Closed
Description
Reporting as requested. Happens reliably within a few minutes of the starting the container up. Input is CEF log data from Azure defender SIEM integrator - payload not logged, even with debug, so can't be more specific than that.
Filebeat 7.16.3, CEF module
Docker 20.10.7
Seems to only manifest when a valid destination is connected. It claims to have recovered, but it hasn't - no further data gets processed until I recreate the container.
Initial testing indicates this is new since 7.13.2 - haven't yet seen a panic when running with identical configuration on that version.
2022-01-26T01:59:29.249Z ERROR [UDP] logp/logger.go:218 Panic handling datagram. Recovering, but please report this.{panic 25 0 runtime error: slice bounds out of range [:-116]} {stack 15 0 github.com/elastic/beats/v7/libbeat/logp.(*Logger).Recover
/go/src/github.com/elastic/beats/libbeat/logp/logger.go:218
runtime.gopanic
/usr/local/go/src/runtime/panic.go:1038
runtime.goPanicSliceAlen
/usr/local/go/src/runtime/panic.go:100
github.com/elastic/beats/v7/x-pack/filebeat/processors/decode_cef/cef.replaceEscapes
/go/src/github.com/elastic/beats/x-pack/filebeat/processors/decode_cef/cef/cef.go:173
github.com/elastic/beats/v7/x-pack/filebeat/processors/decode_cef/cef.(*Event).unpack
cef.rl:76
github.com/elastic/beats/v7/x-pack/filebeat/processors/decode_cef/cef.(*Event).Unpack
/go/src/github.com/elastic/beats/x-pack/filebeat/processors/decode_cef/cef/cef.go:125
github.com/elastic/beats/v7/x-pack/filebeat/processors/decode_cef.(*processor).Run
/go/src/github.com/elastic/beats/x-pack/filebeat/processors/decode_cef/decode_cef.go:89
github.com/elastic/beats/v7/libbeat/publisher/processing.(*group).Run
/go/src/github.com/elastic/beats/libbeat/publisher/processing/processors.go:121
github.com/elastic/beats/v7/libbeat/publisher/processing.(*group).Run
/go/src/github.com/elastic/beats/libbeat/publisher/processing/processors.go:121
github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*client).publish
/go/src/github.com/elastic/beats/libbeat/publisher/pipeline/client.go:101
github.com/elastic/beats/v7/libbeat/publisher/pipeline.(*client).Publish
/go/src/github.com/elastic/beats/libbeat/publisher/pipeline/client.go:80
github.com/elastic/beats/v7/filebeat/beater.(*countingClient).Publish
/go/src/github.com/elastic/beats/filebeat/beater/channels.go:136
github.com/elastic/beats/v7/filebeat/channel.(*outlet).OnEvent
/go/src/github.com/elastic/beats/filebeat/channel/outlet.go:58
github.com/elastic/beats/v7/filebeat/harvester.(*Forwarder).Send
/go/src/github.com/elastic/beats/filebeat/harvester/forwarder.go:50
github.com/elastic/beats/v7/filebeat/input/syslog.GetCbByConfig.func3
/go/src/github.com/elastic/beats/filebeat/input/syslog/input.go:202
github.com/elastic/beats/v7/filebeat/inputsource/common/dgram.DatagramReaderFactory.func1.1
/go/src/github.com/elastic/beats/filebeat/inputsource/common/dgram/handler.go:88
github.com/elastic/beats/v7/filebeat/inputsource/common/dgram.(*Listener).connectAndRun
/go/src/github.com/elastic/beats/filebeat/inputsource/common/dgram/server.go:122
github.com/elastic/beats/v7/filebeat/inputsource/common/dgram.(*Listener).Start.func1
/go/src/github.com/elastic/beats/filebeat/inputsource/common/dgram/server.go:112
github.com/elastic/go-concert/unison.(*TaskGroup).Go.func1
/go/pkg/mod/github.com/elastic/go-concert@v0.2.0/unison/taskgroup.go:163 <nil>}