Lots of logging errors around RPM
Opened this issue · 2 comments
I have not verified this, but we have a customer report about a 5.10.2 machine running RHEL 9.3 that has a lot of log messages like:
I1130 08:53:54.178153 3320 glog_logger.cpp:49] Could not get RPM header flag.
This is coming from
but the quantity of them seems quite excessiveReminding that that's a verbose log, which I would not expect to be on in production:
- I would add the name of the tag/header tested in the log, and the RPM
- It's likely that the header we are searching is missing (and it shouldn't be an issue for some of them). Therefore maybe there's a way to drill into the specific reason for
headerGetto be failing, and if it's something similar to "not found" we can ignore, unless maybe it's a required header.
I haven't checked the API though, these are just a couple of quick thoughts.
A quick test on a CentOS machine shows that querying rpm_packages, the epoch column data is not always present. There are 643 packages, and only 98 of them have data there, so the rest will cause that verbose log.
By the way it can be confirmed that it's not osquery having hard errors with rpm -qai | grep Epoch | wc -l, which should match the number of rows with an epoch SELECT count(*) FROM rpm_packages WHERE epoch <> ""