New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[winlogbeat] Windows event log XMLs are truncated if exceed 8KB #41245

Closed

intxgo opened this issue Oct 15, 2024 · 1 comment

Labels

bug needs_team Winlogbeat

Contributor

intxgo commented Oct 15, 2024

Winlogbeat is truncating Windows event log XMLs above 8KB. The event document contains RenderErr:[XML syntax error on line xxx: unexpected EOF] in message node.

The above error is caused by truncated XML. Winlogbeat is using EvtRender API with pre-allocated buffer for efficiency. Unfortunately this API can succeed returning truncated data in provided buffer.

For confirmed bugs, please report:

Version: 8.15

The text was updated successfully, but these errors were encountered:

intxgo added bug Winlogbeat labels

botelastic bot added the needs_team label

botelastic bot commented Oct 15, 2024

This issue doesn't have a Team:<team> label.

intxgo mentioned this issue

fix truncated event log message #41327

Merged

6 tasks

This was referenced Oct 22, 2024

[8.15](backport #41327) fix truncated event log message #41366

Merged

[8.16](backport #41327) fix truncated event log message #41367

Merged

[8.x](backport #41327) fix truncated event log message #41368

Merged

intxgo closed this as completed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment