[Auditbeat] Unable to get packages related data #16661

samoz83 · 2020-02-27T10:33:10Z

I keep getting the below from the System module of Auditbeat in relation to packages information.

failed to get packages: error getting DEB packages: error converting 25G to int: strconv.ParseUint: parsing "25G": invalid syntax

For confirmed bugs, please report:

Version: Auditbeat 7.6.0
Operating System: Ubuntu 18.04.4
Discuss Forum URL: https://discuss.elastic.co/t/system-module-packages-error/214448/2
Steps to Reproduce: Install standard Auditbeat config

The text was updated successfully, but these errors were encountered:

elasticmachine · 2020-02-27T16:01:54Z

Pinging @elastic/siem (Team:SIEM)

rvillablanca · 2020-02-28T15:44:00Z

Looking in two files of some friends /var/lib/dpkg/status (I don't have it because I use Arch), none of them have the line Installed-Size: with G or any other non-numeric character so, this could be even an invalid file I think

samoz83 · 2020-03-02T16:24:18Z

Ah I wasn't sure what file it was looking at, it does seem to be a random package that someone has put into our apt repos. I'll pull the package and fix it on my side. Thanks

adriansr · 2020-03-23T17:48:11Z

Reopened as this is an issue users are experiencing from time to time.

Deb packages report their installed size in a field, Installed-Size, which is an integer interpreted as KiB. Some unoficial packages are adding a unit at the end of this field: Installed-Size: 65M Dpkg/Apt ignore everything after the number. Auditbeat is currently failing to parse the list of packages once this mistake is reached. This updates the dataset to: - Do not fail when installed size can't be parsed. - Understand prefixes k/K, m/M and G/b. Fixes elastic#16661

* Harden system/package parsing of deb size Deb packages report their installed size in a field, Installed-Size, which is an integer interpreted as KiB. Some unofficial packages are adding a unit at the end of this field: Installed-Size: 65M System tools dpkg/apt ignore everything after the number. Auditbeat is currently failing to parse the list of installed packages once this mistake is reached. This updates the dataset to: - Do not fail when installed size can't be parsed. - Understand prefixes k/K, m/M and G/b. Fixes #16661

* Harden system/package parsing of deb size Deb packages report their installed size in a field, Installed-Size, which is an integer interpreted as KiB. Some unofficial packages are adding a unit at the end of this field: Installed-Size: 65M System tools dpkg/apt ignore everything after the number. Auditbeat is currently failing to parse the list of installed packages once this mistake is reached. This updates the dataset to: - Do not fail when installed size can't be parsed. - Understand prefixes k/K, m/M and G/b. Fixes elastic#16661 (cherry picked from commit b131405)

* Harden system/package parsing of deb size Deb packages report their installed size in a field, Installed-Size, which is an integer interpreted as KiB. Some unofficial packages are adding a unit at the end of this field: Installed-Size: 65M System tools dpkg/apt ignore everything after the number. Auditbeat is currently failing to parse the list of installed packages once this mistake is reached. This updates the dataset to: - Do not fail when installed size can't be parsed. - Understand prefixes k/K, m/M and G/b. Fixes #16661 (cherry picked from commit b131405)

* Harden system/package parsing of deb size Deb packages report their installed size in a field, Installed-Size, which is an integer interpreted as KiB. Some unofficial packages are adding a unit at the end of this field: Installed-Size: 65M System tools dpkg/apt ignore everything after the number. Auditbeat is currently failing to parse the list of installed packages once this mistake is reached. This updates the dataset to: - Do not fail when installed size can't be parsed. - Understand prefixes k/K, m/M and G/b. Fixes elastic#16661 (cherry picked from commit b131405)

…17230) Deb packages report their installed size in a field, Installed-Size, which is an integer interpreted as KiB. Some unofficial packages are adding a unit at the end of this field: Installed-Size: 65M System tools dpkg/apt ignore everything after the number. Auditbeat is currently failing to parse the list of installed packages once this mistake is reached. This updates the dataset to: - Do not fail when installed size can't be parsed. - Understand prefixes k/K, m/M and G/b. Fixes #16661 (cherry picked from commit b131405)

ChrsMark added the Team:SIEM label Feb 27, 2020

andrewkroh added Auditbeat bug labels Feb 27, 2020

samoz83 closed this as completed Mar 2, 2020

ismael-hasan mentioned this issue Mar 23, 2020

Auditbeat fails to retrieve System Module packages dataset when the Installed-Size of a package contains units #17171

Closed

adriansr reopened this Mar 23, 2020

adriansr mentioned this issue Mar 23, 2020

Harden system/package parsing of deb size #17188

Merged

3 tasks

adriansr closed this as completed in #17188 Mar 23, 2020

adriansr mentioned this issue Mar 23, 2020

Cherry-pick #17188 to 7.x: Harden system/package parsing of deb size #17190

Merged

3 tasks

adriansr mentioned this issue Mar 24, 2020

Cherry-pick #17188 to 7.6: Harden system/package parsing of deb size #17230

Merged

3 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Auditbeat] Unable to get packages related data #16661

[Auditbeat] Unable to get packages related data #16661

samoz83 commented Feb 27, 2020 •

edited

Loading

elasticmachine commented Feb 27, 2020

rvillablanca commented Feb 28, 2020

samoz83 commented Mar 2, 2020

adriansr commented Mar 23, 2020

[Auditbeat] Unable to get packages related data #16661

[Auditbeat] Unable to get packages related data #16661

Comments

samoz83 commented Feb 27, 2020 • edited Loading

elasticmachine commented Feb 27, 2020

rvillablanca commented Feb 28, 2020

samoz83 commented Mar 2, 2020

adriansr commented Mar 23, 2020

samoz83 commented Feb 27, 2020 •

edited

Loading