Description
Hi - we're currently running the Sentinel Connector script on RHEL 8.3, ingesting logs from an FMC. The client runs for some time and then fails with the trace below. Once failed we cannot start the service again.
Grateful for any help you can offer.
Process Process-1:
Traceback (most recent call last):
File "/home/encore/fp-05-microsoft-sentinel-connector-4.0.0/estreamer/baseproc.py", line 111, in _start
callback()
File "/home/encore/fp-05-microsoft-sentinel-connector-4.0.0/estreamer/receiver.py", line 159, in next
self._parseMessageBundle( message )
File "/home/encore/fp-05-microsoft-sentinel-connector-4.0.0/estreamer/receiver.py", line 111, in _parseMessageBundle
self._send( message )
File "/home/encore/fp-05-microsoft-sentinel-connector-4.0.0/estreamer/receiver.py", line 143, in _send
self.callback( message )
File "/home/encore/fp-05-microsoft-sentinel-connector-4.0.0/estreamer/pipeline.py", line 475, in onEvent
parseDecorateTransformWrite( message, self.settings )
File "/home/encore/fp-05-microsoft-sentinel-connector-4.0.0/estreamer/pipeline.py", line 256, in parseDecorateTransformWrite
event = transform( event, settings )
File "/home/encore/fp-05-microsoft-sentinel-connector-4.0.0/estreamer/pipeline.py", line 205, in transform
output = adapters[ index ].dumps( event['record'] )
File "/home/encore/fp-05-microsoft-sentinel-connector-4.0.0/estreamer/adapters/cef.py", line 822, in dumps
return cefAdapter.dumps()
File "/home/encore/fp-05-microsoft-sentinel-connector-4.0.0/estreamer/adapters/cef.py", line 812, in dumps
self.__convert()
File "/home/encore/fp-05-microsoft-sentinel-connector-4.0.0/estreamer/adapters/cef.py", line 737, in __convert
self.output[target] = function( self.record )
File "/home/encore/fp-05-microsoft-sentinel-connector-4.0.0/estreamer/adapters/cef.py", line 147, in
'cs1': lambda rec: __packetData( rec['packetData'] )
File "/home/encore/fp-05-microsoft-sentinel-connector-4.0.0/estreamer/adapters/cef.py", line 115, in __packetData
payload = packet.getPayloadAsAscii()
File "/home/encore/fp-05-microsoft-sentinel-connector-4.0.0/estreamer/common/packet.py", line 95, in getPayloadAsAscii
asciiPayload = self.getPayloadAsBytes().decode( 'ascii', 'ignore' )
File "/home/encore/fp-05-microsoft-sentinel-connector-4.0.0/estreamer/common/packet.py", line 85, in getPayloadAsBytes
self.__getLayer3HeaderLength() +
File "/home/encore/fp-05-microsoft-sentinel-connector-4.0.0/estreamer/common/packet.py", line 55, in __getLayer3HeaderLength
self.__getNyble( ipOffsetNyble ) *
File "/home/encore/fp-05-microsoft-sentinel-connector-4.0.0/estreamer/common/packet.py", line 41, in __getNyble
byte = struct.unpack( '>B', self.data[byteIndex] )[0]
TypeError: a bytes-like object is required, not 'int'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib64/python3.8/multiprocessing/process.py", line 315, in _bootstrap
self.run()
File "/usr/lib64/python3.8/multiprocessing/process.py", line 108, in run
self._target(*self._args, **self._kwargs)
File "/home/encore/fp-05-microsoft-sentinel-connector-4.0.0/estreamer/pipeline.py", line 467, in init
super( SingleWorker, self ).init(
File "/home/encore/fp-05-microsoft-sentinel-connector-4.0.0/estreamer/pipeline.py", line 280, in init
super( Subscriber, self ).init(
File "/home/encore/fp-05-microsoft-sentinel-connector-4.0.0/estreamer/baseproc.py", line 293, in init
super( BatchQueueProcess, self ).init(
File "/home/encore/fp-05-microsoft-sentinel-connector-4.0.0/estreamer/baseproc.py", line 136, in init
self.start()
File "/home/encore/fp-05-microsoft-sentinel-connector-4.0.0/estreamer/pipeline.py", line 302, in start
self._start( self.receiver.next )
File "/home/encore/fp-05-microsoft-sentinel-connector-4.0.0/estreamer/baseproc.py", line 118, in _start
self.logger.exception(ex)
File "/home/encore/fp-05-microsoft-sentinel-connector-4.0.0/estreamer/crossprocesslogging/baseClient.py", line 106, in exception
data = self.__serialise( data, True )
File "/home/encore/fp-05-microsoft-sentinel-connector-4.0.0/estreamer/crossprocesslogging/baseClient.py", line 35, in __serialise
message = data.class.name + ': ' + data.message
AttributeError: 'TypeError' object has no attribute 'message'