We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
正常安装好agent后,此时执行python s5.py在web端看到告警(功能正常),重启后,再次执行命令发现没有告警(功能异常),手动执行agent ip debug,发现出现如下错误: connect syshook netlink error 此时查看65530端口是open的,通过对比安装完agent和重启后的端口情况发现:重启后agent少开放了一个随机端口 刚安装完agent的端口情况(功能正常): udp 0 0 127.0.0.1:65530 0.0.0.0:* 1780/agent udp 0 0 0.0.0.0:59142 0.0.0.0:* 1780/agent 重启后(功能异常): udp 0 0 127.0.0.1:65530 0.0.0.0:* 1186/agent
此现象在centos7和6.x都存在
The text was updated successfully, but these errors were encountered:
自己调试后感觉应该是process_linux.go这个文件里的sock_fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_USER);出错,出错信息Protocol not supported。很奇怪为什么不重启的时候好好的,重启后就不行了。 版本: Linux localhost 3.10.0-693.el7.x86_64 #1 SMP Tue Aug 22 21:09:27 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux Linux localhost.localdomain 2.6.32-573.el6.x86_64 #1 SMP Thu Jul 23 15:44:03 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
Sorry, something went wrong.
后来调试后发现,yulong在重启后没有重新加载syshook_execve.ko这个驱动,导致无法监控进程 修改agent.go代码,添加insmod %s/syshook_execve.ko等代码解决
No branches or pull requests
正常安装好agent后,此时执行python s5.py在web端看到告警(功能正常),重启后,再次执行命令发现没有告警(功能异常),手动执行agent ip debug,发现出现如下错误:
connect syshook netlink error
此时查看65530端口是open的,通过对比安装完agent和重启后的端口情况发现:重启后agent少开放了一个随机端口
刚安装完agent的端口情况(功能正常):
udp 0 0 127.0.0.1:65530 0.0.0.0:* 1780/agent
udp 0 0 0.0.0.0:59142 0.0.0.0:* 1780/agent
重启后(功能异常):
udp 0 0 127.0.0.1:65530 0.0.0.0:* 1186/agent
此现象在centos7和6.x都存在
The text was updated successfully, but these errors were encountered: