Skip to content

Commit

Permalink
winlogbeat/eventlog: allow attempts at recovery from ERROR_EVT_QUERY_…
Browse files Browse the repository at this point in the history
…RESULT_STALE (#32176)
  • Loading branch information
efd6 authored and chrisberkhout committed Jun 1, 2023
1 parent 674cd44 commit ae78ef5
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 1 deletion.
2 changes: 2 additions & 0 deletions CHANGELOG.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ https://github.com/elastic/beats/compare/v8.2.3\...v8.3.0[View commits]
- Fix MISP documentation for `var.filters` config option. {pull}31434[31434]
- Fix type mapping of client.as.number in okta module. {pull}31676[31676]
- If a file is ignored by `filestream` because of ignore_older settings, when it is updated, only the new lines are shipped to the output. {issue}31924[31924] {pull}31972[31972]
- Fix handling of stale log message handling in the winlog input {issue}32168[32168] {pull}32176[32176]

*Heartbeat*

Expand All @@ -56,6 +57,7 @@ https://github.com/elastic/beats/compare/v8.2.3\...v8.3.0[View commits]
*Winlogbeat*

- Sysmon: Drop fields with "-" value (unset) {pull}31556[31556]
- Fix handling of stale log message handling {issue}32168[32168] {pull}32176[32176]

==== Added

Expand Down
3 changes: 2 additions & 1 deletion winlogbeat/eventlog/errors_windows.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ import (
// IsRecoverable returns a boolean indicating whether the error represents
// a condition where the Windows Event Log session can be recovered through a
// reopening of the handle (Close, Open).
//nolint:errorlint // These are never wrapped.
func IsRecoverable(err error) bool {
return err == win.ERROR_INVALID_HANDLE || err == win.RPC_S_SERVER_UNAVAILABLE || err == win.RPC_S_CALL_CANCELLED
return err == win.ERROR_INVALID_HANDLE || err == win.RPC_S_SERVER_UNAVAILABLE || err == win.RPC_S_CALL_CANCELLED || err == win.ERROR_EVT_QUERY_RESULT_STALE
}

0 comments on commit ae78ef5

Please sign in to comment.