Skip to content

[Bug]: Sending payloads with cribl/event transport type - inconsistency with channel type #1600

New issue
New issue
Open
Open
[Bug]: Sending payloads with cribl/event transport type - inconsistency with channel type#1600
Labels
bugSomething isn't working
@michalbiesek

Description

@michalbiesek
michalbiesek
opened on Jul 24, 2023

Steps To Reproduce

This is example payload received from event transportation type:

{"type":"payload","id":"michalbiesek-host-host -v -t a cribl.io","pid":181832,"ppid":66772,"fd":9,"src":"nettx","_channel":20401133743160,"len":26,"localip":"0.0.0.0","localp":0,"remoteip":"127.0.0.53","remotep":53,"protocol":"DNS-detection","_time":1690201303.836}
�tcriblio

See that channel type above is int

While in case of other events we use a string type

{"type":"evt","id":"michalbiesek-host-host -v -t a cribl.io","_channel":"20401134899264","body":{"sourcetype":"dns","_time":1690201303.836175,"source":"dns.req","host":"michalbiesek","proc":"host","cmd":"host -v -t a cribl.io","pid":181832,"data":{"domain":"cribl.io"}}}

appscope/src/ctl.c

Lines 509 to 512 in 0be47b2

if (!cJSON_AddStringToObjLN(json_root, CHANNEL, numbuf)) goto err;
} else {
if (!cJSON_AddStringToObjLN(json_root, CHANNEL, "none")) goto err;
}

Environment

- AppScope: 1.4.0
- OS: Linux
- Architecture: both 
- Kernel: -

The above can results with unexpected behavior on the other side while interpreting the data

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions