[NIFI-6507] ConsumeWindowsEventLog should renew failed subscription - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.10.0
Component/s: Extensions
Labels:
None

Description

Current implementation has some code for specific 15011 error code. The processor uses EvtSubscribeStrict flag which produces ERROR_EVT_QUERY_RESULT_STALE (15011) event when event records are missing. Currently, the processor only logs the error code. But does not renew subscription.

https://docs.microsoft.com/en-us/windows/desktop/api/winevt/nc-winevt-evt_subscribe_callback

When error 15011 happens, the processor stopped reading further events. It looks as if the processor hangs. The processor doesn't renew subscription because it thinks it already has a valid subscription. The current implementation determines if a subscription is valid by these lines of code:

private boolean isSubscribed() {
    return subscriptionHandle != null && subscriptionHandle.getPointer() != null;
}

https://github.com/apache/nifi/blob/master/nifi-nar-bundles/nifi-windows-event-log-bundle/nifi-windows-event-log-processors/src/main/java/org/apache/nifi/processors/windows/event/log/ConsumeWindowsEventLog.java#L242-L244

If already subscribed, the processor polls received messages from the internal queue. But since the subscription has encountered an error, no further messages available.

Attachments

Issue Links

relates to

NIFI-6996 ConsumeWindowsEventLog leads to a stackoverflow when subscription fails

Resolved

links to

GitHub Pull Request #3617

Activity

People

Assignee:: Koji Kawamura

Reporter:: Koji Kawamura

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 31/Jul/19 05:54

Updated:: 09/Jan/20 13:43

Resolved:: 05/Aug/19 08:34

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

0.5h