With the update to 7.4 some of my auditbeats now longer start. (for me the ones running on digitalocean).
The error is:
ERROR instance/beat.go:878 Exiting: 1 error: 1 error: system/socket dataset setup failed: unable to guess one or more required parameters: guess_sockaddr_in6 failed: timeout while waiting for trigger to complete
When I disable ipv6 (socket.enable_ipv6: false) it starts again.
I guess this is probably a bug with the new Linux KProbes implementation in 7.4.
Anyone else seeing this?
What's the operating system and version?
I have a similar issue on Ubuntu 18.04 LTS:
Exiting: 1 error: 1 error: system/socket dataset setup failed: error detecting IPv6 support: ipv6 socket failed: address family not supported by protocol
Same issue, just upgrade to 7.4 and seems to be happening to the hosts where I do have ipv6 enabled in the OS.
Ubuntu 18.04 LTS
adding socket.enable_ipv6: false to auditbeat.yml does seem to fix it.
Same issue here on latest CentOS 7. We have a dual-stack (IPv4 and IPv6) environment.
CentOS Linux release 7.7.1908 (Core)
Linux HOSTNAME-OMITTED 3.10.0-1062.1.1.el7.x86_64 #1 SMP Fri Sep 13 22:55:44 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
rpm -qa | grep auditbeat
Workaround currently is to disable socket.enable_ipv6 option in the auditbeat config:
- module: system
I've attempted to reproduce the problem without any luck. Tried:
Ubuntu 18.04 running in DigitalOcean (4.15.0-58-generic)
CentOS 7.7 (3.10.0-1062.1.1.el7.x86_64)
Also created the following issue to track the problem:
Please include configurations and logs if available.
For confirmed bugs, please report:
Operating System: Ubuntu 18.04 LTS / CentOS 7.7
Discuss Forum URL:...
Can you please help me figure out this issue so I can fix it?
@stephan13360 @danielsnelling @jaysee @elastic22
If possible provide the following information, here, or via private message or in the GitHub issue:
Debug log of auditbeat with default ipv6 configuration.
auditbeat run -e -d '*'
ip -6 a
ip -6 a add fd12:3456::1111 dev lo
sysctl -a | grep ipv6
@adrisr I've added info to the GitHub issue.
Points to note for my particular problem are:
Azure Ubuntu image
Kernel version 5
CIS hardened OS
the same issue with Oracle Linux 7
@mirketto82 Can you test with the packages shared in the github issue above?
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.