-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
windowseventlogreceiver application channel Failed to open publisher when running as service #21491
Comments
Pinging code owners:
See Adding Labels via Comments if you do not have permissions to add labels yourself. |
By default, the collector detects it's running on Windows and will actively register as a service. I don't think you need to run it as a service explicitly. That might explain the problem you're seeing. |
@atoulme Do you know where I find more details about "the collector detects it's running on Windows and will actively register as a service."? |
@atoulme The service should be in Services? When I run it regularly (otelcol-contrib.exe --config cofig.yaml) I can't see any new service in Services... |
I don't think this is the correct way to describe what's happening. The way I'd describe it is: The OpenTelemetry Collector binary automatically detects whether it is being run as a Windows Service or from an interactive session and behaves a little differently. This is probably the (non-root) cause of the problem. Now we probably need to dig deeper to find why this bug occurs when the binary is run as a Windows Service. |
Another thing I noticed is that the error occurs only when I use Application channel. The service writes application events and collects them - maybe this is why we get errors... |
@atoulme I noticed when running as a service, all debug logs are written as events in Application channel, which get processed by the receiver, which writes debug logs, which get processed again and so on. The pr I opened will fix all these issues, by excluding the service itself from processing its events (the provider is the service name). That way I will no longer get this error, and this loop of events will not happen anymore. |
Hi @ShiranAvidov , I was testing the log filter on windows, and I ran into an issue where messages are not filtered. Looking in the logs, I encountered the exact same error message you describe here. Because the message states there is no metadata being added to the log, It made I might have misunderstood your comments above, but your PR simply excludes otelcol as a log source to prevent these messages from being forwarded, correct? Would your PR also resolve the issue with filtering events? Or is there a deeper issue with the windowseventlogreceiver that needs to be looked at? Thanks |
Hey @rlarranaga, yep the PR excludes logs by provider name. I did not make any changes to the receiver's logic, so there is definitely an issue. I did some tests and I got the error from the otelcol-contrib debug logs. When I ran other services I did not get the error. I will test it more to be sure I don't get the error anymore. |
I am actually running a downstream project from open-telemetry collector - A repackaged version from one of the centralized log vendors). My main objectives in posting this question here are:
I do run the Open telemetry collector as a service. But i see differences in functional behavior when the collector runs from the command prompt, versus when it runs as a service (namely, the event filtering functionality is not working when running as service). Since you are running the plain vanilla collector, would you mind testing event filtering when the collector runs as a service? I currently do not have another machine available to do so. I can send a couple of examples if needed. Thanks! |
@pjanotti offered to take a look. Assigning to him |
Summary of my investigation:
Temporary workaround for item 3 (which avoids the error when "capturing own events"):
[EDIT: item 3 actually shouldn't be fixed via code, but, whoever is installing the service should create the proper event source] |
**Description:** Cache the publisher event to: 1. Avoid logging the same error message every time one event from the given source is logged. 2. Avoid opening and closing the event publisher for every single event. **Link to tracking Issue:** [Item 4 described on the investigation](#21491 (comment)) for issue #21491. **Testing:** * Go tests for `pkg/stanza` and `receiver/windowseventlogreceiver` on Windows box. * Ran the contrib build locally to validate the change. * Can't run the full make locally: misspell is failing on Windows because the command line is too long. **Documentation:** Let me know if changing the severity of the log message requires a changelog update.
…-telemetry#27658) **Description:** Cache the publisher event to: 1. Avoid logging the same error message every time one event from the given source is logged. 2. Avoid opening and closing the event publisher for every single event. **Link to tracking Issue:** [Item 4 described on the investigation](open-telemetry#21491 (comment)) for issue open-telemetry#21491. **Testing:** * Go tests for `pkg/stanza` and `receiver/windowseventlogreceiver` on Windows box. * Ran the contrib build locally to validate the change. * Can't run the full make locally: misspell is failing on Windows because the command line is too long. **Documentation:** Let me know if changing the severity of the log message requires a changelog update.
…in EventXML (Windows) (#28587) **Description:** The [XML schema for Windows events supports `Data` elements without the `Name` attribute](https://learn.microsoft.com/en-us/windows/win32/wes/eventschema-datafieldtype-complextype), however, the current implementation doesn't capture `Data` elements without the `Name` attribute. Capturing such elements is specially important for events for which the publisher metadata is invalid. These elements contain the data that will give a user a much better chance of actually understanding the event, see [here](#21491 (comment)) for an example. I'm adding also the optional `Binary` element. Although this element typically requires knowledge of the actual data type it is representing sometimes it can be useful together with the data elements. I consider this to be a breaking change because it modifies the layout of the event generated by the package. It isn't an addition, the old representation is changed, please refer to the changes in tests to see the difference. **Link to tracking Issue:** This is the last pending item to fix #24493, #21491 ([item 5](#21491)). **Testing:** - Local run of the affected receiver and package - "Run Windows" on my fork **Documentation:** N/A --------- Co-authored-by: Daniel Jaglowski <[email protected]>
Fixed by #28587 |
…-telemetry#27658) **Description:** Cache the publisher event to: 1. Avoid logging the same error message every time one event from the given source is logged. 2. Avoid opening and closing the event publisher for every single event. **Link to tracking Issue:** [Item 4 described on the investigation](open-telemetry#21491 (comment)) for issue open-telemetry#21491. **Testing:** * Go tests for `pkg/stanza` and `receiver/windowseventlogreceiver` on Windows box. * Ran the contrib build locally to validate the change. * Can't run the full make locally: misspell is failing on Windows because the command line is too long. **Documentation:** Let me know if changing the severity of the log message requires a changelog update.
…in EventXML (Windows) (open-telemetry#28587) **Description:** The [XML schema for Windows events supports `Data` elements without the `Name` attribute](https://learn.microsoft.com/en-us/windows/win32/wes/eventschema-datafieldtype-complextype), however, the current implementation doesn't capture `Data` elements without the `Name` attribute. Capturing such elements is specially important for events for which the publisher metadata is invalid. These elements contain the data that will give a user a much better chance of actually understanding the event, see [here](open-telemetry#21491 (comment)) for an example. I'm adding also the optional `Binary` element. Although this element typically requires knowledge of the actual data type it is representing sometimes it can be useful together with the data elements. I consider this to be a breaking change because it modifies the layout of the event generated by the package. It isn't an addition, the old representation is changed, please refer to the changes in tests to see the difference. **Link to tracking Issue:** This is the last pending item to fix open-telemetry#24493, open-telemetry#21491 ([item 5](open-telemetry#21491)). **Testing:** - Local run of the affected receiver and package - "Run Windows" on my fork **Documentation:** N/A --------- Co-authored-by: Daniel Jaglowski <[email protected]>
…in EventXML (Windows) (open-telemetry#28587) **Description:** The [XML schema for Windows events supports `Data` elements without the `Name` attribute](https://learn.microsoft.com/en-us/windows/win32/wes/eventschema-datafieldtype-complextype), however, the current implementation doesn't capture `Data` elements without the `Name` attribute. Capturing such elements is specially important for events for which the publisher metadata is invalid. These elements contain the data that will give a user a much better chance of actually understanding the event, see [here](open-telemetry#21491 (comment)) for an example. I'm adding also the optional `Binary` element. Although this element typically requires knowledge of the actual data type it is representing sometimes it can be useful together with the data elements. I consider this to be a breaking change because it modifies the layout of the event generated by the package. It isn't an addition, the old representation is changed, please refer to the changes in tests to see the difference. **Link to tracking Issue:** This is the last pending item to fix open-telemetry#24493, open-telemetry#21491 ([item 5](open-telemetry#21491)). **Testing:** - Local run of the affected receiver and package - "Run Windows" on my fork **Documentation:** N/A --------- Co-authored-by: Daniel Jaglowski <[email protected]>
Component(s)
pkg/stanza, receiver/windowseventlog
What happened?
Description
I am running otel contrib exe as a service in Windows, which collects logs from the event viewer (application, system and security) and writes them to a file. I get this error (shown in event viewer under application):
windows/operator.go:224 Failed to open publisher: failed to open publisher handle: The system cannot find the file specified.: writing log entry to pipeline without metadata
Its worth mentioning that if I run otel contrib exe via terminal (not as service) I do not get this error.
Steps to Reproduce
Running otel contrib exe as service:
New-Service -Name 'MyService' -BinaryPathName "<<OTEL_CONTRIB_EXE>> --config <<OTEL_CONFIG>>"
The error will be shown in event viewer under application and in exporter (in my case a file).
Expected Result
No error.
Actual Result
`The description for Event ID 3 from source MyService cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
1.683206406737252e+09 error windows/operator.go:224 Failed to open publisher: failed to open publisher handle: The system cannot find the file specified.: writing log entry to pipeline without metadata {"kind": "receiver", "name": "windowseventlog/application/localhost_windows_system", "data_type": "logs", "operator_id": "windows_eventlog_input", "operator_type": "windows_eventlog_input"}
github.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza/operator/input/windows.(*Input).processEvent
github.com/open-telemetry/opentelemetry-collector-contrib/pkg/[email protected]/operator/input/windows/operator.go:224
github.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza/operator/input/windows.(*Input).read
github.com/open-telemetry/opentelemetry-collector-contrib/pkg/[email protected]/operator/input/windows/operator.go:195
github.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza/operator/input/windows.(*Input).readToEnd
github.com/open-telemetry/opentelemetry-collector-contrib/pkg/[email protected]/operator/input/windows/operator.go:179
github.com/open-telemetry/opentelemetry-collector-contrib/pkg/stanza/operator/input/windows.(*Input).readOnInterval
github.com/open-telemetry/opentelemetry-collector-contrib/pkg/[email protected]/operator/input/windows/operator.go:167
`
Collector version
v0.75.0
Environment information
Environment
OS: Windows Server 2019
OpenTelemetry Collector configuration
Log output
Additional context
No response
The text was updated successfully, but these errors were encountered: