Observability Engineer Lab 4.2 - Unreadable Events

settings up the nginx input for lab 4.2 results in a large number of unreadable events like

[20/Jul/2021:11:50:04 +0000] "\xB5\x96Wix\xC3l\xD0Aj\x17WV<\x08\x9B\x10\xAEi\x099I\x14o \x90\xD2\xBE\xDA\xEDcC\xA4\x9Bt\xD6\x890m]q\xA3!\xFAE\xD5\x9D\xF4\xEE\xB7\xCA;6b\xD9\xFDE\xB5\x90\xF5f\x8D\xE7\x92\xC1\x8E\x05\xB3dF&\xA2\xAE;\xC4h<Vs\xE9\x93\xCE\xDB\xB5T" 400

Is this something that can be fixed? Or do I just have to ignore it?

Hi Tony!

So, this actually might be some kind of hack attempt. The Nginx server is open to the world (it handles forwarding requests to your Kibana instance and the lab instructions), so it's going to get a lot of hits that look like an attempt to find an unsecured PHP server, or similar. We get a lot of that in all our classes. Just one of the joys of the internet. It's not really anything to worry about, the sensitive stuff is protected. Let us know if you find anything interesting in the logs!


1 Like