Open VihasMakwana opened 1 month ago
Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane)
What data stream was this observed for? Are their logs you can attach to the issue?
@cmacknz the errors reported are similar to https://github.com/elastic/beats/issues/40542#issue-2468808059
- id: system/metrics-default
state:
message: 'Healthy: communicating with pid ''1556'''
pid: 0
state: 2
units:
input-system/metrics-default-system/metrics-system-5f5e65eb-2fd6-41e1-8c29-f24d57e66509:
state: DEGRADED
message: |-
Error fetching data for metricset system.process_summary: Not enough privileges to fetch information: Not enough privileges to fetch information: GetInfoForPid: could not get all information for PID 0: error fetching name: OpenProcess failed for pid=0: The parameter is incorrect.
error fetching status: OpenProcess failed for pid=0: The parameter is incorrect.
GetInfoForPid: could not get all information for PID 4: error fetching name: GetProcessImageFileName failed for pid=4: GetProcessImageFileName failed: invalid argument
payload:
streams:
system/metrics-system.process.summary-5f5e65eb-2fd6-41e1-8c29-f24d57e66509:
error: |-
Error fetching data for metricset system.process_summary: Not enough privileges to fetch information: Not enough privileges to fetch information: GetInfoForPid: could not get all information for PID 0: error fetching name: OpenProcess failed for pid=0: The parameter is incorrect.
error fetching status: OpenProcess failed for pid=0: The parameter is incorrect.
GetInfoForPid: could not get all information for PID 4: error fetching name: GetProcessImageFileName failed for pid=4: GetProcessImageFileName failed: invalid argument
status: DEGRADED
There's a coincidence. All the these PIDs refer to the SYSTEM processes.
On windows, we try to open the process with PROCESS_VM_READ
and PROCESS_QUERY_LIMITED_INFORMATION
access rights. More info here.
An administrator can open a system process with PROCESS_QUERY_LIMITED_INFORMATION
, but not with PROCESS_VM_READ
.
This results in an error.
This seems to be related with https://github.com/elastic/beats/issues/17314
Access is denied
errors, which results in DEGRADED mode.