Comments (9)
Percivalll
commented on August 23, 2024
麻烦提供一下问题现场Agent本身的log
from elkeid.
shen771
commented on August 23, 2024
root@sec-tes (14:37:50) ~ # cat /etc/elkeid/log/elkeid-agent.log
2021-05-11T11:35:56.700+0800 INFO agent/main.go:67 Elkeid Agent:v1.6.0.0
2021-05-11T11:35:56.700+0800 INFO agent/main.go:68 AgentID:3793d5e9-f3f0-40ea-96e9-113cceef0113
2021-05-11T11:35:56.700+0800 INFO agent/main.go:69 PrivateIPv4:[10.100.140.108]
2021-05-11T11:35:56.700+0800 INFO agent/main.go:70 PublicIPv4:[]
2021-05-11T11:35:56.700+0800 INFO agent/main.go:71 PrivateIPv6:[]
2021-05-11T11:35:56.700+0800 INFO agent/main.go:72 PublicIPv6:[]
2021-05-11T11:35:56.700+0800 INFO agent/main.go:73 Hostname:sec-tes
2021-05-11T11:35:56.701+0800 INFO report/report.go:119 map[cpu:0.00000 data_type:1000 io:8192 kernel_version:3.10.0-514.el7.x86_64 memory:9646080 net_type: platform:centos platform_version:7.3.1611 plugins:[] slab:159348 timestamp:1620704156]
2021-05-11T11:35:56.818+0800 INFO transport/client.go:69
2021-05-11T11:36:26.701+0800 INFO report/report.go:119 map[cpu:0.00134 data_type:1000 io:0 kernel_version:3.10.0-514.el7.x86_64 memory:13553664 net_type:sd platform:centos platform_version:7.3.1611 plugins:[] slab:159388 timestamp:1620704186]
2021-05-11T11:36:56.701+0800 INFO report/report.go:119 map[cpu:0.00134 data_type:1000 io:0 kernel_version:3.10.0-514.el7.x86_64 memory:13553664 net_type:sd platform:centos platform_version:7.3.1611 plugins:[] slab:159388 timestamp:1620704216]
2021-05-11T11:37:26.701+0800 INFO report/report.go:119 map[cpu:0.00134 data_type:1000 io:4096 kernel_version:3.10.0-514.el7.x86_64 memory:13553664 net_type:sd platform:centos platform_version:7.3.1611 plugins:[] slab:159396 timestamp:1620704246]
2021-05-11T11:37:33.059+0800 INFO transport/client.go:69 Config:<Name:"driver" Version:"1.6.0.0" SHA256:"a9ab7a2eda69b83d830a6061a393f886a7b125ea63e7ae1df4a276105764b37d" DownloadURL:"https://lf3-elkeid.bytetos.com/obj/elkeid-download/plugin/driver/driver_1.6.0.0_amd64.plg" DownloadURL:"https://lf26-elkeid.bytetos.com/obj/elkeid-download/plugin/driver/driver_1.6.0.0_amd64.plg" > Config:<Name:"collector" Version:"1.6.0.0" SHA256:"f6e0b34de998844cbfc95ae0e47d39225c2449833657a6a6289d9722d8e2fdc8" DownloadURL:"https://lf3-elkeid.bytetos.com/obj/elkeid-download/plugin/collector/collector_1.6.0.0_amd64.plg" DownloadURL:"https://lf26-elkeid.bytetos.com/obj/elkeid-download/plugin/collector/collector_1.6.0.0_amd64.plg" >
2021-05-11T11:37:40.103+0800 INFO plugin/plugin.go:162 Plugin work directory: /etc/elkeid/plugin/driver/
2021-05-11T11:37:40.103+0800 INFO plugin/server.go:126 Received a registration:{Pid:8868 Name:driver Version:1.6.0.0}
from elkeid.
shen771
commented on August 23, 2024
补充下:应该是模块装载有报错 do_init_module register_kprobe failed, returned -2,导致下发插件有问题。dmesg里面没仔细看,sorry
[30570513.934363] [ELKEID] ANTI_ROOTKIT_CHECK: 1
[30570633.175658] [ELKEID] uninstall_kprobe success
[30570633.175691] hids_driver: destroy 34 print event class
[30570633.184169] hids_driver: create 34 print event class
[30570633.186683] [ELKEID] Filter Init Success
[30570633.278856] [ELKEID] do_init_module register_kprobe failed, returned -2
[30570633.287359] [ELKEID] SANDBOX: 0
[30570633.287365] [ELKEID] register_kprobe success: connect_hook: 1,load_module_hook: 1,execve_hook: 1,call_usermodehekoer_hook: 0,bind_hook: 1,create_file_hook: 1,ptrace_hook: 1, update_cred_hook: 1, dns_hook: 0, accept_hook:0, mprotect_hook: 0,link_hook: 1, memfd_create: 1, rename_hook: 1,setsid_hook:1, prctl_hook:1, open_hook:0, nanosleep_hook:0, kill_hook: 0, rm_hook: 0, EXIT_HOOK: 0, EXIT_PROTECT: 0
[30570633.306631] [ELKEID] ANTI_ROOTKIT_CHECK: 1
[30570634.806349] [ELKEID] uninstall_kprobe success
[30570634.806386] hids_driver: destroy 34 print event class
[30587381.176697] hids_driver: create 34 print event class
[30587381.179201] [ELKEID] Filter Init Success
[30587381.278142] [ELKEID] do_init_module register_kprobe failed, returned -2
[30587381.287105] [ELKEID] SANDBOX: 0
[30587381.287110] [ELKEID] register_kprobe success: connect_hook: 1,load_module_hook: 1,execve_hook: 1,call_usermodehekoer_hook: 0,bind_hook: 1,create_file_hook: 1,ptrace_hook: 1, update_cred_hook: 1, dns_hook: 0, accept_hook:0, mprotect_hook: 0,link_hook: 1, memfd_create: 1, rename_hook: 1,setsid_hook:1, prctl_hook:1, open_hook:0, nanosleep_hook:0, kill_hook: 0, rm_hook: 0, EXIT_HOOK: 0, EXIT_PROTECT: 0
[30587381.306428] [ELKEID] ANTI_ROOTKIT_CHECK: 1
root@sec-tes (16:16:50) driver # dmesg
from elkeid.
Percivalll
commented on August 23, 2024
那个Agent的Panic符合预期吗?
from elkeid.
shen771
commented on August 23, 2024
第一次未下发插件前的启动是可以启的,就是panice已有报错,当时&后台启动的没注意,强行下发插件就进程结束了,和另外一个issue不同的是dmesg没有提示module verification failed: signature and/or required key missing - tainting kernel,只有do_init_module register_kprobe failed, returned -2一行
root@sec-tes (17:23:11) elkeid # ./elkeid-agent
^Cpanic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x18 pc=0x947dbc]
goroutine 45 [running]:
github.com/philhofer/fwd.(*Reader).more(0xc000081900)
/root/go/pkg/mod/github.com/philhofer/[email protected]/reader.go:121 +0x9c
github.com/philhofer/fwd.(*Reader).Peek(0xc000081900, 0x1, 0x7f161dc615b8, 0xc000382648, 0x40f65b, 0xc0001999b0, 0x30)
/root/go/pkg/mod/github.com/philhofer/[email protected]/reader.go:179 +0x119
github.com/tinylib/msgp/msgp.(*Reader).ReadMapHeader(0xc0000bf540, 0x7f161dc615b8, 0x30, 0xc0001999b0)
/root/go/pkg/mod/github.com/tinylib/[email protected]/msgp/read.go:352 +0x3b
github.com/bytedance/Elkeid/agent/plugin.(*RegistRequest).DecodeMsg(0xc0001999b0, 0xc0000bf540, 0xc0000bf540, 0x0)
/tmp/Elkeid/agent/plugin/spec_gen.go:167 +0x32
github.com/bytedance/Elkeid/agent/plugin.Run.func2(0x0, 0x0, 0xc00005a080)
/tmp/Elkeid/agent/plugin/server.go:120 +0xae
created by github.com/bytedance/Elkeid/agent/plugin.Run
/tmp/Elkeid/agent/plugin/server.go:117 +0xa8
root@sec-tes (17:23:38) elkeid # ./elkeid-agent &
[1] 13090
root@sec-tes (17:23:43) elkeid # ps -ef | grep
Usage: grep [OPTION]... PATTERN [FILE]...
Try 'grep --help' for more information.
root@sec-tes (17:23:47) elkeid # ps -ef | grep elkeid
root 13090 12910 0 17:23 pts/0 00:00:00 ./elkeid-agent
root 13101 12910 0 17:23 pts/0 00:00:00 grep --color=auto elkeid
root@sec-tes (17:26:30) driver # dmesg
省略xxxx
[30591023.746675] [ELKEID] register_kprobe success: connect_hook: 1,load_module_hook: 1,execve_hook: 1,call_usermodehekoer_hook: 0,bind_hook: 1,create_file_hook: 1,ptrace_hook: 1, update_cred_hook: 1, dns_hook: 0, accept_hook:0, mprotect_hook: 0,link_hook: 1, memfd_create: 1, rename_hook: 1,setsid_hook:1, prctl_hook:1, open_hook:0, nanosleep_hook:0, kill_hook: 0, rm_hook: 0, EXIT_HOOK: 0, EXIT_PROTECT: 0
[30591023.766267] [ELKEID] ANTI_ROOTKIT_CHECK: 1
[30591101.569473] [ELKEID] uninstall_kprobe success
[30591101.569517] hids_driver: destroy 34 print event class
[30591118.484686] hids_driver: create 34 print event class
[30591118.487289] [ELKEID] Filter Init Success
[30591118.585199] [ELKEID] do_init_module register_kprobe failed, returned -2
[30591118.594044] [ELKEID] SANDBOX: 0
[30591118.594049] [ELKEID] register_kprobe success: connect_hook: 1,load_module_hook: 1,execve_hook: 1,call_usermodehekoer_hook: 0,bind_hook: 1,create_file_hook: 1,ptrace_hook: 1, update_cred_hook: 1, dns_hook: 0, accept_hook:0, mprotect_hook: 0,link_hook: 1, memfd_create: 1, rename_hook: 1,setsid_hook:1, prctl_hook:1, open_hook:0, nanosleep_hook:0, kill_hook: 0, rm_hook: 0, EXIT_HOOK: 0, EXIT_PROTECT: 0
[30591118.613557] [ELKEID] ANTI_ROOTKIT_CHECK: 1
[30591123.644217] [ELKEID] uninstall_kprobe success
[30591123.644247] hids_driver: destroy 34 print event class
[30591349.603294] hids_driver: create 34 print event class
[30591349.605879] [ELKEID] Filter Init Success
[30591349.696688] [ELKEID] do_init_module register_kprobe failed, returned -2
[30591349.705258] [ELKEID] SANDBOX: 0
[30591349.705289] [ELKEID] register_kprobe success: connect_hook: 1,load_module_hook: 1,execve_hook: 1,call_usermodehekoer_hook: 0,bind_hook: 1,create_file_hook: 1,ptrace_hook: 1, update_cred_hook: 1, dns_hook: 0, accept_hook:0, mprotect_hook: 0,link_hook: 1, memfd_create: 1, rename_hook: 1,setsid_hook:1, prctl_hook:1, open_hook:0, nanosleep_hook:0, kill_hook: 0, rm_hook: 0, EXIT_HOOK: 0, EXIT_PROTECT: 0
[30591349.724729] [ELKEID] ANTI_ROOTKIT_CHECK: 1
[30591560.459286] [ELKEID] uninstall_kprobe success
[30591560.459321] hids_driver: destroy 34 print event class
from elkeid.
EBWi11
commented on August 23, 2024
在一些老版本的 ubuntu/centos 内核中出现,dmesg 会有如下输出:
do_init_module register_kprobe failed, returned -2.
内核模块仍然可以使用,但没有 do_init_module 数据
from elkeid.
shen771
commented on August 23, 2024
补充下这个issue,collect下发插件后,正常的agent也会在稳定运行一段时间后collect插件报错并结束进程,查看log日志应该是在2021-05-19T02:04:01.756+0800 ERROR plugin/server.go:147 EOF
虽然和collect的stderr的文件生成时间不一致,但是还是全部贴一下吧
root@sec-test (17:40:01) tmp # ps -ef | grep elkeid
root 7149 6502 0 17:41 pts/0 00:00:00 grep --color=auto elkeid
root 11606 1 0 May08 ? 00:36:42 /etc/elkeid/elkeid-agent &
root 11613 11606 0 May08 ? 00:05:58 /etc/elkeid/plugin/driver/driver
root@sec-test (17:40:01) tmp # cat elkeid-agent-2021-05-18T18-37-02.703.log
2021-05-19T02:01:32.703+0800 INFO report/report.go:119 map[cpu:0.00168 data_type:1000 io:0 kernel_version:3.10.0-514.el7.x86_64 memory:16019456 net_type:sd platform:centos platform_version:7.3.1611 plugins:[{"rss":7127040,"io":0,"cpu":0,"name":"driver","version":"1.6.0.0","pid":11613,"qps":0.3333333333333333},{"rss":27840512,"io":0,"cpu":0.0003361909564932809,"name":"collector","version":"1.6.0.0","pid":11617,"qps":0}] slab:163300 timestamp:1621360892]
2021-05-19T02:02:02.702+0800 INFO report/report.go:119 map[cpu:0.00134 data_type:1000 io:4096 kernel_version:3.10.0-514.el7.x86_64 memory:16019456 net_type:sd platform:centos platform_version:7.3.1611 plugins:[{"rss":7127040,"io":0,"cpu":0.0003361909564100267,"name":"driver","version":"1.6.0.0","pid":11613,"qps":1.4},{"rss":27807744,"io":0,"cpu":0,"name":"collector","version":"1.6.0.0","pid":11617,"qps":0}] slab:163284 timestamp:1621360922]
2021-05-19T02:02:32.703+0800 INFO report/report.go:119 map[cpu:0.00168 data_type:1000 io:0 kernel_version:3.10.0-514.el7.x86_64 memory:16019456 net_type:sd platform:centos platform_version:7.3.1611 plugins:[{"rss":7127040,"io":0,"cpu":0.00033602150535753104,"name":"driver","version":"1.6.0.0","pid":11613,"qps":0.8333333333333334},{"rss":27906048,"io":0,"cpu":0,"name":"collector","version":"1.6.0.0","pid":11617,"qps":0}] slab:163288 timestamp:1621360952]
2021-05-19T02:03:02.703+0800 INFO report/report.go:119 map[cpu:0.00168 data_type:1000 io:4096 kernel_version:3.10.0-514.el7.x86_64 memory:15777792 net_type:sd platform:centos platform_version:7.3.1611 plugins:[{"rss":7127040,"io":0,"cpu":0.00033613445378120687,"name":"driver","version":"1.6.0.0","pid":11613,"qps":1.5},{"rss":27938816,"io":0,"cpu":0,"name":"collector","version":"1.6.0.0","pid":11617,"qps":0}] slab:163284 timestamp:1621360982]
2021-05-19T02:03:32.703+0800 INFO report/report.go:119 map[cpu:0.00134 data_type:1000 io:4096 kernel_version:3.10.0-514.el7.x86_64 memory:15777792 net_type:sd platform:centos platform_version:7.3.1611 plugins:[{"rss":7127040,"io":0,"cpu":0,"name":"driver","version":"1.6.0.0","pid":11613,"qps":0.6333333333333333},{"rss":27938816,"io":0,"cpu":0.00033573946617226376,"name":"collector","version":"1.6.0.0","pid":11617,"qps":0}] slab:163288 timestamp:1621361012]
2021-05-19T02:04:01.756+0800 ERROR plugin/server.go:147 EOF
2021-05-19T02:04:02.703+0800 INFO report/report.go:119 map[cpu:0.00168 data_type:1000 io:405024768 kernel_version:3.10.0-514.el7.x86_64 memory:15638528 net_type:sd platform:centos platform_version:7.3.1611plugins:[{"rss":7118848,"io":1904640,"cpu":0.0006702412868669607,"name":"driver","version":"1.6.0.0","pid":11613,"qps":1.6666666666666667},{"rss":0,"io":0,"cpu":0,"name":"collector","version":"1.6.0.0","pid":11617,"qps":0}] slab:163356 timestamp:1621361042]
2021-05-19T02:04:32.703+0800 INFO report/report.go:119 map[cpu:0.00134 data_type:1000 io:0 kernel_version:3.10.0-514.el7.x86_64 memory:15638528 net_type:sd platform:centos platform_version:7.3.1611 plugins:[{"rss":7118848,"io":0,"cpu":0,"name":"driver","version":"1.6.0.0","pid":11613,"qps":0.8333333333333334}] slab:163348 timestamp:1621361072]
2021-05-19T02:05:02.703+0800 INFO report/report.go:119 map[cpu:0.00134 data_type:1000 io:0 kernel_version:3.10.0-514.el7.x86_64 memory:15638528 net_type:sd platform:centos platform_version:7.3.1611 plugins:[{"rss":7118848,"io":0,"cpu":0.00033495226929630445,"name":"driver","version":"1.6.0.0","pid":11613,"qps":1.5}] slab:163344 timestamp:1621361102]
2021-05-19T02:05:32.703+0800 INFO report/report.go:119 map[cpu:0.00134 data_type:1000 io:4096 kernel_version:3.10.0-514.el7.x86_64 memory:15638528 net_type:sd platform:centos platform_version:7.3.1611 plugins:[{"rss":7118848,"io":0,"cpu":0,"name":"driver","version":"1.6.0.0","pid":11613,"qps":0.3333333333333333}] slab:163356 timestamp:1621361132]
2021-05-19T02:06:02.703+0800 INFO report/report.go:119 map[cpu:0.00167 data_type:1000 io:0 kernel_version:3.10.0-514.el7.x86_64 memory:15638528 net_type:sd platform:centos platform_version:7.3.1611 plugins:[{"rss":7118848,"io":0,"cpu":0.00033467202143133923,"name":"driver","version":"1.6.0.0","pid":11613,"qps":1.5}] slab:163340 timestamp:1621361162]
2021-05-19T02:06:32.703+0800 INFO report/report.go:119 map[cpu:0.00134 data_type:1000 io:4096 kernel_version:3.10.0-514.el7.x86_64 memory:15638528 net_type:sd platform:centos platform_version:7.3.1611 plugins:[{"rss":7118848,"io":0,"cpu":0.0003350083751923519,"name":"driver","version":"1.6.0.0","pid":11613,"qps":0.8333333333333334}] slab:163340 timestamp:1621361192]
2021-05-19T02:07:02.703+0800 INFO report/report.go:119 map[cpu:0.00134 data_type:1000 io:0 kernel_version:3.10.0-514.el7.x86_64 memory:15663104 net_type:sd platform:centos platform_version:7.3.1611 plugins:[{"rss":7118848,"io":0,"cpu":0.0003348961821899035,"name":"driver","version":"1.6.0.0","pid":11613,"qps":1.4333333333333333}] slab:163364 timestamp:1621361222]
2021-05-19T02:07:32.703+0800 INFO report/report.go:119 map[cpu:0.00134 data_type:1000 io:4096 kernel_version:3.10.0-514.el7.x86_64 memory:15663104 net_type:sd platform:centos platform_version:7.3.1611 plugins:[{"rss":7118848,"io":0,"cpu":0,"name":"driver","version":"1.6.0.0","pid":11613,"qps":0.3333333333333333}] slab:163344 timestamp:1621361252]
2021-05-19T02:08:02.703+0800 INFO report/report.go:119 map[cpu:0.00168 data_type:1000 io:0 kernel_version:3.10.0-514.el7.x86_64 memory:15663104 net_type:sd platform:centos platform_version:7.3.1611 plugins:[{"rss":7118848,"io":0,"cpu":0.0003354579000073644,"name":"driver","version":"1.6.0.0","pid":11613,"qps":1.4}] slab:163368 timestamp:1621361282]
2021-05-19T02:08:32.702+0800 INFO report/report.go:119 map[cpu:0.00134 data_type:1000 io:8192 kernel_version:3.10.0-514.el7.x86_64 memory:15663104 net_type:sd platform:centos platform_version:7.3.1611 plugins:[{"rss":7118848,"io":0,"cpu":0.00033585222503749334,"name":"driver","version":"1.6.0.0","pid":11613,"qps":1.1333333333333333}] slab:163336 timestamp:1621361312]
2021-05-19T02:09:02.703+0800 INFO report/report.go:119 map[cpu:0.00134 data_type:1000 io:0 kernel_version:3.10.0-514.el7.x86_64 memory:15663104 net_type:sd platform:centos platform_version:7.3.1611 plugins:[{"rss":7118848,"io":0,"cpu":0.00033579583607587873,"name":"driver","version":"1.6.0.0","pid":11613,"qps":1.4666666666666666}] slab:163340 timestamp:1621361342]
2021-05-19T02:09:32.703+0800 INFO report/report.go:119 map[cpu:0.00135 data_type:1000 io:4096 kernel_version:3.10.0-514.el7.x86_64 memory:15663104 net_type:sd platform:centos platform_version:7.3.1611 plugins:[{"rss":7118848,"io":0,"cpu":0,"name":"driver","version":"1.6.0.0","pid":11613,"qps":0.36666666666666664}] slab:163304 timestamp:1621361372]
root@sec-test (17:34:54) tmp # cd /etc/elkeid/plugin/collector/
root@sec-test (17:35:06) collector # ll
total 5984
-rwx------ 1 root root 6099188 May 8 17:14 collector
-rw-r--r-- 1 root root 17181 May 19 01:15 collector.log
-rw-r--r-- 1 root root 1155 May 8 16:43 collector.stderr
-rw-r--r-- 1 root root 0 May 8 16:43 collector.stdout
root@sec-test (17:35:07) collector #
root@sec-test (17:35:08) collector #
root@sec-test (17:35:08) collector # cat collector.log
2021-05-08T17:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-08T18:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-08T19:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-08T20:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-08T21:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-08T22:15:15.953+0800 INFO socket/socket.go:27 Try netlink...
2021-05-08T23:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-09T00:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-09T01:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-09T02:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-09T03:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-09T04:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-09T05:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-09T06:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-09T07:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-09T08:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-09T09:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-09T10:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-09T11:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-09T12:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-09T13:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-09T14:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-09T15:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-09T16:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-09T17:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-09T18:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-09T19:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-09T20:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-09T21:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-09T22:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-09T23:15:15.953+0800 INFO socket/socket.go:27 Try netlink...
2021-05-10T00:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-10T01:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-10T02:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-10T03:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-10T04:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-10T05:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-10T06:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-10T07:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-10T08:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-10T09:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-10T10:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-10T11:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-10T12:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-10T13:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-10T14:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-10T15:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-10T16:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-10T17:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-10T18:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-10T19:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-10T20:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-10T21:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-10T22:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-10T23:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-11T00:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-11T01:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-11T02:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-11T03:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-11T04:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-11T05:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-11T06:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-11T07:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-11T08:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-11T09:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-11T10:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-11T11:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-11T12:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-11T13:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-11T14:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-11T15:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-11T16:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-11T17:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-11T18:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-11T19:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-11T20:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-11T21:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-11T22:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-11T23:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-12T00:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-12T01:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-12T02:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-12T03:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-12T04:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-12T05:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-12T06:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-12T07:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-12T08:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-12T09:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-12T10:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-12T11:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-12T12:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-12T13:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-12T14:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-12T15:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-12T16:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-12T17:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-12T18:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-12T19:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-12T20:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-12T21:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-12T22:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-12T23:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-13T00:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-13T01:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-13T02:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-13T03:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-13T04:15:15.953+0800 INFO socket/socket.go:27 Try netlink...
2021-05-13T05:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-13T06:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-13T07:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-13T08:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-13T09:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-13T10:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-13T11:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-13T12:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-13T13:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-13T14:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-13T15:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-13T16:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-13T17:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-13T18:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-13T19:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-13T20:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-13T21:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-13T22:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-13T23:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-14T00:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-14T01:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-14T02:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-14T03:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-14T04:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-14T05:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-14T06:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-14T07:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-14T08:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-14T09:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-14T10:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-14T11:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-14T12:15:15.953+0800 INFO socket/socket.go:27 Try netlink...
2021-05-14T13:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-14T14:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-14T15:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-14T16:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-14T17:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-14T18:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-14T19:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-14T20:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-14T21:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-14T22:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-14T23:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-15T00:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-15T01:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-15T02:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-15T03:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-15T04:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-15T05:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-15T06:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-15T07:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-15T08:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-15T09:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-15T10:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-15T11:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-15T12:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-15T13:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-15T14:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-15T15:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-15T16:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-15T17:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-15T18:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-15T19:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-15T20:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-15T21:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-15T22:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-15T23:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-16T00:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-16T01:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-16T02:15:15.953+0800 INFO socket/socket.go:27 Try netlink...
2021-05-16T03:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-16T04:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-16T05:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-16T06:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-16T07:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-16T08:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-16T09:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-16T10:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-16T11:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-16T12:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-16T13:15:15.953+0800 INFO socket/socket.go:27 Try netlink...
2021-05-16T14:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-16T15:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-16T16:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-16T17:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-16T18:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-16T19:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-16T20:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-16T21:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-16T22:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-16T23:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-17T00:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-17T01:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-17T02:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-17T03:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-17T04:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-17T05:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-17T06:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-17T07:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-17T08:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-17T09:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-17T10:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-17T11:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-17T12:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-17T13:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-17T14:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-17T15:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-17T16:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-17T17:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-17T18:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-17T19:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-17T20:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-17T21:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-17T22:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-17T23:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-18T00:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-18T01:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-18T02:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-18T03:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-18T04:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-18T05:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-18T06:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-18T07:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-18T08:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-18T09:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-18T10:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-18T11:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-18T12:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-18T13:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-18T14:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-18T15:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-18T16:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-18T17:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-18T18:15:15.951+0800 INFO socket/socket.go:27 Try netlink...
2021-05-18T19:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-18T20:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-18T21:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-18T22:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-18T23:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-19T00:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
2021-05-19T01:15:15.952+0800 INFO socket/socket.go:27 Try netlink...
root@sec-test (17:35:20) collector #
root@sec-test (17:35:28) collector #
root@sec-test (17:35:28) collector # ll
total 5984
-rwx------ 1 root root 6099188 May 8 17:14 collector
-rw-r--r-- 1 root root 17181 May 19 01:15 collector.log
-rw-r--r-- 1 root root 1155 May 8 16:43 collector.stderr
-rw-r--r-- 1 root root 0 May 8 16:43 collector.stdout
root@sec-test (17:35:41) collector # cat collector.stderr
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x5e1c7e]
goroutine 1 [running]:
github.com/bytedance/Elkeid/agent/support/go/libmongoose.(*LoggerWriter).Write(0xc0000100d0, 0xc000288000, 0x8c, 0x400, 0x41a81e, 0x60238a, 0xc000288000)
/root/go/pkg/mod/github.com/bytedance/!elkeid/agent/support/go/[email protected]/logger.go:34 +0x2de
go.uber.org/zap/zapcore.(*ioCore).Write(0xc000071b30, 0x2, 0xc01a564a933436a9, 0xa0d3ad089ad1, 0x821120, 0x0, 0x0, 0xc00001e100, 0x37, 0x1, ...)
/root/go/pkg/mod/go.uber.org/[email protected]/zapcore/core.go:90 +0x10c
go.uber.org/zap/zapcore.(*CheckedEntry).Write(0xc000286000, 0x0, 0x0, 0x0)
/root/go/pkg/mod/go.uber.org/[email protected]/zapcore/entry.go:220 +0x12d
go.uber.org/zap.(*SugaredLogger).log(0xc0000100d8, 0xc000117c02, 0x0, 0x0, 0xc0001178f8, 0x1, 0x1, 0x0, 0x0, 0x0)
/root/go/pkg/mod/go.uber.org/[email protected]/sugar.go:234 +0xf6
go.uber.org/zap.(*SugaredLogger).Error(...)
/root/go/pkg/mod/go.uber.org/[email protected]/sugar.go:112
main.main()
/root/Workspace/Elkeid/agent/collector/main.go:588 +0xdef
root@sec-test (17:35:47) collector #
from elkeid.
Percivalll
commented on August 23, 2024
已经定位到了collecter的问题,会在最近更新修复。
from elkeid.
Percivalll
commented on August 23, 2024
Fixed.
from elkeid.
Related Issues (20)
- rasp jvm版本支持问题 HOT 1
- tlinux24 docker批量编译部分ko编译失败 HOT 3
- 集群导入出现异常the server has asked for the client to provide credentials
- Bug: Possible Channel Blocking Operation
- KO运行异常或丢失的信息未上报或展示 HOT 1
- 安装kafka时报错 HOT 1
- 执行病毒扫描过程中进度一直是0 HOT 2
- 怎么理解 agent 和 server/agent_center 下面的grpc.proto 风格不一样 HOT 2
- LKM驱动中rename或link后新路径获取异常
- agent采集不到执行的命令
- agent安装部署下载改为https HOT 2
- 什么时候能支持多一点系统呢
- docker部署报错
- ubuntu 6.5.0及以上版本ko编译错误
- driver compile failed on 5.4.250-1.el7.elrepo.x86_64 HOT 2
- 什么时候支持从前端删除离线机器
- Docker 部署时,agent init 报错。
- 容器集群-安全组件安装问题 HOT 8
- 8089端口命名有误
- Redis部署报错 HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from elkeid.