Microsoft has reported issues with the log collector internally, however, during the troubleshooting process, continuous problems arose that affected the logging of customer data in certain services. The issue that impacted users the most was Microsoft Entra, which is a login service of Microsoft, causing some logs to go missing. This had a cascading effect on services like Microsoft Sentinel, which may not provide complete notifications.
The missing logs occurred from September 5th to October 3rd. Afterward, the problem was completely resolved. The root cause of this problem was a bug in the log collector monitor, which disrupted the forwarding of data. The team attempted to solve the issue but encountered a dead lock bug that prevented the uploading of telemetry values, even though the log sending process was functioning well. A temporary fix was attempted through restarts, but this caused intermittent log loss.
The root cause bug has been successfully fixed, and Microsoft has promised to enhance the testing system to prevent similar bugs from occurring again.
TLDR: Microsoft faced log collector issues affecting customer data, particularly in services like Microsoft Entra and Microsoft Sentinel, due to a bug in the monitoring system. The problem has been resolved, and steps are being taken to improve testing to prevent such issues in the future.
Leave a Comment