlog.IsRecoverable(openErr):
Expand All @@ -126,16 +117,14 @@ runLoop:
continue
case !api.IsFile() && eventlog.IsChannelNotFound(openErr):
if !channelNotFoundErrDetected {
log.Errorw(channelNotFoundError, "error", openErr)
log.Errorw("Encountered channel not found error when opening Windows Event Log", "error", openErr)
} else {
log.Debugw(channelNotFoundError, "error", openErr)
log.Debugw("Encountered channel not found error when opening Windows Event Log", "error", openErr)
}
ctx.UpdateStatus(status.Degraded, fmt.Sprintf("%s: %v", channelNotFoundError, openErr))
channelNotFoundErrDetected = true
_ = timed.Wait(cancelCtx, 5*time.Second)
continue
case openErr != nil:
ctx.UpdateStatus(status.Degraded, fmt.Sprintf("failed to open Windows Event Log channel %q: %v", api.Channel(), openErr))
return fmt.Errorf("failed to open Windows Event Log channel %q: %w", api.Channel(), openErr)
}
channelNotFoundErrDetected = false
Expand All @@ -148,16 +137,14 @@ runLoop:
if eventlog.IsRecoverable(err) {
log.Errorw("Encountered recoverable error when reading from Windows Event Log", "error", err)
if resetErr := api.Reset(); resetErr != nil {
log.Errorw(resetError, "error", resetErr)
ctx.UpdateStatus(status.Degraded, fmt.Sprintf("%s: %v", resetError, resetErr))
log.Errorw("Error resetting Windows Event Log handle", "error", resetErr)
}
continue runLoop
}
if !api.IsFile() && eventlog.IsChannelNotFound(err) {
log.Errorw("Encountered channel not found error when reading from Windows Event Log", "error", err)
if resetErr := api.Reset(); resetErr != nil {
log.Errorw(resetError, "error", resetErr)
ctx.UpdateStatus(status.Degraded, fmt.Sprintf("%s: %v", resetError, resetErr))
log.Errorw("Error resetting Windows Event Log handle", "error", resetErr)
}
continue runLoop
}
Expand All @@ -173,8 +160,7 @@ runLoop:
return nil
}

log.Errorw(eventLogReadingError, "error", err)
ctx.UpdateStatus(status.Degraded, fmt.Sprintf("%s: %v", eventLogReadingError, err))
log.Errorw("Error occurred while reading from Windows Event Log", "error", err)
return err
}
if len(records) == 0 {
Expand All @@ -187,7 +173,6 @@ runLoop:
if err := publisher.Publish(event, record.Offset); err != nil {
// Publisher indicates disconnect when returning an error.
// stop trying to publish records and quit
ctx.UpdateStatus(status.Degraded, fmt.Sprintf("Error occurred while publishing from winlog: %v", err))
return err
}
}
Expand Down

0 comments on commit 05125a9

Please sign in to comment.