Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add windows event log service restart detection and resubscribe #1259

Merged
merged 6 commits into from
Jul 24, 2024

Conversation

jefchien
Copy link
Contributor

@jefchien jefchien commented Jul 22, 2024

Description of the issue

Currently, if the Windows EventLog service crashes and gets restarted, the CloudWatch agent no longer picks up events. This is because the event handle used by the subscription is no longer valid. The CloudWatch agent needs a way to detect that the service has restarted and then re-open the subscription.

Description of changes

Adds a service monitor that uses the golang.org/x/sys/windows/svc/mgr package to periodically (every 10 seconds) detect if the eventlog service's PID has changed. If it has changed, it notifies each of the wineventlog subscriptions to re-subscribe. This prevents the plugin from trying to re-subscribe if the service is down.

License

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Tests

Added a unit test. Deployed build to Windows 2022 instance and manually stopped the EventLog service through the task manager. After restarting the service:

2024-07-22T22:54:52Z D! [windows_event_log] Detected Windows event log service restart
2024-07-22T22:54:52Z D! [wineventlog] Re-subscribed to Security
2024-07-22T22:54:52Z D! [wineventlog] Re-subscribed to Application

Requirements

Before commit the code, please do the following steps.

  1. Run make fmt and make fmt-sh
  2. Run make lint

@jefchien jefchien requested a review from a team as a code owner July 22, 2024 23:05
@codecov-commenter
Copy link

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 64.65%. Comparing base (96d4763) to head (6fd94b2).
Report is 584 commits behind head on main.

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #1259      +/-   ##
==========================================
+ Coverage   57.58%   64.65%   +7.06%     
==========================================
  Files         370      465      +95     
  Lines       17548    22881    +5333     
==========================================
+ Hits        10105    14793    +4688     
- Misses       6848     7385     +537     
- Partials      595      703     +108     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@lisguo lisguo merged commit e3bbdf1 into main Jul 24, 2024
6 checks passed
@lisguo lisguo deleted the resubscribe branch July 24, 2024 19:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants