SUSE.Linux.Events.Crontab: Add task execution artifacts (0.7.0)

[xTeixeira]

Parse cron task executions from syslog and journal

[djoreilly]

It's working. But sometimes it's logging errors like this

[ERROR] 2023-11-16T16:18:02Z Symbol _COMM not found. Current Scope is: [NULL], [_SessionId, $cache, $device_manager, config, $acl, $uploader, Artifact, $root], [syslogCronLogPath, CronGrok], [precondition_SUSE_Linux_Events_Crontab7_JournalTaskExecs_0], [cron_exec], [SUSE_Linux_Events_Crontab7_JournalTaskExecs_0_1], [$Query], [SYSLOG_FACILITY, SYSLOG_IDENTIFIER, SYSLOG_PID, _HOSTNAME, PRIORITY, _UID, _RUNTIME_SCOPE, _GID, SYSLOG_TIMESTAMP, _PID, MESSAGE, _BOOT_ID, _MACHINE_ID, _TRANSPORT, _SELINUX_CONTEXT, _SOURCE_REALTIME_TIMESTAMP, _SYSTEMD_UNIT, REALTIME_TIMESTAMP, MONOTONIC_TIMESTAMP] 

[xTeixeira]

It's working. But sometimes it's logging errors like this

[ERROR] 2023-11-16T16:18:02Z Symbol _COMM not found. Current Scope is: [NULL], [_SessionId, $cache, $device_manager, config, $acl, $uploader, Artifact, $root], [syslogCronLogPath, CronGrok], [precondition_SUSE_Linux_Events_Crontab7_JournalTaskExecs_0], [cron_exec], [SUSE_Linux_Events_Crontab7_JournalTaskExecs_0_1], [$Query], [SYSLOG_FACILITY, SYSLOG_IDENTIFIER, SYSLOG_PID, _HOSTNAME, PRIORITY, _UID, _RUNTIME_SCOPE, _GID, SYSLOG_TIMESTAMP, _PID, MESSAGE, _BOOT_ID, _MACHINE_ID, _TRANSPORT, _SELINUX_CONTEXT, _SOURCE_REALTIME_TIMESTAMP, _SYSTEMD_UNIT, REALTIME_TIMESTAMP, MONOTONIC_TIMESTAMP] 

I can't reproduce this. Could you try to get me an example of some entry coming from watch_journal() on your end that doesn't have a _COMM field? (which looks to me like it's the problem here, unless I'm misunderstanding the error)

[xTeixeira]

Nevermind, managed to reproduce

[xTeixeira]

New version seems to work without logging any errors for me.

[djoreilly]

Nevermind, managed to reproduce

yeah, it's just a matter of leaving it running and eventually the errors appear, for whatever reason.