From efb464e63396c7a6f72db79d071a354528f38fab Mon Sep 17 00:00:00 2001 From: Marc Guasch Date: Wed, 2 Feb 2022 12:09:29 +0100 Subject: [PATCH 01/16] Retry EvtSubscribe from start if fails with strict mode --- winlogbeat/eventlog/wineventlog.go | 10 +++++++++- winlogbeat/eventlog/wineventlog_experimental.go | 16 ++++++++++++++-- winlogbeat/sys/wineventlog/zsyscall_windows.go | 12 ++++++++---- 3 files changed, 31 insertions(+), 7 deletions(-) diff --git a/winlogbeat/eventlog/wineventlog.go b/winlogbeat/eventlog/wineventlog.go index 7ec830f220a5..4d9391904878 100644 --- a/winlogbeat/eventlog/wineventlog.go +++ b/winlogbeat/eventlog/wineventlog.go @@ -202,7 +202,9 @@ func (l *winEventLog) openChannel(bookmark win.EvtHandle) error { var flags win.EvtSubscribeFlag if bookmark > 0 { - flags = win.EvtSubscribeStartAfterBookmark + // Use EvtSubscribeStrict to detect when the bookmark is missing and be able to + // subscribe again from the beginning. + flags = win.EvtSubscribeStartAfterBookmark | win.EvtSubscribeStrict } else { flags = win.EvtSubscribeStartAtOldestRecord } @@ -215,6 +217,12 @@ func (l *winEventLog) openChannel(bookmark win.EvtHandle) error { l.query, // Query - nil means all events bookmark, // Bookmark - for resuming from a specific event flags) + + if err == win.ERROR_NOT_FOUND { + // The bookmarked event was not found, we retry the subscription from the start. + subscriptionHandle, err = win.Subscribe(0, signalEvent, "", l.query, 0, win.EvtSubscribeStartAtOldestRecord) + } + if err != nil { return err } diff --git a/winlogbeat/eventlog/wineventlog_experimental.go b/winlogbeat/eventlog/wineventlog_experimental.go index 87eb4b328026..26f4b3b1d6a3 100644 --- a/winlogbeat/eventlog/wineventlog_experimental.go +++ b/winlogbeat/eventlog/wineventlog_experimental.go @@ -103,19 +103,31 @@ func (l *winEventLogExp) openChannel(bookmark win.Bookmark) (win.EvtHandle, erro var flags win.EvtSubscribeFlag if bookmark > 0 { - flags = win.EvtSubscribeStartAfterBookmark + // Use EvtSubscribeStrict to detect when the bookmark is missing and be able to + // subscribe again from the beginning. + flags = win.EvtSubscribeStartAfterBookmark | win.EvtSubscribeStrict } else { flags = win.EvtSubscribeStartAtOldestRecord } l.log.Debugw("Using subscription query.", "winlog.query", l.query) - return win.Subscribe( + h, err := win.Subscribe( 0, // Session - nil for localhost signalEvent, "", // Channel - empty b/c channel is in the query l.query, // Query - nil means all events win.EvtHandle(bookmark), // Bookmark - for resuming from a specific event flags) + + switch err { + case nil: + return h, nil + case win.ERROR_NOT_FOUND: + // The bookmarked event was not found, we retry the subscription from the start. + return win.Subscribe(0, signalEvent, "", l.query, 0, win.EvtSubscribeStartAtOldestRecord) + default: + return 0, err + } } func (l *winEventLogExp) openFile(state checkpoint.EventLogState, bookmark win.Bookmark) (win.EvtHandle, error) { diff --git a/winlogbeat/sys/wineventlog/zsyscall_windows.go b/winlogbeat/sys/wineventlog/zsyscall_windows.go index 0388835e30f8..0ec07fec25c8 100644 --- a/winlogbeat/sys/wineventlog/zsyscall_windows.go +++ b/winlogbeat/sys/wineventlog/zsyscall_windows.go @@ -32,11 +32,13 @@ var _ unsafe.Pointer // Errno values. const ( errnoERROR_IO_PENDING = 997 + errnoERROR_NOT_FOUND = 1168 ) var ( - errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING) - errERROR_EINVAL error = syscall.EINVAL + ERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING) + ERROR_NOT_FOUND error = syscall.Errno(errnoERROR_NOT_FOUND) + ERROR_EINVAL error = syscall.EINVAL ) // errnoErr returns common boxed Errno values, to prevent @@ -44,9 +46,11 @@ var ( func errnoErr(e syscall.Errno) error { switch e { case 0: - return errERROR_EINVAL + return ERROR_EINVAL case errnoERROR_IO_PENDING: - return errERROR_IO_PENDING + return ERROR_IO_PENDING + case errnoERROR_NOT_FOUND: + return ERROR_NOT_FOUND } // TODO: add more here, after collecting data on the common // error values see on Windows. (perhaps when running From 7e49a5cbd5f71af58c219be2770c08e323fefddb Mon Sep 17 00:00:00 2001 From: Marc Guasch Date: Tue, 8 Feb 2022 13:20:37 +0100 Subject: [PATCH 02/16] Add metrics and tests --- winlogbeat/eventlog/wineventlog.go | 5 +- .../eventlog/wineventlog_experimental.go | 4 +- .../sys/wineventlog/zsyscall_windows.go | 18 ++-- winlogbeat/tests/system/test_wineventlog.py | 85 +++++++++++++++++++ 4 files changed, 105 insertions(+), 7 deletions(-) diff --git a/winlogbeat/eventlog/wineventlog.go b/winlogbeat/eventlog/wineventlog.go index 4d9391904878..a4410ce5b5b5 100644 --- a/winlogbeat/eventlog/wineventlog.go +++ b/winlogbeat/eventlog/wineventlog.go @@ -218,8 +218,11 @@ func (l *winEventLog) openChannel(bookmark win.EvtHandle) error { bookmark, // Bookmark - for resuming from a specific event flags) - if err == win.ERROR_NOT_FOUND { + switch err { + case win.ERROR_NOT_FOUND, win.ERROR_EVT_QUERY_RESULT_STALE, + win.ERROR_EVT_QUERY_RESULT_INVALID_POSITION: // The bookmarked event was not found, we retry the subscription from the start. + incrementMetric(readErrors, err) subscriptionHandle, err = win.Subscribe(0, signalEvent, "", l.query, 0, win.EvtSubscribeStartAtOldestRecord) } diff --git a/winlogbeat/eventlog/wineventlog_experimental.go b/winlogbeat/eventlog/wineventlog_experimental.go index 26f4b3b1d6a3..4d40163cd898 100644 --- a/winlogbeat/eventlog/wineventlog_experimental.go +++ b/winlogbeat/eventlog/wineventlog_experimental.go @@ -122,8 +122,10 @@ func (l *winEventLogExp) openChannel(bookmark win.Bookmark) (win.EvtHandle, erro switch err { case nil: return h, nil - case win.ERROR_NOT_FOUND: + case win.ERROR_NOT_FOUND, win.ERROR_EVT_QUERY_RESULT_STALE, + win.ERROR_EVT_QUERY_RESULT_INVALID_POSITION: // The bookmarked event was not found, we retry the subscription from the start. + incrementMetric(readErrors, err) return win.Subscribe(0, signalEvent, "", l.query, 0, win.EvtSubscribeStartAtOldestRecord) default: return 0, err diff --git a/winlogbeat/sys/wineventlog/zsyscall_windows.go b/winlogbeat/sys/wineventlog/zsyscall_windows.go index 0ec07fec25c8..62e455f09a00 100644 --- a/winlogbeat/sys/wineventlog/zsyscall_windows.go +++ b/winlogbeat/sys/wineventlog/zsyscall_windows.go @@ -31,14 +31,18 @@ var _ unsafe.Pointer // Do the interface allocations only once for common // Errno values. const ( - errnoERROR_IO_PENDING = 997 - errnoERROR_NOT_FOUND = 1168 + errnoERROR_IO_PENDING = 997 + errnoERROR_NOT_FOUND = 1168 + errnoERROR_EVT_QUERY_RESULT_STALE = 15011 + errnoERROR_EVT_QUERY_RESULT_INVALID_POSITION = 15012 ) var ( - ERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING) - ERROR_NOT_FOUND error = syscall.Errno(errnoERROR_NOT_FOUND) - ERROR_EINVAL error = syscall.EINVAL + ERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING) + ERROR_NOT_FOUND error = syscall.Errno(errnoERROR_NOT_FOUND) + ERROR_EVT_QUERY_RESULT_STALE error = syscall.Errno(errnoERROR_EVT_QUERY_RESULT_STALE) + ERROR_EVT_QUERY_RESULT_INVALID_POSITION error = syscall.Errno(errnoERROR_EVT_QUERY_RESULT_INVALID_POSITION) + ERROR_EINVAL error = syscall.EINVAL ) // errnoErr returns common boxed Errno values, to prevent @@ -51,6 +55,10 @@ func errnoErr(e syscall.Errno) error { return ERROR_IO_PENDING case errnoERROR_NOT_FOUND: return ERROR_NOT_FOUND + case errnoERROR_EVT_QUERY_RESULT_STALE: + return ERROR_EVT_QUERY_RESULT_STALE + case ERROR_EVT_QUERY_RESULT_INVALID_POSITION: + return ERROR_EVT_QUERY_RESULT_INVALID_POSITION } // TODO: add more here, after collecting data on the common // error values see on Windows. (perhaps when running diff --git a/winlogbeat/tests/system/test_wineventlog.py b/winlogbeat/tests/system/test_wineventlog.py index 9bbf5a7ded43..55523483b349 100644 --- a/winlogbeat/tests/system/test_wineventlog.py +++ b/winlogbeat/tests/system/test_wineventlog.py @@ -63,6 +63,91 @@ def test_resume_reading_events(self): "winlog.opcode": "Info", }) + def test_read_from_cleared_channel_starts_from_beginning(self): + """ + wineventlog - When a bookmark points to a cleared (stale) channel + the subscription starts from the beginning + """ + msg1 = "First event" + self.write_event_log(msg1) + msg2 = "Second event" + self.write_event_log(msg2) + + evts = self.read_events(expected_events=2) + + self.assertTrue(len(evts), 2) + self.assert_common_fields(evts[0], msg=msg1) + self.assert_common_fields(evts[1], msg=msg2) + + # remove the output file, otherwise there is a race condition + # in read_events() below where it reads the results of the previous + # execution + os.unlink(os.path.join(self.working_dir, "output", self.beat_name + "-" + self.today + ".ndjson")) + + self.clear_event_log() + + # we check that after clearing the event log the bookmark still points to the previous checkpoint + event_logs = self.read_registry(requireBookmark=True) + self.assertTrue(len(list(event_logs.keys())), 1) + self.assertIn(self.providerName, event_logs) + record_number = event_logs[self.providerName]["record_number"] + self.assertTrue(record_number, 2) + + msg3 = "Third event" + self.write_event_log(msg3) + + evts = self.read_events() + self.assertTrue(len(evts), 1) + self.assert_common_fields(evts[0], msg=msg3) + + def test_restart_if_bookmarked_event_does_not_exist(self): + """ + wineventlog - When a bookmarked event does not exist the subcription + restarts from the beginning + """ + msg1 = "First event" + self.write_event_log(msg1) + msg2 = "Second event" + self.write_event_log(msg2) + + evts = self.read_events(expected_events=2) + + self.assertTrue(len(evts), 2) + self.assert_common_fields(evts[0], msg=msg1) + self.assert_common_fields(evts[1], msg=msg2) + + # remove the output file, otherwise there is a race condition + # in read_events() below where it reads the results of the previous + # execution + os.unlink(os.path.join(self.working_dir, "output", self.beat_name + "-" + self.today + ".ndjson")) + + msg3 = "Third event" + self.write_event_log(msg3) + + event_logs = self.read_registry(requireBookmark=True) + self.assertTrue(len(list(event_logs.keys())), 1) + self.assertIn(self.providerName, event_logs) + record_number = event_logs[self.providerName]["record_number"] + self.assertTrue(record_number, 3) + + # write invalid bookmark, it should start from the beginning again + f = open(os.path.join(self.working_dir, "data", ".winlogbeat.yml"), "w") + f.write(( + "update_time: 2100-01-01T00:00:00Z\n" + + "event_logs:\n" + + " - name: {}\n" + + " record_number: 1000\n" + + " timestamp: 2100-01-01T00:00:00Z\n" + + " bookmark: \"\\r\\n \\r\\n\"\n". + format(self.providerName, self.providerName) + )) + + evts = self.read_events(expected_events=3) + self.assertTrue(len(evts), 3) + self.assert_common_fields(evts[0], msg=msg1) + self.assert_common_fields(evts[1], msg=msg2) + self.assert_common_fields(evts[2], msg=msg3) + def test_read_unknown_event_id(self): """ wineventlog - Read unknown event ID From e7dd4df45af2c1b3be8392fe12a4de032437103a Mon Sep 17 00:00:00 2001 From: Marc Guasch Date: Mon, 14 Feb 2022 11:28:30 +0100 Subject: [PATCH 03/16] Shorten test name --- winlogbeat/tests/system/test_wineventlog.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/winlogbeat/tests/system/test_wineventlog.py b/winlogbeat/tests/system/test_wineventlog.py index 55523483b349..1b622443712b 100644 --- a/winlogbeat/tests/system/test_wineventlog.py +++ b/winlogbeat/tests/system/test_wineventlog.py @@ -63,7 +63,7 @@ def test_resume_reading_events(self): "winlog.opcode": "Info", }) - def test_read_from_cleared_channel_starts_from_beginning(self): + def test_cleared_channel_starts_from_beginning(self): """ wineventlog - When a bookmark points to a cleared (stale) channel the subscription starts from the beginning @@ -100,7 +100,7 @@ def test_read_from_cleared_channel_starts_from_beginning(self): self.assertTrue(len(evts), 1) self.assert_common_fields(evts[0], msg=msg3) - def test_restart_if_bookmarked_event_does_not_exist(self): + def test_restart_if_bookmark_does_not_exist(self): """ wineventlog - When a bookmarked event does not exist the subcription restarts from the beginning From 480cf7e628b43465648c91afd63d3ecbe6e548f0 Mon Sep 17 00:00:00 2001 From: Marc Guasch Date: Wed, 16 Feb 2022 12:02:17 +0100 Subject: [PATCH 04/16] Fix debug message --- winlogbeat/beater/winlogbeat.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/winlogbeat/beater/winlogbeat.go b/winlogbeat/beater/winlogbeat.go index ec7ebf90ef6f..c2960635547b 100644 --- a/winlogbeat/beater/winlogbeat.go +++ b/winlogbeat/beater/winlogbeat.go @@ -98,7 +98,7 @@ func (eb *Winlogbeat) init(b *beat.Beat) error { if err != nil { return fmt.Errorf("failed to create new event log: %w", err) } - eb.log.Debugf("Initialized EventLog]", eventLog.Name()) + eb.log.Debugf("Initialized EventLog %s", eventLog.Name()) logger, err := newEventLogger(b.Info, eventLog, config, eb.log) if err != nil { From 25b84fde62017bd801aa32dc0e41630be0ee3909 Mon Sep 17 00:00:00 2001 From: Marc Guasch Date: Wed, 16 Feb 2022 14:44:34 +0100 Subject: [PATCH 05/16] Update winlogbeat/beater/winlogbeat.go Co-authored-by: Andrew Kroh --- winlogbeat/beater/winlogbeat.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/winlogbeat/beater/winlogbeat.go b/winlogbeat/beater/winlogbeat.go index c2960635547b..91aa2ffcc4f7 100644 --- a/winlogbeat/beater/winlogbeat.go +++ b/winlogbeat/beater/winlogbeat.go @@ -98,7 +98,7 @@ func (eb *Winlogbeat) init(b *beat.Beat) error { if err != nil { return fmt.Errorf("failed to create new event log: %w", err) } - eb.log.Debugf("Initialized EventLog %s", eventLog.Name()) + eb.log.Debugw("Initialized EventLog", "id", eventLog.Name()) logger, err := newEventLogger(b.Info, eventLog, config, eb.log) if err != nil { From 4093552fb9ad3c245f0c2426e6902b449ed37b8e Mon Sep 17 00:00:00 2001 From: Marc Guasch Date: Wed, 16 Feb 2022 15:08:56 +0100 Subject: [PATCH 06/16] Shorten test names --- winlogbeat/tests/system/test_wineventlog.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/winlogbeat/tests/system/test_wineventlog.py b/winlogbeat/tests/system/test_wineventlog.py index 1b622443712b..b654d7146ede 100644 --- a/winlogbeat/tests/system/test_wineventlog.py +++ b/winlogbeat/tests/system/test_wineventlog.py @@ -63,7 +63,7 @@ def test_resume_reading_events(self): "winlog.opcode": "Info", }) - def test_cleared_channel_starts_from_beginning(self): + def test_cleared_channel_restarts(self): """ wineventlog - When a bookmark points to a cleared (stale) channel the subscription starts from the beginning @@ -100,7 +100,7 @@ def test_cleared_channel_starts_from_beginning(self): self.assertTrue(len(evts), 1) self.assert_common_fields(evts[0], msg=msg3) - def test_restart_if_bookmark_does_not_exist(self): + def test_bad_bookmark_restart(self): """ wineventlog - When a bookmarked event does not exist the subcription restarts from the beginning From 3a9a96c7b6fd77f85e253b5c72b368dd3decfb30 Mon Sep 17 00:00:00 2001 From: Marc Guasch Date: Mon, 28 Feb 2022 10:35:56 +0100 Subject: [PATCH 07/16] Add changelog --- CHANGELOG.next.asciidoc | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 2b031c3eb4d4..bf576cf34e84 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -144,6 +144,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...main[Check the HEAD dif *Winlogbeat* - Improve the error message when the registry file content is invalid. {pull}30543[30543] +- Retry EvtSubscribe from start if fails with strict mode. {issue}29793[29793] {pull}30155[30155] *Elastic Log Driver* From 8a498967243b964fcc71d5ec30a89d37613482b2 Mon Sep 17 00:00:00 2001 From: Marc Guasch Date: Wed, 2 Mar 2022 12:29:43 +0100 Subject: [PATCH 08/16] Shorten bad bookmark test --- winlogbeat/tests/system/test_wineventlog.py | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/winlogbeat/tests/system/test_wineventlog.py b/winlogbeat/tests/system/test_wineventlog.py index b654d7146ede..6e43d2e08b83 100644 --- a/winlogbeat/tests/system/test_wineventlog.py +++ b/winlogbeat/tests/system/test_wineventlog.py @@ -107,28 +107,25 @@ def test_bad_bookmark_restart(self): """ msg1 = "First event" self.write_event_log(msg1) - msg2 = "Second event" - self.write_event_log(msg2) - evts = self.read_events(expected_events=2) + evts = self.read_events(expected_events=1) - self.assertTrue(len(evts), 2) + self.assertTrue(len(evts), 1) self.assert_common_fields(evts[0], msg=msg1) - self.assert_common_fields(evts[1], msg=msg2) # remove the output file, otherwise there is a race condition # in read_events() below where it reads the results of the previous # execution os.unlink(os.path.join(self.working_dir, "output", self.beat_name + "-" + self.today + ".ndjson")) - msg3 = "Third event" - self.write_event_log(msg3) + msg2 = "Second event" + self.write_event_log(msg2) event_logs = self.read_registry(requireBookmark=True) self.assertTrue(len(list(event_logs.keys())), 1) self.assertIn(self.providerName, event_logs) record_number = event_logs[self.providerName]["record_number"] - self.assertTrue(record_number, 3) + self.assertTrue(record_number, 2) # write invalid bookmark, it should start from the beginning again f = open(os.path.join(self.working_dir, "data", ".winlogbeat.yml"), "w") @@ -142,11 +139,10 @@ def test_bad_bookmark_restart(self): format(self.providerName, self.providerName) )) - evts = self.read_events(expected_events=3) - self.assertTrue(len(evts), 3) + evts = self.read_events(expected_events=2) + self.assertTrue(len(evts), 2) self.assert_common_fields(evts[0], msg=msg1) self.assert_common_fields(evts[1], msg=msg2) - self.assert_common_fields(evts[2], msg=msg3) def test_read_unknown_event_id(self): """ From b3f03c307ee17a500a9a100f33a40bc0eebc8736 Mon Sep 17 00:00:00 2001 From: Marc Guasch Date: Mon, 7 Mar 2022 11:10:58 +0100 Subject: [PATCH 09/16] Close file on test --- winlogbeat/tests/system/test_wineventlog.py | 1 + 1 file changed, 1 insertion(+) diff --git a/winlogbeat/tests/system/test_wineventlog.py b/winlogbeat/tests/system/test_wineventlog.py index 6e43d2e08b83..346353b492b0 100644 --- a/winlogbeat/tests/system/test_wineventlog.py +++ b/winlogbeat/tests/system/test_wineventlog.py @@ -138,6 +138,7 @@ def test_bad_bookmark_restart(self): " bookmark: \"\\r\\n \\r\\n\"\n". format(self.providerName, self.providerName) )) + f.close() evts = self.read_events(expected_events=2) self.assertTrue(len(evts), 2) From f29310d303a28bc29dae3614873eed4cf91da291 Mon Sep 17 00:00:00 2001 From: Marc Guasch Date: Mon, 7 Mar 2022 12:05:10 +0100 Subject: [PATCH 10/16] restructure test --- winlogbeat/tests/system/test_wineventlog.py | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/winlogbeat/tests/system/test_wineventlog.py b/winlogbeat/tests/system/test_wineventlog.py index 346353b492b0..d4b4bfe22b5f 100644 --- a/winlogbeat/tests/system/test_wineventlog.py +++ b/winlogbeat/tests/system/test_wineventlog.py @@ -113,19 +113,11 @@ def test_bad_bookmark_restart(self): self.assertTrue(len(evts), 1) self.assert_common_fields(evts[0], msg=msg1) - # remove the output file, otherwise there is a race condition - # in read_events() below where it reads the results of the previous - # execution - os.unlink(os.path.join(self.working_dir, "output", self.beat_name + "-" + self.today + ".ndjson")) - - msg2 = "Second event" - self.write_event_log(msg2) - event_logs = self.read_registry(requireBookmark=True) self.assertTrue(len(list(event_logs.keys())), 1) self.assertIn(self.providerName, event_logs) record_number = event_logs[self.providerName]["record_number"] - self.assertTrue(record_number, 2) + self.assertTrue(record_number, 1) # write invalid bookmark, it should start from the beginning again f = open(os.path.join(self.working_dir, "data", ".winlogbeat.yml"), "w") @@ -140,10 +132,14 @@ def test_bad_bookmark_restart(self): )) f.close() - evts = self.read_events(expected_events=2) - self.assertTrue(len(evts), 2) + # remove the output file, otherwise there is a race condition + # in read_events() below where it reads the results of the previous + # execution + os.unlink(os.path.join(self.working_dir, "output", self.beat_name + "-" + self.today + ".ndjson")) + + evts = self.read_events(expected_events=1) + self.assertTrue(len(evts), 1) self.assert_common_fields(evts[0], msg=msg1) - self.assert_common_fields(evts[1], msg=msg2) def test_read_unknown_event_id(self): """ From a6cb0a07cd571cbafbdaa04946c8c3e736ff0894 Mon Sep 17 00:00:00 2001 From: Adrian Serrano Date: Tue, 22 Mar 2022 16:18:35 +0100 Subject: [PATCH 11/16] Fix fake bookmark generation in test One of the format strings was ignored, resulting in invalid YaML --- winlogbeat/tests/system/test_wineventlog.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/winlogbeat/tests/system/test_wineventlog.py b/winlogbeat/tests/system/test_wineventlog.py index d4b4bfe22b5f..e0b24d18454f 100644 --- a/winlogbeat/tests/system/test_wineventlog.py +++ b/winlogbeat/tests/system/test_wineventlog.py @@ -127,9 +127,9 @@ def test_bad_bookmark_restart(self): " - name: {}\n" + " record_number: 1000\n" + " timestamp: 2100-01-01T00:00:00Z\n" + - " bookmark: \"\\r\\n \\r\\n\"\n". + " bookmark: \"\\r\\n \\r\\n\"\n"). format(self.providerName, self.providerName) - )) + ) f.close() # remove the output file, otherwise there is a race condition From c7a97b2338d9b5c8493d7705aa172481d98ea57e Mon Sep 17 00:00:00 2001 From: Adrian Serrano Date: Tue, 22 Mar 2022 16:19:22 +0100 Subject: [PATCH 12/16] Additional logging --- winlogbeat/eventlog/wineventlog.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/winlogbeat/eventlog/wineventlog.go b/winlogbeat/eventlog/wineventlog.go index 07fdd0fa793f..155cd488cb5b 100644 --- a/winlogbeat/eventlog/wineventlog.go +++ b/winlogbeat/eventlog/wineventlog.go @@ -221,12 +221,14 @@ func (l *winEventLog) openChannel(bookmark win.EvtHandle) error { switch err { case win.ERROR_NOT_FOUND, win.ERROR_EVT_QUERY_RESULT_STALE, win.ERROR_EVT_QUERY_RESULT_INVALID_POSITION: + debugf("%s error subscribing (first chance): %v", l.logPrefix, err) // The bookmarked event was not found, we retry the subscription from the start. incrementMetric(readErrors, err) subscriptionHandle, err = win.Subscribe(0, signalEvent, "", l.query, 0, win.EvtSubscribeStartAtOldestRecord) } if err != nil { + debugf("%s error subscribing (final): %v", l.logPrefix, err) return err } From c2fbab51b030e55e7b7a60f2f465f800d357fe62 Mon Sep 17 00:00:00 2001 From: Marc Guasch Date: Wed, 23 Mar 2022 13:25:38 +0100 Subject: [PATCH 13/16] Fix linting issues --- winlogbeat/eventlog/wineventlog.go | 50 ++++++++++--------- .../eventlog/wineventlog_experimental.go | 29 +++++------ 2 files changed, 41 insertions(+), 38 deletions(-) diff --git a/winlogbeat/eventlog/wineventlog.go b/winlogbeat/eventlog/wineventlog.go index 155cd488cb5b..2288ce744890 100644 --- a/winlogbeat/eventlog/wineventlog.go +++ b/winlogbeat/eventlog/wineventlog.go @@ -22,6 +22,7 @@ package eventlog import ( "encoding/xml" + "errors" "fmt" "io" "path/filepath" @@ -30,7 +31,6 @@ import ( "time" "github.com/joeshaw/multierror" - "github.com/pkg/errors" "golang.org/x/sys/windows" "github.com/elastic/beats/v7/libbeat/common" @@ -90,7 +90,7 @@ func (a *NoMoreEventsAction) Unpack(v string) error { return nil } } - return errors.Errorf("invalid no_more_events action: %v", v) + return fmt.Errorf("invalid no_more_events action: %v", v) } // String returns the name of the action. @@ -196,9 +196,9 @@ func (l *winEventLog) openChannel(bookmark win.EvtHandle) error { // https://msdn.microsoft.com/en-us/library/windows/desktop/aa385771(v=vs.85).aspx#pull signalEvent, err := windows.CreateEvent(nil, 0, 0, nil) if err != nil { - return nil + return err } - defer windows.CloseHandle(signalEvent) + defer func() { _ = windows.CloseHandle(signalEvent) }() var flags win.EvtSubscribeFlag if bookmark > 0 { @@ -218,9 +218,9 @@ func (l *winEventLog) openChannel(bookmark win.EvtHandle) error { bookmark, // Bookmark - for resuming from a specific event flags) - switch err { - case win.ERROR_NOT_FOUND, win.ERROR_EVT_QUERY_RESULT_STALE, - win.ERROR_EVT_QUERY_RESULT_INVALID_POSITION: + switch { + case errors.Is(err, win.ERROR_NOT_FOUND), errors.Is(err, win.ERROR_EVT_QUERY_RESULT_STALE), + errors.Is(err, win.ERROR_EVT_QUERY_RESULT_INVALID_POSITION): debugf("%s error subscribing (first chance): %v", l.logPrefix, err) // The bookmarked event was not found, we retry the subscription from the start. incrementMetric(readErrors, err) @@ -241,7 +241,7 @@ func (l *winEventLog) openFile(state checkpoint.EventLogState, bookmark win.EvtH h, err := win.EvtQuery(0, path, "", win.EvtQueryFilePath|win.EvtQueryForwardDirection) if err != nil { - return errors.Wrapf(err, "failed to get handle to event log file %v", path) + return fmt.Errorf("failed to get handle to event log file %v: %w", path, err) } if bookmark > 0 { @@ -253,16 +253,16 @@ func (l *winEventLog) openFile(state checkpoint.EventLogState, bookmark win.EvtH if err = win.EvtSeek(h, 0, bookmark, win.EvtSeekRelativeToBookmark|win.EvtSeekStrict); err == nil { // Then we advance past the last read event to avoid sending that // event again. This won't fail if we're at the end of the file. - err = errors.Wrap( - win.EvtSeek(h, 1, bookmark, win.EvtSeekRelativeToBookmark), - "failed to seek past bookmarked position") + err = fmt.Errorf( + "failed to seek past bookmarked position: %w", + win.EvtSeek(h, 1, bookmark, win.EvtSeekRelativeToBookmark)) } else { logp.Warn("%s Failed to seek to bookmarked location in %v (error: %v). "+ "Recovering by reading the log from the beginning. (Did the file "+ "change since it was last read?)", l.logPrefix, path, err) - err = errors.Wrap( - win.EvtSeek(h, 0, 0, win.EvtSeekRelativeToFirst), - "failed to seek to beginning of log") + err = fmt.Errorf( + "failed to seek to beginning of log: %w", + win.EvtSeek(h, 0, 0, win.EvtSeekRelativeToFirst)) } if err != nil { @@ -286,11 +286,13 @@ func (l *winEventLog) Read() ([]Record, error) { }() detailf("%s EventHandles returned %d handles", l.logPrefix, len(handles)) + //nolint: prealloc // some handles can be skipped, the final size is unknown var records []Record for _, h := range handles { l.outputBuf.Reset() err := l.render(h, l.outputBuf) - if bufErr, ok := err.(sys.InsufficientBufferError); ok { + var bufErr sys.InsufficientBufferError + if ok := errors.As(err, &bufErr); ok { detailf("%s Increasing render buffer size to %d", l.logPrefix, bufErr.RequiredSize) l.renderBuf = make([]byte, bufErr.RequiredSize) @@ -303,7 +305,7 @@ func (l *winEventLog) Read() ([]Record, error) { continue } - r, _ := l.buildRecordFromXML(l.outputBuf.Bytes(), err) + r := l.buildRecordFromXML(l.outputBuf.Bytes(), err) r.Offset = checkpoint.EventLogState{ Name: l.id, RecordNumber: r.RecordID, @@ -327,26 +329,26 @@ func (l *winEventLog) Close() error { func (l *winEventLog) eventHandles(maxRead int) ([]win.EvtHandle, int, error) { handles, err := win.EventHandles(l.subscription, maxRead) - switch err { - case nil: + switch { + case err == nil: if l.maxRead > maxRead { debugf("%s Recovered from RPC_S_INVALID_BOUND error (errno 1734) "+ "by decreasing batch_read_size to %v", l.logPrefix, maxRead) } return handles, maxRead, nil - case win.ERROR_NO_MORE_ITEMS: + case errors.Is(err, win.ERROR_NO_MORE_ITEMS): detailf("%s No more events", l.logPrefix) if l.config.NoMoreEvents == Stop { return nil, maxRead, io.EOF } return nil, maxRead, nil - case win.RPC_S_INVALID_BOUND: + case errors.Is(err, win.RPC_S_INVALID_BOUND): incrementMetric(readErrors, err) if err := l.Close(); err != nil { - return nil, 0, errors.Wrap(err, "failed to recover from RPC_S_INVALID_BOUND") + return nil, 0, fmt.Errorf("failed to recover from RPC_S_INVALID_BOUND: %w", err) } if err := l.Open(l.lastRead); err != nil { - return nil, 0, errors.Wrap(err, "failed to recover from RPC_S_INVALID_BOUND") + return nil, 0, fmt.Errorf("failed to recover from RPC_S_INVALID_BOUND: %w", err) } return l.eventHandles(maxRead / 2) default: @@ -356,7 +358,7 @@ func (l *winEventLog) eventHandles(maxRead int) ([]win.EvtHandle, int, error) { } } -func (l *winEventLog) buildRecordFromXML(x []byte, recoveredErr error) (Record, error) { +func (l *winEventLog) buildRecordFromXML(x []byte, recoveredErr error) Record { includeXML := l.config.IncludeXML e, err := winevent.UnmarshalXML(x) if err != nil { @@ -401,7 +403,7 @@ func (l *winEventLog) buildRecordFromXML(x []byte, recoveredErr error) (Record, r.XML = string(x) } - return r, nil + return r } func newEventLogging(options *common.Config) (EventLog, error) { diff --git a/winlogbeat/eventlog/wineventlog_experimental.go b/winlogbeat/eventlog/wineventlog_experimental.go index 4d40163cd898..ee35b9dce37c 100644 --- a/winlogbeat/eventlog/wineventlog_experimental.go +++ b/winlogbeat/eventlog/wineventlog_experimental.go @@ -21,11 +21,12 @@ package eventlog import ( + "errors" + "fmt" "io" "os" "path/filepath" - "github.com/pkg/errors" "go.uber.org/multierr" "golang.org/x/sys/windows" @@ -99,7 +100,7 @@ func (l *winEventLogExp) openChannel(bookmark win.Bookmark) (win.EvtHandle, erro if err != nil { return win.NilHandle, err } - defer windows.CloseHandle(signalEvent) + defer func() { _ = windows.CloseHandle(signalEvent) }() var flags win.EvtSubscribeFlag if bookmark > 0 { @@ -119,11 +120,11 @@ func (l *winEventLogExp) openChannel(bookmark win.Bookmark) (win.EvtHandle, erro win.EvtHandle(bookmark), // Bookmark - for resuming from a specific event flags) - switch err { - case nil: + switch { + case err == nil: return h, nil - case win.ERROR_NOT_FOUND, win.ERROR_EVT_QUERY_RESULT_STALE, - win.ERROR_EVT_QUERY_RESULT_INVALID_POSITION: + case errors.Is(err, win.ERROR_NOT_FOUND), errors.Is(err, win.ERROR_EVT_QUERY_RESULT_STALE), + errors.Is(err, win.ERROR_EVT_QUERY_RESULT_INVALID_POSITION): // The bookmarked event was not found, we retry the subscription from the start. incrementMetric(readErrors, err) return win.Subscribe(0, signalEvent, "", l.query, 0, win.EvtSubscribeStartAtOldestRecord) @@ -137,7 +138,7 @@ func (l *winEventLogExp) openFile(state checkpoint.EventLogState, bookmark win.B h, err := win.EvtQuery(0, path, "", win.EvtQueryFilePath|win.EvtQueryForwardDirection) if err != nil { - return win.NilHandle, errors.Wrapf(err, "failed to get handle to event log file %v", path) + return win.NilHandle, fmt.Errorf("failed to get handle to event log file %v: %w", path, err) } if bookmark > 0 { @@ -149,16 +150,16 @@ func (l *winEventLogExp) openFile(state checkpoint.EventLogState, bookmark win.B if err = win.EvtSeek(h, 0, win.EvtHandle(bookmark), win.EvtSeekRelativeToBookmark|win.EvtSeekStrict); err == nil { // Then we advance past the last read event to avoid sending that // event again. This won't fail if we're at the end of the file. - err = errors.Wrap( - win.EvtSeek(h, 1, win.EvtHandle(bookmark), win.EvtSeekRelativeToBookmark), - "failed to seek past bookmarked position") + err = fmt.Errorf( + "failed to seek past bookmarked position: %w", + win.EvtSeek(h, 1, win.EvtHandle(bookmark), win.EvtSeekRelativeToBookmark)) } else { l.log.Warnf("s Failed to seek to bookmarked location in %v (error: %v). "+ "Recovering by reading the log from the beginning. (Did the file "+ "change since it was last read?)", path, err) - err = errors.Wrap( - win.EvtSeek(h, 0, 0, win.EvtSeekRelativeToFirst), - "failed to seek to beginning of log") + err = fmt.Errorf( + "failed to seek to beginning of log: %w", + win.EvtSeek(h, 0, 0, win.EvtSeekRelativeToFirst)) } if err != nil { @@ -238,7 +239,7 @@ func (l *winEventLogExp) processHandle(h win.EvtHandle) (*Record, error) { func (l *winEventLogExp) createBookmarkFromEvent(evtHandle win.EvtHandle) (string, error) { bookmark, err := win.NewBookmarkFromEvent(evtHandle) if err != nil { - return "", errors.Wrap(err, "failed to create new bookmark from event handle") + return "", fmt.Errorf("failed to create new bookmark from event handle: %w", err) } defer bookmark.Close() From fb91f15f336e48fc189392f9576886c9f324925a Mon Sep 17 00:00:00 2001 From: Marc Guasch Date: Wed, 23 Mar 2022 13:58:31 +0100 Subject: [PATCH 14/16] Fix linting issue --- .../eventlog/wineventlog_experimental.go | 1 + winlogbeat/otel-traces-file-output.json | 756 ++++++++++++++++++ 2 files changed, 757 insertions(+) create mode 100644 winlogbeat/otel-traces-file-output.json diff --git a/winlogbeat/eventlog/wineventlog_experimental.go b/winlogbeat/eventlog/wineventlog_experimental.go index ee35b9dce37c..b83562dbe286 100644 --- a/winlogbeat/eventlog/wineventlog_experimental.go +++ b/winlogbeat/eventlog/wineventlog_experimental.go @@ -213,6 +213,7 @@ func (l *winEventLogExp) processHandle(h win.EvtHandle) (*Record, error) { evt.RenderErr = append(evt.RenderErr, err.Error()) } + //nolint: godox // keep to have a record of feature disparity between non-experimental vs experimental // TODO: Need to add XML when configured. r := &Record{ diff --git a/winlogbeat/otel-traces-file-output.json b/winlogbeat/otel-traces-file-output.json new file mode 100644 index 000000000000..405bcb3bb654 --- /dev/null +++ b/winlogbeat/otel-traces-file-output.json @@ -0,0 +1,756 @@ +[ +{ + "name": "Running test_export_config", + "context": { + "trace_id": "0xab96c7926910a8880585c50b272a5395", + "span_id": "0xbcf4f3d8f1dcc84c", + "trace_state": "[]" + }, + "kind": "SpanKind.INTERNAL", + "parent_id": "0x110549fce80548cb", + "start_time": "2022-03-23T12:36:49.204029Z", + "end_time": "2022-03-23T12:36:49.521000Z", + "status": { + "status_code": "OK" + }, + "attributes": { + "tests.name": "test_export_config", + "tests.status": "passed" + }, + "events": [], + "links": [], + "resource": { + "telemetry.sdk.language": "python", + "telemetry.sdk.name": "opentelemetry", + "telemetry.sdk.version": "1.5.0", + "service.name": "Pytest_Otel_reporter" + } +},{ + "name": "Running test_export_ilm_policy", + "context": { + "trace_id": "0xab96c7926910a8880585c50b272a5395", + "span_id": "0x37d2b3b8c268bc86", + "trace_state": "[]" + }, + "kind": "SpanKind.INTERNAL", + "parent_id": "0x110549fce80548cb", + "start_time": "2022-03-23T12:36:49.531801Z", + "end_time": "2022-03-23T12:36:49.834603Z", + "status": { + "status_code": "OK" + }, + "attributes": { + "tests.name": "test_export_ilm_policy", + "tests.status": "passed" + }, + "events": [], + "links": [], + "resource": { + "telemetry.sdk.language": "python", + "telemetry.sdk.name": "opentelemetry", + "telemetry.sdk.version": "1.5.0", + "service.name": "Pytest_Otel_reporter" + } +},{ + "name": "Running test_export_index_pattern", + "context": { + "trace_id": "0xab96c7926910a8880585c50b272a5395", + "span_id": "0x89fb803a894de568", + "trace_state": "[]" + }, + "kind": "SpanKind.INTERNAL", + "parent_id": "0x110549fce80548cb", + "start_time": "2022-03-23T12:36:49.834603Z", + "end_time": "2022-03-23T12:36:50.254463Z", + "status": { + "status_code": "OK" + }, + "attributes": { + "tests.name": "test_export_index_pattern", + "tests.status": "passed" + }, + "events": [], + "links": [], + "resource": { + "telemetry.sdk.language": "python", + "telemetry.sdk.name": "opentelemetry", + "telemetry.sdk.version": "1.5.0", + "service.name": "Pytest_Otel_reporter" + } +},{ + "name": "Running test_export_index_pattern_migration", + "context": { + "trace_id": "0xab96c7926910a8880585c50b272a5395", + "span_id": "0xa6bc5c3ccf7ae880", + "trace_state": "[]" + }, + "kind": "SpanKind.INTERNAL", + "parent_id": "0x110549fce80548cb", + "start_time": "2022-03-23T12:36:50.270791Z", + "end_time": "2022-03-23T12:36:50.724272Z", + "status": { + "status_code": "OK" + }, + "attributes": { + "tests.name": "test_export_index_pattern_migration", + "tests.status": "passed" + }, + "events": [], + "links": [], + "resource": { + "telemetry.sdk.language": "python", + "telemetry.sdk.name": "opentelemetry", + "telemetry.sdk.version": "1.5.0", + "service.name": "Pytest_Otel_reporter" + } +},{ + "name": "Running test_export_template", + "context": { + "trace_id": "0xab96c7926910a8880585c50b272a5395", + "span_id": "0xd57ae95f3f181ba4", + "trace_state": "[]" + }, + "kind": "SpanKind.INTERNAL", + "parent_id": "0x110549fce80548cb", + "start_time": "2022-03-23T12:36:50.724272Z", + "end_time": "2022-03-23T12:36:51.120956Z", + "status": { + "status_code": "OK" + }, + "attributes": { + "tests.name": "test_export_template", + "tests.status": "passed" + }, + "events": [], + "links": [], + "resource": { + "telemetry.sdk.language": "python", + "telemetry.sdk.name": "opentelemetry", + "telemetry.sdk.version": "1.5.0", + "service.name": "Pytest_Otel_reporter" + } +},{ + "name": "Running test_invalid_api", + "context": { + "trace_id": "0xab96c7926910a8880585c50b272a5395", + "span_id": "0x881ff22fc1791ac3", + "trace_state": "[]" + }, + "kind": "SpanKind.INTERNAL", + "parent_id": "0x110549fce80548cb", + "start_time": "2022-03-23T12:36:51.120956Z", + "end_time": "2022-03-23T12:36:51.339364Z", + "status": { + "status_code": "OK" + }, + "attributes": { + "tests.name": "test_invalid_api", + "tests.status": "passed" + }, + "events": [], + "links": [], + "resource": { + "telemetry.sdk.language": "python", + "telemetry.sdk.name": "opentelemetry", + "telemetry.sdk.version": "1.5.0", + "service.name": "Pytest_Otel_reporter" + } +},{ + "name": "Running test_invalid_ignore_older", + "context": { + "trace_id": "0xab96c7926910a8880585c50b272a5395", + "span_id": "0x5befab4507e0cba3", + "trace_state": "[]" + }, + "kind": "SpanKind.INTERNAL", + "parent_id": "0x110549fce80548cb", + "start_time": "2022-03-23T12:36:51.339364Z", + "end_time": "2022-03-23T12:36:51.544704Z", + "status": { + "status_code": "OK" + }, + "attributes": { + "tests.name": "test_invalid_ignore_older", + "tests.status": "passed" + }, + "events": [], + "links": [], + "resource": { + "telemetry.sdk.language": "python", + "telemetry.sdk.name": "opentelemetry", + "telemetry.sdk.version": "1.5.0", + "service.name": "Pytest_Otel_reporter" + } +},{ + "name": "Running test_invalid_level", + "context": { + "trace_id": "0xab96c7926910a8880585c50b272a5395", + "span_id": "0xb1bf90afa43b7870", + "trace_state": "[]" + }, + "kind": "SpanKind.INTERNAL", + "parent_id": "0x110549fce80548cb", + "start_time": "2022-03-23T12:36:51.544704Z", + "end_time": "2022-03-23T12:36:51.753733Z", + "status": { + "status_code": "OK" + }, + "attributes": { + "tests.name": "test_invalid_level", + "tests.status": "passed" + }, + "events": [], + "links": [], + "resource": { + "telemetry.sdk.language": "python", + "telemetry.sdk.name": "opentelemetry", + "telemetry.sdk.version": "1.5.0", + "service.name": "Pytest_Otel_reporter" + } +},{ + "name": "Running test_valid_config", + "context": { + "trace_id": "0xab96c7926910a8880585c50b272a5395", + "span_id": "0xdf28e1ca8d76eeb8", + "trace_state": "[]" + }, + "kind": "SpanKind.INTERNAL", + "parent_id": "0x110549fce80548cb", + "start_time": "2022-03-23T12:36:51.753733Z", + "end_time": "2022-03-23T12:36:52.046478Z", + "status": { + "status_code": "OK" + }, + "attributes": { + "tests.name": "test_valid_config", + "tests.status": "passed" + }, + "events": [], + "links": [], + "resource": { + "telemetry.sdk.language": "python", + "telemetry.sdk.name": "opentelemetry", + "telemetry.sdk.version": "1.5.0", + "service.name": "Pytest_Otel_reporter" + } +},{ + "name": "Running test_bad_bookmark_restart", + "context": { + "trace_id": "0xab96c7926910a8880585c50b272a5395", + "span_id": "0x6ec03a39611b2d36", + "trace_state": "[]" + }, + "kind": "SpanKind.INTERNAL", + "parent_id": "0x110549fce80548cb", + "start_time": "2022-03-23T12:36:52.046478Z", + "end_time": "2022-03-23T12:36:54.774526Z", + "status": { + "status_code": "OK" + }, + "attributes": { + "tests.name": "test_bad_bookmark_restart", + "tests.status": "passed" + }, + "events": [], + "links": [], + "resource": { + "telemetry.sdk.language": "python", + "telemetry.sdk.name": "opentelemetry", + "telemetry.sdk.version": "1.5.0", + "service.name": "Pytest_Otel_reporter" + } +},{ + "name": "Running test_cleared_channel_restarts", + "context": { + "trace_id": "0xab96c7926910a8880585c50b272a5395", + "span_id": "0x3f64091ed2c542ec", + "trace_state": "[]" + }, + "kind": "SpanKind.INTERNAL", + "parent_id": "0x110549fce80548cb", + "start_time": "2022-03-23T12:36:54.790339Z", + "end_time": "2022-03-23T12:36:57.467809Z", + "status": { + "status_code": "OK" + }, + "attributes": { + "tests.name": "test_cleared_channel_restarts", + "tests.status": "passed" + }, + "events": [], + "links": [], + "resource": { + "telemetry.sdk.language": "python", + "telemetry.sdk.name": "opentelemetry", + "telemetry.sdk.version": "1.5.0", + "service.name": "Pytest_Otel_reporter" + } +},{ + "name": "Running test_fields_not_under_root", + "context": { + "trace_id": "0xab96c7926910a8880585c50b272a5395", + "span_id": "0x1b7f94f0ab8b80a2", + "trace_state": "[]" + }, + "kind": "SpanKind.INTERNAL", + "parent_id": "0x110549fce80548cb", + "start_time": "2022-03-23T12:36:57.467809Z", + "end_time": "2022-03-23T12:36:58.857444Z", + "status": { + "status_code": "OK" + }, + "attributes": { + "tests.name": "test_fields_not_under_root", + "tests.status": "passed" + }, + "events": [], + "links": [], + "resource": { + "telemetry.sdk.language": "python", + "telemetry.sdk.name": "opentelemetry", + "telemetry.sdk.version": "1.5.0", + "service.name": "Pytest_Otel_reporter" + } +},{ + "name": "Running test_fields_under_root", + "context": { + "trace_id": "0xab96c7926910a8880585c50b272a5395", + "span_id": "0x8f342c40096c1504", + "trace_state": "[]" + }, + "kind": "SpanKind.INTERNAL", + "parent_id": "0x110549fce80548cb", + "start_time": "2022-03-23T12:36:58.857444Z", + "end_time": "2022-03-23T12:37:00.324289Z", + "status": { + "status_code": "OK" + }, + "attributes": { + "tests.name": "test_fields_under_root", + "tests.status": "passed" + }, + "events": [], + "links": [], + "resource": { + "telemetry.sdk.language": "python", + "telemetry.sdk.name": "opentelemetry", + "telemetry.sdk.version": "1.5.0", + "service.name": "Pytest_Otel_reporter" + } +},{ + "name": "Running test_include_xml", + "context": { + "trace_id": "0xab96c7926910a8880585c50b272a5395", + "span_id": "0x1292c4fe460f344a", + "trace_state": "[]" + }, + "kind": "SpanKind.INTERNAL", + "parent_id": "0x110549fce80548cb", + "start_time": "2022-03-23T12:37:00.324289Z", + "end_time": "2022-03-23T12:37:01.760355Z", + "status": { + "status_code": "OK" + }, + "attributes": { + "tests.name": "test_include_xml", + "tests.status": "passed" + }, + "events": [], + "links": [], + "resource": { + "telemetry.sdk.language": "python", + "telemetry.sdk.name": "opentelemetry", + "telemetry.sdk.version": "1.5.0", + "service.name": "Pytest_Otel_reporter" + } +},{ + "name": "Running test_multiline_events", + "context": { + "trace_id": "0xab96c7926910a8880585c50b272a5395", + "span_id": "0xbec736fb2bc3f2cc", + "trace_state": "[]" + }, + "kind": "SpanKind.INTERNAL", + "parent_id": "0x110549fce80548cb", + "start_time": "2022-03-23T12:37:01.775998Z", + "end_time": "2022-03-23T12:37:03.195942Z", + "status": { + "status_code": "OK" + }, + "attributes": { + "tests.name": "test_multiline_events", + "tests.status": "passed" + }, + "events": [], + "links": [], + "resource": { + "telemetry.sdk.language": "python", + "telemetry.sdk.name": "opentelemetry", + "telemetry.sdk.version": "1.5.0", + "service.name": "Pytest_Otel_reporter" + } +},{ + "name": "Running test_processors", + "context": { + "trace_id": "0xab96c7926910a8880585c50b272a5395", + "span_id": "0xa670db76a3f8cf5f", + "trace_state": "[]" + }, + "kind": "SpanKind.INTERNAL", + "parent_id": "0x110549fce80548cb", + "start_time": "2022-03-23T12:37:03.195942Z", + "end_time": "2022-03-23T12:37:04.754737Z", + "status": { + "status_code": "OK" + }, + "attributes": { + "tests.name": "test_processors", + "tests.status": "passed" + }, + "events": [], + "links": [], + "resource": { + "telemetry.sdk.language": "python", + "telemetry.sdk.name": "opentelemetry", + "telemetry.sdk.version": "1.5.0", + "service.name": "Pytest_Otel_reporter" + } +},{ + "name": "Running test_query_event_id", + "context": { + "trace_id": "0xab96c7926910a8880585c50b272a5395", + "span_id": "0xa287e6014648f90f", + "trace_state": "[]" + }, + "kind": "SpanKind.INTERNAL", + "parent_id": "0x110549fce80548cb", + "start_time": "2022-03-23T12:37:04.754737Z", + "end_time": "2022-03-23T12:37:06.202740Z", + "status": { + "status_code": "OK" + }, + "attributes": { + "tests.name": "test_query_event_id", + "tests.status": "passed" + }, + "events": [], + "links": [], + "resource": { + "telemetry.sdk.language": "python", + "telemetry.sdk.name": "opentelemetry", + "telemetry.sdk.version": "1.5.0", + "service.name": "Pytest_Otel_reporter" + } +},{ + "name": "Running test_query_ignore_older", + "context": { + "trace_id": "0xab96c7926910a8880585c50b272a5395", + "span_id": "0x83363b163520c9b0", + "trace_state": "[]" + }, + "kind": "SpanKind.INTERNAL", + "parent_id": "0x110549fce80548cb", + "start_time": "2022-03-23T12:37:06.218595Z", + "end_time": "2022-03-23T12:37:09.742570Z", + "status": { + "status_code": "OK" + }, + "attributes": { + "tests.name": "test_query_ignore_older", + "tests.status": "passed" + }, + "events": [], + "links": [], + "resource": { + "telemetry.sdk.language": "python", + "telemetry.sdk.name": "opentelemetry", + "telemetry.sdk.version": "1.5.0", + "service.name": "Pytest_Otel_reporter" + } +},{ + "name": "Running test_query_level_multiple", + "context": { + "trace_id": "0xab96c7926910a8880585c50b272a5395", + "span_id": "0x0f2b3f76be206eae", + "trace_state": "[]" + }, + "kind": "SpanKind.INTERNAL", + "parent_id": "0x110549fce80548cb", + "start_time": "2022-03-23T12:37:09.742570Z", + "end_time": "2022-03-23T12:37:11.363439Z", + "status": { + "status_code": "OK" + }, + "attributes": { + "tests.name": "test_query_level_multiple", + "tests.status": "passed" + }, + "events": [], + "links": [], + "resource": { + "telemetry.sdk.language": "python", + "telemetry.sdk.name": "opentelemetry", + "telemetry.sdk.version": "1.5.0", + "service.name": "Pytest_Otel_reporter" + } +},{ + "name": "Running test_query_level_single", + "context": { + "trace_id": "0xab96c7926910a8880585c50b272a5395", + "span_id": "0x5d0dc699d3f500ac", + "trace_state": "[]" + }, + "kind": "SpanKind.INTERNAL", + "parent_id": "0x110549fce80548cb", + "start_time": "2022-03-23T12:37:11.363439Z", + "end_time": "2022-03-23T12:37:12.828319Z", + "status": { + "status_code": "OK" + }, + "attributes": { + "tests.name": "test_query_level_single", + "tests.status": "passed" + }, + "events": [], + "links": [], + "resource": { + "telemetry.sdk.language": "python", + "telemetry.sdk.name": "opentelemetry", + "telemetry.sdk.version": "1.5.0", + "service.name": "Pytest_Otel_reporter" + } +},{ + "name": "Running test_query_multi_param", + "context": { + "trace_id": "0xab96c7926910a8880585c50b272a5395", + "span_id": "0xb23f96d7697114e7", + "trace_state": "[]" + }, + "kind": "SpanKind.INTERNAL", + "parent_id": "0x110549fce80548cb", + "start_time": "2022-03-23T12:37:12.828319Z", + "end_time": "2022-03-23T12:37:14.264143Z", + "status": { + "status_code": "OK" + }, + "attributes": { + "tests.name": "test_query_multi_param", + "tests.status": "passed" + }, + "events": [], + "links": [], + "resource": { + "telemetry.sdk.language": "python", + "telemetry.sdk.name": "opentelemetry", + "telemetry.sdk.version": "1.5.0", + "service.name": "Pytest_Otel_reporter" + } +},{ + "name": "Running test_query_provider", + "context": { + "trace_id": "0xab96c7926910a8880585c50b272a5395", + "span_id": "0x1aec82a2ffb2ac90", + "trace_state": "[]" + }, + "kind": "SpanKind.INTERNAL", + "parent_id": "0x110549fce80548cb", + "start_time": "2022-03-23T12:37:14.264143Z", + "end_time": "2022-03-23T12:37:15.704906Z", + "status": { + "status_code": "OK" + }, + "attributes": { + "tests.name": "test_query_provider", + "tests.status": "passed" + }, + "events": [], + "links": [], + "resource": { + "telemetry.sdk.language": "python", + "telemetry.sdk.name": "opentelemetry", + "telemetry.sdk.version": "1.5.0", + "service.name": "Pytest_Otel_reporter" + } +},{ + "name": "Running test_read_one_event", + "context": { + "trace_id": "0xab96c7926910a8880585c50b272a5395", + "span_id": "0x69aa7f4cb5ec06b7", + "trace_state": "[]" + }, + "kind": "SpanKind.INTERNAL", + "parent_id": "0x110549fce80548cb", + "start_time": "2022-03-23T12:37:15.704906Z", + "end_time": "2022-03-23T12:37:17.279540Z", + "status": { + "status_code": "OK" + }, + "attributes": { + "tests.name": "test_read_one_event", + "tests.status": "passed" + }, + "events": [], + "links": [], + "resource": { + "telemetry.sdk.language": "python", + "telemetry.sdk.name": "opentelemetry", + "telemetry.sdk.version": "1.5.0", + "service.name": "Pytest_Otel_reporter" + } +},{ + "name": "Running test_read_unknown_event_id", + "context": { + "trace_id": "0xab96c7926910a8880585c50b272a5395", + "span_id": "0x012b50f168466d1e", + "trace_state": "[]" + }, + "kind": "SpanKind.INTERNAL", + "parent_id": "0x110549fce80548cb", + "start_time": "2022-03-23T12:37:17.279540Z", + "end_time": "2022-03-23T12:37:18.725329Z", + "status": { + "status_code": "OK" + }, + "attributes": { + "tests.name": "test_read_unknown_event_id", + "tests.status": "passed" + }, + "events": [], + "links": [], + "resource": { + "telemetry.sdk.language": "python", + "telemetry.sdk.name": "opentelemetry", + "telemetry.sdk.version": "1.5.0", + "service.name": "Pytest_Otel_reporter" + } +},{ + "name": "Running test_read_unknown_sid", + "context": { + "trace_id": "0xab96c7926910a8880585c50b272a5395", + "span_id": "0x2662986a03b06f37", + "trace_state": "[]" + }, + "kind": "SpanKind.INTERNAL", + "parent_id": "0x110549fce80548cb", + "start_time": "2022-03-23T12:37:18.725329Z", + "end_time": "2022-03-23T12:37:20.176606Z", + "status": { + "status_code": "OK" + }, + "attributes": { + "tests.name": "test_read_unknown_sid", + "tests.status": "passed" + }, + "events": [], + "links": [], + "resource": { + "telemetry.sdk.language": "python", + "telemetry.sdk.name": "opentelemetry", + "telemetry.sdk.version": "1.5.0", + "service.name": "Pytest_Otel_reporter" + } +},{ + "name": "Running test_registry_data", + "context": { + "trace_id": "0xab96c7926910a8880585c50b272a5395", + "span_id": "0x2ffbb69a185150fc", + "trace_state": "[]" + }, + "kind": "SpanKind.INTERNAL", + "parent_id": "0x110549fce80548cb", + "start_time": "2022-03-23T12:37:20.176606Z", + "end_time": "2022-03-23T12:37:21.712136Z", + "status": { + "status_code": "OK" + }, + "attributes": { + "tests.name": "test_registry_data", + "tests.status": "passed" + }, + "events": [], + "links": [], + "resource": { + "telemetry.sdk.language": "python", + "telemetry.sdk.name": "opentelemetry", + "telemetry.sdk.version": "1.5.0", + "service.name": "Pytest_Otel_reporter" + } +},{ + "name": "Running test_resume_reading_events", + "context": { + "trace_id": "0xab96c7926910a8880585c50b272a5395", + "span_id": "0xbd9f3078c0fc9938", + "trace_state": "[]" + }, + "kind": "SpanKind.INTERNAL", + "parent_id": "0x110549fce80548cb", + "start_time": "2022-03-23T12:37:21.712136Z", + "end_time": "2022-03-23T12:37:24.592393Z", + "status": { + "status_code": "OK" + }, + "attributes": { + "tests.name": "test_resume_reading_events", + "tests.status": "passed" + }, + "events": [], + "links": [], + "resource": { + "telemetry.sdk.language": "python", + "telemetry.sdk.name": "opentelemetry", + "telemetry.sdk.version": "1.5.0", + "service.name": "Pytest_Otel_reporter" + } +},{ + "name": "Running test_utf16_characters", + "context": { + "trace_id": "0xab96c7926910a8880585c50b272a5395", + "span_id": "0xc0b28fd79a9a52d6", + "trace_state": "[]" + }, + "kind": "SpanKind.INTERNAL", + "parent_id": "0x110549fce80548cb", + "start_time": "2022-03-23T12:37:24.592393Z", + "end_time": "2022-03-23T12:37:26.051373Z", + "status": { + "status_code": "OK" + }, + "attributes": { + "tests.name": "test_utf16_characters", + "tests.status": "passed" + }, + "events": [], + "links": [], + "resource": { + "telemetry.sdk.language": "python", + "telemetry.sdk.name": "opentelemetry", + "telemetry.sdk.version": "1.5.0", + "service.name": "Pytest_Otel_reporter" + } +},{ + "name": "Test Suite", + "context": { + "trace_id": "0xab96c7926910a8880585c50b272a5395", + "span_id": "0x110549fce80548cb", + "trace_state": "[]" + }, + "kind": "SpanKind.SERVER", + "parent_id": null, + "start_time": "2022-03-23T12:36:48.744519Z", + "end_time": "2022-03-23T12:37:26.067179Z", + "status": { + "status_code": "OK" + }, + "attributes": { + "tests.status": "passed" + }, + "events": [], + "links": [], + "resource": { + "telemetry.sdk.language": "python", + "telemetry.sdk.name": "opentelemetry", + "telemetry.sdk.version": "1.5.0", + "service.name": "Pytest_Otel_reporter" + } +} +] From 23e16a4987fa158a5b4e71006b202af6526ad68c Mon Sep 17 00:00:00 2001 From: Marc Guasch Date: Wed, 23 Mar 2022 15:39:28 +0100 Subject: [PATCH 15/16] Remove test output --- winlogbeat/otel-traces-file-output.json | 756 ------------------------ 1 file changed, 756 deletions(-) delete mode 100644 winlogbeat/otel-traces-file-output.json diff --git a/winlogbeat/otel-traces-file-output.json b/winlogbeat/otel-traces-file-output.json deleted file mode 100644 index 405bcb3bb654..000000000000 --- a/winlogbeat/otel-traces-file-output.json +++ /dev/null @@ -1,756 +0,0 @@ -[ -{ - "name": "Running test_export_config", - "context": { - "trace_id": "0xab96c7926910a8880585c50b272a5395", - "span_id": "0xbcf4f3d8f1dcc84c", - "trace_state": "[]" - }, - "kind": "SpanKind.INTERNAL", - "parent_id": "0x110549fce80548cb", - "start_time": "2022-03-23T12:36:49.204029Z", - "end_time": "2022-03-23T12:36:49.521000Z", - "status": { - "status_code": "OK" - }, - "attributes": { - "tests.name": "test_export_config", - "tests.status": "passed" - }, - "events": [], - "links": [], - "resource": { - "telemetry.sdk.language": "python", - "telemetry.sdk.name": "opentelemetry", - "telemetry.sdk.version": "1.5.0", - "service.name": "Pytest_Otel_reporter" - } -},{ - "name": "Running test_export_ilm_policy", - "context": { - "trace_id": "0xab96c7926910a8880585c50b272a5395", - "span_id": "0x37d2b3b8c268bc86", - "trace_state": "[]" - }, - "kind": "SpanKind.INTERNAL", - "parent_id": "0x110549fce80548cb", - "start_time": "2022-03-23T12:36:49.531801Z", - "end_time": "2022-03-23T12:36:49.834603Z", - "status": { - "status_code": "OK" - }, - "attributes": { - "tests.name": "test_export_ilm_policy", - "tests.status": "passed" - }, - "events": [], - "links": [], - "resource": { - "telemetry.sdk.language": "python", - "telemetry.sdk.name": "opentelemetry", - "telemetry.sdk.version": "1.5.0", - "service.name": "Pytest_Otel_reporter" - } -},{ - "name": "Running test_export_index_pattern", - "context": { - "trace_id": "0xab96c7926910a8880585c50b272a5395", - "span_id": "0x89fb803a894de568", - "trace_state": "[]" - }, - "kind": "SpanKind.INTERNAL", - "parent_id": "0x110549fce80548cb", - "start_time": "2022-03-23T12:36:49.834603Z", - "end_time": "2022-03-23T12:36:50.254463Z", - "status": { - "status_code": "OK" - }, - "attributes": { - "tests.name": "test_export_index_pattern", - "tests.status": "passed" - }, - "events": [], - "links": [], - "resource": { - "telemetry.sdk.language": "python", - "telemetry.sdk.name": "opentelemetry", - "telemetry.sdk.version": "1.5.0", - "service.name": "Pytest_Otel_reporter" - } -},{ - "name": "Running test_export_index_pattern_migration", - "context": { - "trace_id": "0xab96c7926910a8880585c50b272a5395", - "span_id": "0xa6bc5c3ccf7ae880", - "trace_state": "[]" - }, - "kind": "SpanKind.INTERNAL", - "parent_id": "0x110549fce80548cb", - "start_time": "2022-03-23T12:36:50.270791Z", - "end_time": "2022-03-23T12:36:50.724272Z", - "status": { - "status_code": "OK" - }, - "attributes": { - "tests.name": "test_export_index_pattern_migration", - "tests.status": "passed" - }, - "events": [], - "links": [], - "resource": { - "telemetry.sdk.language": "python", - "telemetry.sdk.name": "opentelemetry", - "telemetry.sdk.version": "1.5.0", - "service.name": "Pytest_Otel_reporter" - } -},{ - "name": "Running test_export_template", - "context": { - "trace_id": "0xab96c7926910a8880585c50b272a5395", - "span_id": "0xd57ae95f3f181ba4", - "trace_state": "[]" - }, - "kind": "SpanKind.INTERNAL", - "parent_id": "0x110549fce80548cb", - "start_time": "2022-03-23T12:36:50.724272Z", - "end_time": "2022-03-23T12:36:51.120956Z", - "status": { - "status_code": "OK" - }, - "attributes": { - "tests.name": "test_export_template", - "tests.status": "passed" - }, - "events": [], - "links": [], - "resource": { - "telemetry.sdk.language": "python", - "telemetry.sdk.name": "opentelemetry", - "telemetry.sdk.version": "1.5.0", - "service.name": "Pytest_Otel_reporter" - } -},{ - "name": "Running test_invalid_api", - "context": { - "trace_id": "0xab96c7926910a8880585c50b272a5395", - "span_id": "0x881ff22fc1791ac3", - "trace_state": "[]" - }, - "kind": "SpanKind.INTERNAL", - "parent_id": "0x110549fce80548cb", - "start_time": "2022-03-23T12:36:51.120956Z", - "end_time": "2022-03-23T12:36:51.339364Z", - "status": { - "status_code": "OK" - }, - "attributes": { - "tests.name": "test_invalid_api", - "tests.status": "passed" - }, - "events": [], - "links": [], - "resource": { - "telemetry.sdk.language": "python", - "telemetry.sdk.name": "opentelemetry", - "telemetry.sdk.version": "1.5.0", - "service.name": "Pytest_Otel_reporter" - } -},{ - "name": "Running test_invalid_ignore_older", - "context": { - "trace_id": "0xab96c7926910a8880585c50b272a5395", - "span_id": "0x5befab4507e0cba3", - "trace_state": "[]" - }, - "kind": "SpanKind.INTERNAL", - "parent_id": "0x110549fce80548cb", - "start_time": "2022-03-23T12:36:51.339364Z", - "end_time": "2022-03-23T12:36:51.544704Z", - "status": { - "status_code": "OK" - }, - "attributes": { - "tests.name": "test_invalid_ignore_older", - "tests.status": "passed" - }, - "events": [], - "links": [], - "resource": { - "telemetry.sdk.language": "python", - "telemetry.sdk.name": "opentelemetry", - "telemetry.sdk.version": "1.5.0", - "service.name": "Pytest_Otel_reporter" - } -},{ - "name": "Running test_invalid_level", - "context": { - "trace_id": "0xab96c7926910a8880585c50b272a5395", - "span_id": "0xb1bf90afa43b7870", - "trace_state": "[]" - }, - "kind": "SpanKind.INTERNAL", - "parent_id": "0x110549fce80548cb", - "start_time": "2022-03-23T12:36:51.544704Z", - "end_time": "2022-03-23T12:36:51.753733Z", - "status": { - "status_code": "OK" - }, - "attributes": { - "tests.name": "test_invalid_level", - "tests.status": "passed" - }, - "events": [], - "links": [], - "resource": { - "telemetry.sdk.language": "python", - "telemetry.sdk.name": "opentelemetry", - "telemetry.sdk.version": "1.5.0", - "service.name": "Pytest_Otel_reporter" - } -},{ - "name": "Running test_valid_config", - "context": { - "trace_id": "0xab96c7926910a8880585c50b272a5395", - "span_id": "0xdf28e1ca8d76eeb8", - "trace_state": "[]" - }, - "kind": "SpanKind.INTERNAL", - "parent_id": "0x110549fce80548cb", - "start_time": "2022-03-23T12:36:51.753733Z", - "end_time": "2022-03-23T12:36:52.046478Z", - "status": { - "status_code": "OK" - }, - "attributes": { - "tests.name": "test_valid_config", - "tests.status": "passed" - }, - "events": [], - "links": [], - "resource": { - "telemetry.sdk.language": "python", - "telemetry.sdk.name": "opentelemetry", - "telemetry.sdk.version": "1.5.0", - "service.name": "Pytest_Otel_reporter" - } -},{ - "name": "Running test_bad_bookmark_restart", - "context": { - "trace_id": "0xab96c7926910a8880585c50b272a5395", - "span_id": "0x6ec03a39611b2d36", - "trace_state": "[]" - }, - "kind": "SpanKind.INTERNAL", - "parent_id": "0x110549fce80548cb", - "start_time": "2022-03-23T12:36:52.046478Z", - "end_time": "2022-03-23T12:36:54.774526Z", - "status": { - "status_code": "OK" - }, - "attributes": { - "tests.name": "test_bad_bookmark_restart", - "tests.status": "passed" - }, - "events": [], - "links": [], - "resource": { - "telemetry.sdk.language": "python", - "telemetry.sdk.name": "opentelemetry", - "telemetry.sdk.version": "1.5.0", - "service.name": "Pytest_Otel_reporter" - } -},{ - "name": "Running test_cleared_channel_restarts", - "context": { - "trace_id": "0xab96c7926910a8880585c50b272a5395", - "span_id": "0x3f64091ed2c542ec", - "trace_state": "[]" - }, - "kind": "SpanKind.INTERNAL", - "parent_id": "0x110549fce80548cb", - "start_time": "2022-03-23T12:36:54.790339Z", - "end_time": "2022-03-23T12:36:57.467809Z", - "status": { - "status_code": "OK" - }, - "attributes": { - "tests.name": "test_cleared_channel_restarts", - "tests.status": "passed" - }, - "events": [], - "links": [], - "resource": { - "telemetry.sdk.language": "python", - "telemetry.sdk.name": "opentelemetry", - "telemetry.sdk.version": "1.5.0", - "service.name": "Pytest_Otel_reporter" - } -},{ - "name": "Running test_fields_not_under_root", - "context": { - "trace_id": "0xab96c7926910a8880585c50b272a5395", - "span_id": "0x1b7f94f0ab8b80a2", - "trace_state": "[]" - }, - "kind": "SpanKind.INTERNAL", - "parent_id": "0x110549fce80548cb", - "start_time": "2022-03-23T12:36:57.467809Z", - "end_time": "2022-03-23T12:36:58.857444Z", - "status": { - "status_code": "OK" - }, - "attributes": { - "tests.name": "test_fields_not_under_root", - "tests.status": "passed" - }, - "events": [], - "links": [], - "resource": { - "telemetry.sdk.language": "python", - "telemetry.sdk.name": "opentelemetry", - "telemetry.sdk.version": "1.5.0", - "service.name": "Pytest_Otel_reporter" - } -},{ - "name": "Running test_fields_under_root", - "context": { - "trace_id": "0xab96c7926910a8880585c50b272a5395", - "span_id": "0x8f342c40096c1504", - "trace_state": "[]" - }, - "kind": "SpanKind.INTERNAL", - "parent_id": "0x110549fce80548cb", - "start_time": "2022-03-23T12:36:58.857444Z", - "end_time": "2022-03-23T12:37:00.324289Z", - "status": { - "status_code": "OK" - }, - "attributes": { - "tests.name": "test_fields_under_root", - "tests.status": "passed" - }, - "events": [], - "links": [], - "resource": { - "telemetry.sdk.language": "python", - "telemetry.sdk.name": "opentelemetry", - "telemetry.sdk.version": "1.5.0", - "service.name": "Pytest_Otel_reporter" - } -},{ - "name": "Running test_include_xml", - "context": { - "trace_id": "0xab96c7926910a8880585c50b272a5395", - "span_id": "0x1292c4fe460f344a", - "trace_state": "[]" - }, - "kind": "SpanKind.INTERNAL", - "parent_id": "0x110549fce80548cb", - "start_time": "2022-03-23T12:37:00.324289Z", - "end_time": "2022-03-23T12:37:01.760355Z", - "status": { - "status_code": "OK" - }, - "attributes": { - "tests.name": "test_include_xml", - "tests.status": "passed" - }, - "events": [], - "links": [], - "resource": { - "telemetry.sdk.language": "python", - "telemetry.sdk.name": "opentelemetry", - "telemetry.sdk.version": "1.5.0", - "service.name": "Pytest_Otel_reporter" - } -},{ - "name": "Running test_multiline_events", - "context": { - "trace_id": "0xab96c7926910a8880585c50b272a5395", - "span_id": "0xbec736fb2bc3f2cc", - "trace_state": "[]" - }, - "kind": "SpanKind.INTERNAL", - "parent_id": "0x110549fce80548cb", - "start_time": "2022-03-23T12:37:01.775998Z", - "end_time": "2022-03-23T12:37:03.195942Z", - "status": { - "status_code": "OK" - }, - "attributes": { - "tests.name": "test_multiline_events", - "tests.status": "passed" - }, - "events": [], - "links": [], - "resource": { - "telemetry.sdk.language": "python", - "telemetry.sdk.name": "opentelemetry", - "telemetry.sdk.version": "1.5.0", - "service.name": "Pytest_Otel_reporter" - } -},{ - "name": "Running test_processors", - "context": { - "trace_id": "0xab96c7926910a8880585c50b272a5395", - "span_id": "0xa670db76a3f8cf5f", - "trace_state": "[]" - }, - "kind": "SpanKind.INTERNAL", - "parent_id": "0x110549fce80548cb", - "start_time": "2022-03-23T12:37:03.195942Z", - "end_time": "2022-03-23T12:37:04.754737Z", - "status": { - "status_code": "OK" - }, - "attributes": { - "tests.name": "test_processors", - "tests.status": "passed" - }, - "events": [], - "links": [], - "resource": { - "telemetry.sdk.language": "python", - "telemetry.sdk.name": "opentelemetry", - "telemetry.sdk.version": "1.5.0", - "service.name": "Pytest_Otel_reporter" - } -},{ - "name": "Running test_query_event_id", - "context": { - "trace_id": "0xab96c7926910a8880585c50b272a5395", - "span_id": "0xa287e6014648f90f", - "trace_state": "[]" - }, - "kind": "SpanKind.INTERNAL", - "parent_id": "0x110549fce80548cb", - "start_time": "2022-03-23T12:37:04.754737Z", - "end_time": "2022-03-23T12:37:06.202740Z", - "status": { - "status_code": "OK" - }, - "attributes": { - "tests.name": "test_query_event_id", - "tests.status": "passed" - }, - "events": [], - "links": [], - "resource": { - "telemetry.sdk.language": "python", - "telemetry.sdk.name": "opentelemetry", - "telemetry.sdk.version": "1.5.0", - "service.name": "Pytest_Otel_reporter" - } -},{ - "name": "Running test_query_ignore_older", - "context": { - "trace_id": "0xab96c7926910a8880585c50b272a5395", - "span_id": "0x83363b163520c9b0", - "trace_state": "[]" - }, - "kind": "SpanKind.INTERNAL", - "parent_id": "0x110549fce80548cb", - "start_time": "2022-03-23T12:37:06.218595Z", - "end_time": "2022-03-23T12:37:09.742570Z", - "status": { - "status_code": "OK" - }, - "attributes": { - "tests.name": "test_query_ignore_older", - "tests.status": "passed" - }, - "events": [], - "links": [], - "resource": { - "telemetry.sdk.language": "python", - "telemetry.sdk.name": "opentelemetry", - "telemetry.sdk.version": "1.5.0", - "service.name": "Pytest_Otel_reporter" - } -},{ - "name": "Running test_query_level_multiple", - "context": { - "trace_id": "0xab96c7926910a8880585c50b272a5395", - "span_id": "0x0f2b3f76be206eae", - "trace_state": "[]" - }, - "kind": "SpanKind.INTERNAL", - "parent_id": "0x110549fce80548cb", - "start_time": "2022-03-23T12:37:09.742570Z", - "end_time": "2022-03-23T12:37:11.363439Z", - "status": { - "status_code": "OK" - }, - "attributes": { - "tests.name": "test_query_level_multiple", - "tests.status": "passed" - }, - "events": [], - "links": [], - "resource": { - "telemetry.sdk.language": "python", - "telemetry.sdk.name": "opentelemetry", - "telemetry.sdk.version": "1.5.0", - "service.name": "Pytest_Otel_reporter" - } -},{ - "name": "Running test_query_level_single", - "context": { - "trace_id": "0xab96c7926910a8880585c50b272a5395", - "span_id": "0x5d0dc699d3f500ac", - "trace_state": "[]" - }, - "kind": "SpanKind.INTERNAL", - "parent_id": "0x110549fce80548cb", - "start_time": "2022-03-23T12:37:11.363439Z", - "end_time": "2022-03-23T12:37:12.828319Z", - "status": { - "status_code": "OK" - }, - "attributes": { - "tests.name": "test_query_level_single", - "tests.status": "passed" - }, - "events": [], - "links": [], - "resource": { - "telemetry.sdk.language": "python", - "telemetry.sdk.name": "opentelemetry", - "telemetry.sdk.version": "1.5.0", - "service.name": "Pytest_Otel_reporter" - } -},{ - "name": "Running test_query_multi_param", - "context": { - "trace_id": "0xab96c7926910a8880585c50b272a5395", - "span_id": "0xb23f96d7697114e7", - "trace_state": "[]" - }, - "kind": "SpanKind.INTERNAL", - "parent_id": "0x110549fce80548cb", - "start_time": "2022-03-23T12:37:12.828319Z", - "end_time": "2022-03-23T12:37:14.264143Z", - "status": { - "status_code": "OK" - }, - "attributes": { - "tests.name": "test_query_multi_param", - "tests.status": "passed" - }, - "events": [], - "links": [], - "resource": { - "telemetry.sdk.language": "python", - "telemetry.sdk.name": "opentelemetry", - "telemetry.sdk.version": "1.5.0", - "service.name": "Pytest_Otel_reporter" - } -},{ - "name": "Running test_query_provider", - "context": { - "trace_id": "0xab96c7926910a8880585c50b272a5395", - "span_id": "0x1aec82a2ffb2ac90", - "trace_state": "[]" - }, - "kind": "SpanKind.INTERNAL", - "parent_id": "0x110549fce80548cb", - "start_time": "2022-03-23T12:37:14.264143Z", - "end_time": "2022-03-23T12:37:15.704906Z", - "status": { - "status_code": "OK" - }, - "attributes": { - "tests.name": "test_query_provider", - "tests.status": "passed" - }, - "events": [], - "links": [], - "resource": { - "telemetry.sdk.language": "python", - "telemetry.sdk.name": "opentelemetry", - "telemetry.sdk.version": "1.5.0", - "service.name": "Pytest_Otel_reporter" - } -},{ - "name": "Running test_read_one_event", - "context": { - "trace_id": "0xab96c7926910a8880585c50b272a5395", - "span_id": "0x69aa7f4cb5ec06b7", - "trace_state": "[]" - }, - "kind": "SpanKind.INTERNAL", - "parent_id": "0x110549fce80548cb", - "start_time": "2022-03-23T12:37:15.704906Z", - "end_time": "2022-03-23T12:37:17.279540Z", - "status": { - "status_code": "OK" - }, - "attributes": { - "tests.name": "test_read_one_event", - "tests.status": "passed" - }, - "events": [], - "links": [], - "resource": { - "telemetry.sdk.language": "python", - "telemetry.sdk.name": "opentelemetry", - "telemetry.sdk.version": "1.5.0", - "service.name": "Pytest_Otel_reporter" - } -},{ - "name": "Running test_read_unknown_event_id", - "context": { - "trace_id": "0xab96c7926910a8880585c50b272a5395", - "span_id": "0x012b50f168466d1e", - "trace_state": "[]" - }, - "kind": "SpanKind.INTERNAL", - "parent_id": "0x110549fce80548cb", - "start_time": "2022-03-23T12:37:17.279540Z", - "end_time": "2022-03-23T12:37:18.725329Z", - "status": { - "status_code": "OK" - }, - "attributes": { - "tests.name": "test_read_unknown_event_id", - "tests.status": "passed" - }, - "events": [], - "links": [], - "resource": { - "telemetry.sdk.language": "python", - "telemetry.sdk.name": "opentelemetry", - "telemetry.sdk.version": "1.5.0", - "service.name": "Pytest_Otel_reporter" - } -},{ - "name": "Running test_read_unknown_sid", - "context": { - "trace_id": "0xab96c7926910a8880585c50b272a5395", - "span_id": "0x2662986a03b06f37", - "trace_state": "[]" - }, - "kind": "SpanKind.INTERNAL", - "parent_id": "0x110549fce80548cb", - "start_time": "2022-03-23T12:37:18.725329Z", - "end_time": "2022-03-23T12:37:20.176606Z", - "status": { - "status_code": "OK" - }, - "attributes": { - "tests.name": "test_read_unknown_sid", - "tests.status": "passed" - }, - "events": [], - "links": [], - "resource": { - "telemetry.sdk.language": "python", - "telemetry.sdk.name": "opentelemetry", - "telemetry.sdk.version": "1.5.0", - "service.name": "Pytest_Otel_reporter" - } -},{ - "name": "Running test_registry_data", - "context": { - "trace_id": "0xab96c7926910a8880585c50b272a5395", - "span_id": "0x2ffbb69a185150fc", - "trace_state": "[]" - }, - "kind": "SpanKind.INTERNAL", - "parent_id": "0x110549fce80548cb", - "start_time": "2022-03-23T12:37:20.176606Z", - "end_time": "2022-03-23T12:37:21.712136Z", - "status": { - "status_code": "OK" - }, - "attributes": { - "tests.name": "test_registry_data", - "tests.status": "passed" - }, - "events": [], - "links": [], - "resource": { - "telemetry.sdk.language": "python", - "telemetry.sdk.name": "opentelemetry", - "telemetry.sdk.version": "1.5.0", - "service.name": "Pytest_Otel_reporter" - } -},{ - "name": "Running test_resume_reading_events", - "context": { - "trace_id": "0xab96c7926910a8880585c50b272a5395", - "span_id": "0xbd9f3078c0fc9938", - "trace_state": "[]" - }, - "kind": "SpanKind.INTERNAL", - "parent_id": "0x110549fce80548cb", - "start_time": "2022-03-23T12:37:21.712136Z", - "end_time": "2022-03-23T12:37:24.592393Z", - "status": { - "status_code": "OK" - }, - "attributes": { - "tests.name": "test_resume_reading_events", - "tests.status": "passed" - }, - "events": [], - "links": [], - "resource": { - "telemetry.sdk.language": "python", - "telemetry.sdk.name": "opentelemetry", - "telemetry.sdk.version": "1.5.0", - "service.name": "Pytest_Otel_reporter" - } -},{ - "name": "Running test_utf16_characters", - "context": { - "trace_id": "0xab96c7926910a8880585c50b272a5395", - "span_id": "0xc0b28fd79a9a52d6", - "trace_state": "[]" - }, - "kind": "SpanKind.INTERNAL", - "parent_id": "0x110549fce80548cb", - "start_time": "2022-03-23T12:37:24.592393Z", - "end_time": "2022-03-23T12:37:26.051373Z", - "status": { - "status_code": "OK" - }, - "attributes": { - "tests.name": "test_utf16_characters", - "tests.status": "passed" - }, - "events": [], - "links": [], - "resource": { - "telemetry.sdk.language": "python", - "telemetry.sdk.name": "opentelemetry", - "telemetry.sdk.version": "1.5.0", - "service.name": "Pytest_Otel_reporter" - } -},{ - "name": "Test Suite", - "context": { - "trace_id": "0xab96c7926910a8880585c50b272a5395", - "span_id": "0x110549fce80548cb", - "trace_state": "[]" - }, - "kind": "SpanKind.SERVER", - "parent_id": null, - "start_time": "2022-03-23T12:36:48.744519Z", - "end_time": "2022-03-23T12:37:26.067179Z", - "status": { - "status_code": "OK" - }, - "attributes": { - "tests.status": "passed" - }, - "events": [], - "links": [], - "resource": { - "telemetry.sdk.language": "python", - "telemetry.sdk.name": "opentelemetry", - "telemetry.sdk.version": "1.5.0", - "service.name": "Pytest_Otel_reporter" - } -} -] From e09c7e76965f438f34cbe7f0ccad74ee0fae9826 Mon Sep 17 00:00:00 2001 From: Marc Guasch Date: Tue, 29 Mar 2022 09:22:47 +0200 Subject: [PATCH 16/16] Fix usage of fmt.Errorf --- winlogbeat/eventlog/wineventlog.go | 12 ++++++------ winlogbeat/eventlog/wineventlog_experimental.go | 12 ++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/winlogbeat/eventlog/wineventlog.go b/winlogbeat/eventlog/wineventlog.go index 2288ce744890..2866f4cfbe0a 100644 --- a/winlogbeat/eventlog/wineventlog.go +++ b/winlogbeat/eventlog/wineventlog.go @@ -253,16 +253,16 @@ func (l *winEventLog) openFile(state checkpoint.EventLogState, bookmark win.EvtH if err = win.EvtSeek(h, 0, bookmark, win.EvtSeekRelativeToBookmark|win.EvtSeekStrict); err == nil { // Then we advance past the last read event to avoid sending that // event again. This won't fail if we're at the end of the file. - err = fmt.Errorf( - "failed to seek past bookmarked position: %w", - win.EvtSeek(h, 1, bookmark, win.EvtSeekRelativeToBookmark)) + if seekErr := win.EvtSeek(h, 1, bookmark, win.EvtSeekRelativeToBookmark); seekErr != nil { + err = fmt.Errorf("failed to seek past bookmarked position: %w", seekErr) + } } else { logp.Warn("%s Failed to seek to bookmarked location in %v (error: %v). "+ "Recovering by reading the log from the beginning. (Did the file "+ "change since it was last read?)", l.logPrefix, path, err) - err = fmt.Errorf( - "failed to seek to beginning of log: %w", - win.EvtSeek(h, 0, 0, win.EvtSeekRelativeToFirst)) + if seekErr := win.EvtSeek(h, 0, 0, win.EvtSeekRelativeToFirst); seekErr != nil { + err = fmt.Errorf("failed to seek to beginning of log: %w", seekErr) + } } if err != nil { diff --git a/winlogbeat/eventlog/wineventlog_experimental.go b/winlogbeat/eventlog/wineventlog_experimental.go index b83562dbe286..9ac4b82a5c68 100644 --- a/winlogbeat/eventlog/wineventlog_experimental.go +++ b/winlogbeat/eventlog/wineventlog_experimental.go @@ -150,16 +150,16 @@ func (l *winEventLogExp) openFile(state checkpoint.EventLogState, bookmark win.B if err = win.EvtSeek(h, 0, win.EvtHandle(bookmark), win.EvtSeekRelativeToBookmark|win.EvtSeekStrict); err == nil { // Then we advance past the last read event to avoid sending that // event again. This won't fail if we're at the end of the file. - err = fmt.Errorf( - "failed to seek past bookmarked position: %w", - win.EvtSeek(h, 1, win.EvtHandle(bookmark), win.EvtSeekRelativeToBookmark)) + if seekErr := win.EvtSeek(h, 1, win.EvtHandle(bookmark), win.EvtSeekRelativeToBookmark); seekErr != nil { + err = fmt.Errorf("failed to seek past bookmarked position: %w", seekErr) + } } else { l.log.Warnf("s Failed to seek to bookmarked location in %v (error: %v). "+ "Recovering by reading the log from the beginning. (Did the file "+ "change since it was last read?)", path, err) - err = fmt.Errorf( - "failed to seek to beginning of log: %w", - win.EvtSeek(h, 0, 0, win.EvtSeekRelativeToFirst)) + if seekErr := win.EvtSeek(h, 0, 0, win.EvtSeekRelativeToFirst); seekErr != nil { + err = fmt.Errorf("failed to seek to beginning of log: %w", seekErr) + } } if err != nil {