Mongodb_parser.go:42: ERR Unknown operation code:

Elastic Stack Beats
1

Getting below error when started packetbeat for MongoDB--
" mongodb_parser.go:42: ERR Unknown operation code:"

Platform Details--

  • Packetbeat- 5.3
  • OS- LINUX 6.6 64bits
  • MongoDB- 3.2
  • Output- Elasticsearch 5.2.2

Note: Mongodb & Packetbeat both are running on the same server(LINUX 6.6 64bits).

Sample packetbeat.yml

packetbeat.protocols.mongodb:

Configure the ports where to listen for MongoDB traffic. You can disable

the MongoDB protocol by commenting out the list of ports.

ports: [27017]
send_request: true # index the request payload
send_response: true # index the response payload
max_docs: 10 # maximum number of documents to index per request/response
max_doc_length: 1024 # maximum document size to index
output.elasticsearch:

Array of hosts to connect to.

hosts: ["xxx.xx.xx.xxx:9200"]

Could you please guide me where I am making mistake? Any help/guidelines are highly appreciated.

Regards
Pravin Dwiwedi

2

possible reasons for the error:

  • op-code not implemented in packetbeat
  • mongodb protocol changes (no idea)
  • packetbeat TCP stream not in sync with actual TCP stream yet
  • packet loss -> packetbeat TCP stream not in sync

You have some more complete logs? Have you got a sample pcap (you can ask packetbeat to write packets to file or use tcpdump).

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.