Metricbeat fails to list all processes when run as a non-privileged user #12301

adriansr · 2019-05-27T08:36:51Z

When running Metricbeat under Windows as a regular, non-administrator user, the process / process_summary metricsets won't report processes belonging to other users.

The log is filled with messages like

2019-05-24T13:29:59.487+0200 DEBUG [processes] process/process.go:460 Skip process pid=444: error getting process state for pid=444: getProcCredName failed: OpenProcessToken failed

The text was updated successfully, but these errors were encountered:

This updates vendored elastic/gosigar to v0.10.3, which addresses an issue when listing processes under a non-privileged Windows user. For the system/process metricset, only processes belonging to the user under which Metricbeat is running were reported. For the system/process_summary metricset, process belonging to other users were reported as unknown state. This fix will make Metricbeat able to report all processes, but information about which users owns those processes will be missing. Fixes elastic#12301

adriansr · 2019-05-27T16:12:56Z

@narph I assigned you both after discussing the issue with @odacremolbap

I had a quick fix for this in #12305, however, this PR is causing metricbeat to complain with an error after new code paths are being reached in the Windows+non-admin-user case:

ERROR   instance/metrics.go:92  Error while getting memory usage: error retrieving process stats: cannot find matching process for pid=2456

This will make tests/system/test_system.py:Test.test_process to fail because it doesn't want any ERROR or WARN in the logs.

narph · 2019-06-12T10:45:53Z

@adriansr , #12475 has been merged

…#12475) * [Metricbeat] Fix system/process* metricsets under Windows This updates vendored elastic/gosigar to v0.10.3, which addresses an issue when listing processes under a non-privileged Windows user. For the system/process metricset, only processes belonging to the user under which Metricbeat is running were reported. For the system/process_summary metricset, process belonging to other users were reported as unknown state. This fix will make Metricbeat able to report all processes, but information about which users owns those processes will be missing. Fixes elastic#12301 * Added test func in order to provide more information on the failing match * Fix build error * Removed test func, correcting access rights in sigar_windows file (gosigar pr will follow), test only * Revert test changes, return debug message for process.getDetails * Replaced the PR number in the changelog * Adding selector to log debug message * Wrong type for pid in debug message (cherry picked from commit 08b5c38)

adriansr added bug Metricbeat Metricbeat labels May 27, 2019

exekias added the :Windows label May 27, 2019

adriansr mentioned this issue May 27, 2019

[Metricbeat] Fix system/process* metricsets under Windows #12305

Closed

adriansr assigned odacremolbap and narph May 27, 2019

narph added Team:Integrations Label for the Integrations team [zube]: In Progress labels Jun 4, 2019

zube bot added [zube]: Inbox and removed [zube]: In Progress labels Jun 4, 2019

narph mentioned this issue Jun 10, 2019

Continuation of: Adriansr fix mb windows procs #12301 #12475

Merged

narph closed this as completed in 08b5c38 Jun 12, 2019