Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

agent 容器数据不更新 #425

Open
ChnMig opened this issue Feb 9, 2023 · 6 comments
Open

agent 容器数据不更新 #425

ChnMig opened this issue Feb 9, 2023 · 6 comments

Comments

@ChnMig
Copy link

ChnMig commented Feb 9, 2023

agent 运行成功, 但是主机上的容器数据不更新, 手动点击 采集最新数据 按钮, 也没有更新
前端获取到的信息如下

{
  "code": 0,
  "msg": "success",
  "data": [
    {
      "agent_id": "f54395bf-ab1b-518e-bb9d-1a29691e89bb",
      "intranet_ipv4": [
        "10.0.16.10"
      ],
      "intranet_ipv6": [],
      "extranet_ipv4": [],
      "extranet_ipv6": [],
      "hostname": "VM-16-10-centos",
      "_id": "63e4abcd4073d60e7b4edca2",
      "update_time": 1675930568,
      "id": "cbb0ec29fb86aa702a1e0bbfd5210dc7cfae9a69b65d2a6052b4f2202df05e6a",
      "name": "elkeid_community",
      "state": "running",
      "image_id": "964421591ab994b51eaf2c49a1b5a399c99fac5f34e8783094983fa6576f8757",
      "image_name": "elkeid/all-in-one:v1.9.1",
      "create_time": 1675908278
    },
    {
      "agent_id": "f54395bf-ab1b-518e-bb9d-1a29691e89bb",
      "intranet_ipv4": [
        "10.0.16.10"
      ],
      "intranet_ipv6": [],
      "extranet_ipv4": [],
      "extranet_ipv6": [],
      "hostname": "VM-16-10-centos",
      "_id": "63e4abcd4073d60e7b4edca3",
      "update_time": 1675930568,
      "id": "7f9d312128a943f8920f0baa1789dae7e6cc4363b38393868502d32978cf97f0",
      "name": "charming_boyd",
      "state": "exited",
      "image_id": "7da161f45ac3835bc872dcb50f0cde87f65661ba8f50a5a0835dee7e262703f",
      "image_name": "mysql",
      "create_time": 1675930427
    },
    {
      "agent_id": "f54395bf-ab1b-518e-bb9d-1a29691e89bb",
      "intranet_ipv4": [
        "10.0.16.10"
      ],
      "intranet_ipv6": [],
      "extranet_ipv4": [],
      "extranet_ipv6": [],
      "hostname": "VM-16-10-centos",
      "_id": "63e4abcd4073d60e7b4edca4",
      "update_time": 1675930568,
      "id": "a0a6952a095e4cd45d05a93e68a2b307bb3035bb172e7ed8431dbcc8410f715e",
      "name": "great_elbakyan",
      "state": "exited",
      "image_id": "7da161f45ac3835bc872dcb50f0cde87f65661ba8f50a5a0835dee7e262703f",
      "image_name": "mysql",
      "create_time": 1675930548
    }
  ],
  "page_info": {
    "total": 3,
    "page": 1,
    "page_size": 10
  }
}

真实数据是:

[root@VM-16-10-centos log]# docker ps -a
CONTAINER ID   IMAGE                      COMMAND            CREATED        STATUS                     PORTS                                                                                                                                                                                                                        NAMES
4ba378bc2a2b   54e726b437fb               "bash"             2 hours ago    Exited (130) 2 hours ago                                                                                                                                                                                                                                quizzical_ramanujan
c3b7e1035cf7   debian                     "bash"             3 hours ago    Exited (129) 2 hours ago                                                                                                                                                                                                                                debian
cbb0ec29fb86   elkeid/all-in-one:v1.9.1   "/usr/sbin/init"   10 hours ago   Up 10 hours                0.0.0.0:8071-8072->8071-8072/tcp, :::8071-8072->8071-8072/tcp, 0.0.0.0:8080-8082->8080-8082/tcp, :::8080-8082->8080-8082/tcp, 22/tcp, 0.0.0.0:8090->8090/tcp, :::8090->8090/tcp, 0.0.0.0:8089->8080/tcp, :::8089->8080/tcp   elkeid_community
@EBWi11
Copy link
Member

EBWi11 commented Feb 9, 2023
edited

理论上容器资产是5min采集一次,经过本地测试未复现该问题,这部分代码位于:https://github.com/bytedance/Elkeid/blob/main/plugins/collector/container/container.go#L130
是使用了 github.com/docker/docker/client 标准库进行数据采集,建议您在本地环境测试验证下该库,以便暴露问题

@ChnMig
Copy link
Author

ChnMig commented Feb 10, 2023

理论上容器资产是5min采集一次,经过本地测试未复现该问题,这部分代码位于:https://github.com/bytedance/Elkeid/blob/main/plugins/collector/container/container.go#L130 是使用了 github.com/docker/docker/client 标准库进行数据采集,建议您在本地环境测试验证下该库,以便暴露问题

谢谢你的回复, 我今天测试一下

@ChnMig
Copy link
Author

ChnMig commented Feb 10, 2023

理论上容器资产是5min采集一次,经过本地测试未复现该问题,这部分代码位于:https://github.com/bytedance/Elkeid/blob/main/plugins/collector/container/container.go#L130 是使用了 github.com/docker/docker/client 标准库进行数据采集,建议您在本地环境测试验证下该库,以便暴露问题

当我重启机器后, 一切正常了, 不知道为什么, 在一段时间后, agent出现了假死现象, 具体表现为, 基线检查任务一直夯住, 数据指标不更新, 但是界面显示连接正常, 是在线状态, 请问我该如何排查问题, 或者有日志可以查看吗?

@EBWi11
Copy link
Member

EBWi11 commented Feb 13, 2023

"数据指标不更新" 具体指的是什么指标呢?

@ChnMig
Copy link
Author

ChnMig commented Feb 14, 2023

"数据指标不更新" 具体指的是什么指标呢?

谢谢你的回复, 数据指的是, 进程/软件包 等信息, 当我点击立即更新时, 数据事实上并未更新, 这也就是我为什么认为 docker 容器采集错误, 实际上是数据并没有更新成功. 而当我重启 agent 之后, 一切都正常了.

@EBWi11
Copy link
Member

EBWi11 commented Feb 14, 2023

感谢提供信息,立即更新实际上是个异步任务,理论上点击后3-5分钟数据应该会采集上报,如果超过这个时间仍未刷新确实不符合预期,这个问题我本周再尝试复现一下,我们持续跟进,感谢。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@EBWi11 @ChnMig