it-novum / openitcockpit-agent-go

Cross-Platform Monitoring Agent for openITCOCKPIT written in Go
https://openitcockpit.io/download_agent/
Apache License 2.0
5 stars 2 forks source link

[Windows] Memory Leak in Windows Event Log implementation #62

Closed nook24 closed 2 years ago

nook24 commented 3 years ago

The current implementation of the Windows Event Log uses a PowerShell workaround to query the latest log entries from the system. Code

One of our implementations we have laying around, is working total fine, but unfortunately it has a memory leak somewhere in the code. Code It would be good if someone could take a look at this and hopefully identify the memory leak.

We also have a second alternative implementation which is based on WMI. This is suffering from an even more worse memory leak. Code. I think this is caused by the underlying libraries:

It would be good if the memory leak in one of the two alternative implementations could be fixed to remove the PowerShell based workaround.

nook24 commented 2 years ago

Todo: Test with this fork: https://github.com/yusufpapurcu/wmi

nook24 commented 2 years ago

Looks like https://github.com/yusufpapurcu/wmi is not suffering any memory leak issues. We decided to use WMI as our default data source to get windows event log records with version 3.0.9 of the agent.

https://github.com/it-novum/openitcockpit-agent-go/releases/tag/3.0.9

The PowerShell method is as fallback option still available via config.ini.