Getting occasional failures, via Linux cron job script [latest binary]

[rynstack]

Typically shows the same output every time it errs:

Starting run @ 2022-10-05 06:50:04.387915. Content: deque(['Audit.General', 'Audit.AzureActiveDirectory', 'Audit.Exchange', 'Audit.SharePoint', 'DLP.All']). Traceback (most recent call last): File "AuditLogCollector.py", line 699, in File "AuditLogCollector.py", line 67, in run File "AuditLogCollector.py", line 80, in run_once File "AuditLogCollector.py", line 113, in receive_results_from_rust_engine File "json/init.py", line 357, in loads File "json/decoder.py", line 337, in decode File "json/decoder.py", line 355, in raw_decode json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0) [1061404] Failed to execute script 'AuditLogCollector' due to unhandled exception! thread '' panicked at 'called Result::unwrap() on an Err value: SendError { .. }', src/api_connection.rs:254:57 note: run with RUST_BACKTRACE=1 environment variable to display a backtrace

[Gill-Bates]

Having the same issue. Any suggestion?

[rynstack]

I do not, but think it might be upstream MS services related

[ddbnl]

Sorry for the late reply, due to my day job I was unable to work on the repo for a while.

There is an unhandled error in the engine, I will update to handle it by retrying or dropping the message if necessary, rather than crashing. I'll update here when a new version is available.

[ddbnl]

A new version is available that should have fixed this issue.

Note that to reduce the number of bugs and improve performance, the last version has been fully rewritten in Rust, and as a result there are some small breaking changes (command line args). Check the readme for the correct syntax. It is also recommended to run the tool using the container that has been made available. See the repo readme for instructions.

If instead you want to keep using the binary, a new version is available here: https://github.com/ddbnl/office365-audit-log-collector/releases/tag/v2.2