Winlogbeat - Crash 7.17.8

I've been having issues with Winlogbeat for a while now, but I figured I'd finally get someone to look at it. The last working version of Winlogbeat I've used that hasn't shown this issue is 7.17.3, but I wasn't able to identify anything in the code that has changed that might be the cause.

I don't know how in read the crash dump, but here is the header:

Exception 0xc0000005 0x1 0x0 0x7ff9e275e254
PC=0x7ff9e275e254

runtime.cgocall(0x73c240, 0xc00456eac0)
	/usr/local/go/src/runtime/cgocall.go:157 +0x4a fp=0xc003de6dd0 sp=0xc003de6d98 pc=0x6d458a
syscall.SyscallN(0x23?, {0xc003de6e68?, 0x0?, 0xc00dfd3f50?})
	/usr/local/go/src/runtime/syscall_windows.go:556 +0x109 fp=0xc003de6e48 sp=0xc003de6dd0 pc=0x737289
syscall.Syscall9(0xc00dfd3f50?, 0x1?, 0x1?, 0xc003de6f10?, 0x103058f?, 0x721ee9?, 0x2763240?, 0xc00e293538?, 0xc003de6f28?, 0x0, ...)
	/usr/local/go/src/runtime/syscall_windows.go:506 +0x78 fp=0xc003de6ec0 sp=0xc003de6e48 pc=0x736f98
github.com/elastic/beats/v7/winlogbeat/sys/wineventlog._EvtFormatMessage(0xc00709cab0?, 0x23?, 0x0, 0x0, 0x0?, 0x1, 0x0, 0x1?, 0x1?)
	/go/src/github.com/elastic/beats/winlogbeat/sys/wineventlog/zsyscall_windows.go:132 +0xe5 fp=0xc003de6f58 sp=0xc003de6ec0 pc=0x1044ca5
github.com/elastic/beats/v7/winlogbeat/sys/wineventlog.evtFormatMessage(0xc00709cab0?, 0x23?, 0x0?, {0x0?, 0x0, 0x1?}, 0x1?)
	/go/src/github.com/elastic/beats/winlogbeat/sys/wineventlog/format_message.go:82 +0x9e fp=0xc003de7028 sp=0xc003de6f58 pc=0x103587e
github.com/elastic/beats/v7/winlogbeat/sys/wineventlog.getMessageString(0xc00709cab0?, 0x51e2?, 0x51e2?, {0x0?, 0x736e9b?, 0x100f9de34a970?})
	/go/src/github.com/elastic/beats/winlogbeat/sys/wineventlog/format_message.go:58 +0x45 fp=0xc003de7070 sp=0xc003de7028 pc=0x1035725
github.com/elastic/beats/v7/winlogbeat/sys/wineventlog.getMessageStringFromHandle(...)
	/go/src/github.com/elastic/beats/winlogbeat/sys/wineventlog/format_message.go:34
github.com/elastic/beats/v7/winlogbeat/sys/wineventlog.Message(0x51e2?, {0xc0090de000?, 0x2f2aa60?, 0xc0026224e0?}, 0xc003de7168)
	/go/src/github.com/elastic/beats/winlogbeat/sys/wineventlog/wineventlog_windows.go:274 +0x12e fp=0xc003de7140 sp=0xc003de7070 pc=0x10433ee
github.com/elastic/beats/v7/winlogbeat/eventlog.newWinEventLog.func5(0xc000e19520?)
	/go/src/github.com/elastic/beats/winlogbeat/eventlog/wineventlog.go:568 +0x55 fp=0xc003de7188 sp=0xc003de7140 pc=0x1cff035
github.com/elastic/beats/v7/winlogbeat/eventlog.(*winEventLog).Read(0xc000e19520)
	/go/src/github.com/elastic/beats/winlogbeat/eventlog/wineventlog.go:333 +0x792 fp=0xc003de77e8 sp=0xc003de7188 pc=0x1cfcf92
github.com/elastic/beats/v7/winlogbeat/beater.(*eventLogger).run(0xc002a2ea20, 0xc000109b00, {0x2f36898?, 0xc000809e00}, {{0xc00020a5e8, 0x13}, 0x2ed07, {0x3245aac4, 0xedb640b2c, 0x0}, ...}, ...)
	/go/src/github.com/elastic/beats/winlogbeat/beater/eventlogger.go:153 +0x9f2 fp=0xc003de7ed8 sp=0xc003de77e8 pc=0x1d038f2
github.com/elastic/beats/v7/winlogbeat/beater.(*Winlogbeat).processEventLog(0x75502e7476652029?, 0x2e72657375222874?, 0x642e746567726174?, {{0xc00020a5e8, 0x13}, 0x2ed07, {0x3245aac4, 0xedb640b2c, 0x0}, {0xc001d7d980, ...}}, ...)
	/go/src/github.com/elastic/beats/winlogbeat/beater/winlogbeat.go:172 +0xb3 fp=0xc003de7f70 sp=0xc003de7ed8 pc=0x1d059f3
github.com/elastic/beats/v7/winlogbeat/beater.(*Winlogbeat).Run.func1()
	/go/src/github.com/elastic/beats/winlogbeat/beater/winlogbeat.go:140 +0x55 fp=0xc003de7fe0 sp=0xc003de7f70 pc=0x1d05855
runtime.goexit()
	/usr/local/go/src/runtime/asm_amd64.s:1571 +0x1 fp=0xc003de7fe8 sp=0xc003de7fe0 pc=0x73a981
created by github.com/elastic/beats/v7/winlogbeat/beater.(*Winlogbeat).Run
	/go/src/github.com/elastic/beats/winlogbeat/beater/winlogbeat.go:140 +0x191

For now I'm going to continue to revert to 7.17.3, but would really like this solved.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.