After the "af_packet" mode is enabled in the configuration file, Packetbeat will report an error and prompt "exiting: sniffer loop failed: sniffing error: packet poll timeout expired"
On the same machine, Packetbeat7.17 has no problem running the same configuration file
packetbeat export config output:
output:
console:
enabled: true
pretty: true
packetbeat:
flows:
period: 10s
timeout: 30s
interfaces:
device: any
internal_networks:
- private
type: af_packet
protocols:
- enabled: false
type: icmp
- ports:
- 80
- 8082
- 8000
- 5000
- 8002
type: http
path:
config: /packetbeat8
data: /packetbeat8/data
home: /packetbeat8
logs: /packetbeat8/logs
processors:
- else:
- add_host_metadata: null
if:
contains:
tags: forwarded
then:
- drop_fields:
fields:
- host
- add_cloud_metadata: null
- add_docker_metadata: null
- detect_mime_type:
field: http.request.body.content
target: http.request.mime_type
- detect_mime_type:
field: http.response.body.content
target: http.response.mime_type
Error reporting in log
{"log.level":"error","@timestamp":"2022-02-28T09:40:29.752+0800","log.origin":{"file.name":"instance/beat.go","file.line":1025},"message":"Exiting: sniffer loop failed: Sniffing error: packet poll timeout expired","service.name":"packetbeat","ecs.version":"1.6.0"}
In most cases, it will report an error and exit soon. Occasionally, it will exit after running for a period of time. Today, it has been running for more than 2 minutes。
{"log.level":"info","@timestamp":"2022-03-02T15:07:30.143+0800","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":193},"message":"Uptime: 2m0.402134077s","service.name":"packetbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-02T15:07:30.143+0800","log.logger":"monitoring","log.origin":{"file.name":"log/log.go","file.line":160},"message":"Stopping metrics logging.","service.name":"packetbeat","ecs.version":"1.6.0"}
{"log.level":"info","@timestamp":"2022-03-02T15:07:30.143+0800","log.origin":{"file.name":"instance/beat.go","file.line":504},"message":"packetbeat stopped.","service.name":"packetbeat","ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-03-02T15:07:30.143+0800","log.origin":{"file.name":"instance/beat.go","file.line":1025},"message":"Exiting: sniffer loop failed: Sniffing error: packet poll timeout expired","service.name":"packetbeat","ecs.version":"1.6.0"}
Exiting: sniffer loop failed: Sniffing error: packet poll timeout expired
Recent tests have found strange things,
./packetbeat -c packetbeat-console.yml -d "sniffer"
Starting with this parameter will get the same phenomenon as before. After a while, it will return an error and exit,
./packetbeat -c packetbeat-console.yml -d "sniffer" -e
If - e is added to the parameter, the operation will be OK. I've been running for at least 10 minutes
Should this be a bug? Can no one reproduce?
Hey @chinaxushi ! I'm working with a customer observing this same issue so I'm pretty sure this is a bug with the 8.x versions. I'll see what I can do to get some eyes on this for you. Cheers!
Hello,
I have the same problem after upgrading to 8.1.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.