Message "failed to load host information: 1 error: no /etc/<distrib>-release file found"

michaelberg · September 22, 2019, 2:45am

Good evening!

I am getting "failed to load host information: 1 error: no /etc/-release file found" popping up all over my Auditbeat output and it's making it's way into Kibana/Elasticsearch as well ..

Running Fedora 30 server ...

I took a look /etc and see the Sym link "fedora-release" and it's points as follows:

Is Auditbeat having issues reading it possibly??? Would appreciate some feedback to see if someone has seen this before ...

Thanks kindly!

Michael_Madden · September 23, 2019, 4:04pm

Hello, thanks for reaching out about the auditbeat issue on Fedora 30.

I'm hitting the same issue with a simple Go program that uses some of the same libraries at auditbeat.

github.com

elastic/beats/blob/master/x-pack/auditbeat/module/system/host/host.go#L298-L317


func getHost() (*Host, error) {
	sysinfoHost, err := sysinfo.Host()
	if err != nil {
		return nil, errors.Wrap(err, "failed to load host information")
	}


	ips, macs, err := getNetInfo()
	if err != nil {
		return nil, err
	}


	host := &Host{
		Info:   sysinfoHost.Info(),
		Uptime: sysinfoHost.Info().Uptime(),
		Ips:    ips,
		Macs:   macs,
	}


	return host, nil
}

panic: 1 error: no /etc/<distrib>-release file found

I will continue to investigate this and will likely file an issue with one of our following projects:

andrewkroh · September 23, 2019, 4:20pm

There's an issue for this at https://github.com/elastic/go-sysinfo/issues/57. A code update is needed to go-sysinfo to make the check less restrictive an allow reading symlinks.

michaelberg · September 23, 2019, 5:22pm

Andrew ...

Please forgive my ignorance in asking .... but is this a code update that I can do on my end or this a bug that we need to wait for Elasticsearch to fix and release in a future version?

andrewkroh · September 23, 2019, 7:48pm

It's a change that needs to be made in https://github.com/elastic/go-sysinfo and then a new release of Auditbeat can be made by Elastic that will include the fix. But you are welcome to submit a pull request with a fix if you are familiar with git and Go .

michaelberg · September 23, 2019, 10:15pm

Andrew ...

Thanks kindly .... I would love to do that but, sadly, I am not familiar enough with Git and Go to attempt such a change!

In the meantime I will just wait for a change and not worry about those error messages ... I'll see if there's a way I can filter them out so they don't all end up in Elasticsearch which is what is happening now!

Have a great week ...

system · October 14, 2019, 10:15pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.