SentinelOne Exceptions for Sentry/Kafka

I am the sysadmin for my organization and am assisting one of my developers in getting Sentry working in our Docker environment. We run SentinelOne on the Docker host the containers are running in. We are having issues with Kafka not being able to communicate with itself:
2021-02-02T21:57:40Z [rdkafka::client] ERROR: librdkafka: Global error: BrokerTransportFailure (Local: Broker transport failure): kafka:9092/bootstrap: Connect to ipv4#172.25.0.11:9092 failed: Connection refused (after 0ms in state CONNECT, 30 identical error(s) suppressed)
We have also been seeing SentinelOne blocking Sentry processes sporadically. Are there any AV exclusions that we could add to SentinelOne on the host to take SentinelOne out of the equation to see if it is what is causing these errors?

Are you sure it is kafka itself and not zookeeper?

No idea what you are talking about as I’m not familiar with SentinelOne. What kind of blocks are we talking about? I/O or memory limitations etc.?

The error said Kafka, but it could be zookeeper. Again I am not familiar with Sentry.

LDConfig and uwsig are the processes we see blocked from time to time.

Kafka would fail if ZooKeeper fails. Hard to tell without more logs.

ldconfig is a core Linux utility, so no idea why would it be blocked. uwsgi is the main process that bridges Python to HTTP and we run many instances of it to handle requests concurrently.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.