search

ddbnl / office365-audit-log-collector

Collect / retrieve Office365, AzureAD and DLP audit logs and output to PRTG, Azure Log Analytics Workspace, SQL, Graylog, Fluentd, and/or file output.
https://ddbnl.github.io/office365-audit-log-collector/
MIT License
106 stars 40 forks source link

Error: json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0) #54

Closed Gill-Bates closed 8 months ago

Gill-Bates commented 10 months ago

When running the Collector (Version 2.1) I receive following Error:

Starting run @ 2024-01-16 12:53:51.777429. Content: deque(['Audit.General', 'Audit.Exchange', 'Audit.SharePoint', 'DLP.All']).
Traceback (most recent call last):
  File "AuditLogCollector.py", line 699, in <module>
  File "AuditLogCollector.py", line 67, in run
  File "AuditLogCollector.py", line 80, in run_once
  File "AuditLogCollector.py", line 113, in receive_results_from_rust_engine
  File "json/__init__.py", line 357, in loads
  File "json/decoder.py", line 337, in decode
  File "json/decoder.py", line 355, in raw_decode
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
[449236] Failed to execute script 'AuditLogCollector' due to unhandled exception!
thread '<unnamed>' panicked at 'called `Result::unwrap()` on an `Err` value: SendError { .. }', src/api_connection.rs:254:57
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Any Idea whats going on here?

uname -a
Linux hostname 6.1.0-17-cloud-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.69-1 (2023-12-30) x86_64 GNU/Linux
ddbnl commented 8 months ago

Sorry for the late reply, due to my day job I was unable to work on the repo for a while. Looks like an unhandled error somewhere, I will add an error handler there so it can retry or drop the message, rather than crash. I'll update when the new version is available.

ddbnl commented 8 months ago

A new version is available that should have fixed this issue.

Note that to reduce the number of bugs and improve performance, the last version has been fully rewritten in Rust, and as a result there are some small breaking changes (command line args). Check the readme for the correct syntax. It is also recommended to run the tool using the container that has been made available. See the repo readme for instructions.

If instead you want to keep using the binary, a new version is available here: https://github.com/ddbnl/office365-audit-log-collector/releases/tag/v2.2