Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

404 while kernel object download #1835

Open
cooperspencer opened this issue Sep 9, 2024 · 6 comments
Open

404 while kernel object download #1835

cooperspencer opened this issue Sep 9, 2024 · 6 comments

Comments

@cooperspencer
Copy link

We are using version 4.2.1 and with a newly created machine in our cluster we get the following error:

[INFO    2024/09/09 13:08:08] Attempting to download collector-ebpf-5.4.17-2136.332.5.2.el7uek.x86_64.o
[INFO    2024/09/09 13:08:08] Attempting to download kernel object from https://sensor.stackrox.svc:443/kernel-objects/2.6.0/collector-ebpf-5.4.17-2136.332.5.2.el7uek.x86_64.o.gz
[INFO    2024/09/09 13:08:09] HTTP Request failed with error code 404

But the kernel is in the kernel_versions file:
https://github.com/stackrox/collector/blob/master/kernel-modules/KERNEL_VERSIONS#L6875
@Stringy
Copy link
Collaborator

Stringy commented Sep 9, 2024

Hi @cooperspencer - I'm not quite sure why we don't have a driver for that kernel, but I'll look into it.

In the meantime you may be able to switch to CORE_BPF collection (which is a kernel-agnostic driver embedded into the collector image), though I'm not certain if it will work with a 5.4 kernel. If there's a line in your collector logs like CORE_BPF collection method is available then it is likely to work, and collector won't need to download anything.

@cooperspencer
Copy link
Author

Thanks for looking into it.

Sadly I don't have anything like this in my logs.

@Stringy
Copy link
Collaborator

Stringy commented Sep 10, 2024

I've had a look and we do have drivers for that kernel for stackrox version 4.3 and newer. It looks like we scraped it a couple of months after 4.2 went out of support, so that's why it was never built for that version.

I'd recommend updating to at least 4.4, because anything older than that is out of support (there's some more detail about our support life cycle here: https://access.redhat.com/support/policy/updates/rhacs)

@cooperspencer
Copy link
Author

thanks for the notice. Then I'll upgrade Stackrox.

@cooperspencer
Copy link
Author

I upgraded stackrox and still get those errors:

[INFO    2024/09/12 11:20:34] collector-ebpf-5.4.17-2136.332.5.2.el7uek.x86_64.o
[INFO    2024/09/12 11:20:34] Attempting to download collector-ebpf-5.4.17-2136.332.5.2.el7uek.x86_64.o
[INFO    2024/09/12 11:20:34] Attempting to download kernel object from https://sensor.stackrox.svc:443/kernel-objects/2.10.0/collector-ebpf-5.4.17-2136.332.5.2.el7uek.x86_64.o.gz
[INFO    2024/09/12 11:20:34] HTTP Request failed with error code 404

I upgraded to version 4.5.1

@cooperspencer cooperspencer reopened this Sep 12, 2024
@JoukoVirtanen
Copy link
Contributor

Ebpf should not be used in 4.5. I recommend upgrading to the latest 4.5 release and ensure that your collection method is CORE_BPF.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Stringy @JoukoVirtanen @cooperspencer