Missing user and group information

[dcarolloz]

Indicate project
libsysflow

Describe the bug
User and group information are sometimes missing

To reproduce
Steps to reproduce the behavior:

1. Build and run sf-collector example
2. Add a user using adduser <newuser>
3. Login with new the newly created user using login <newuser>

Expected behavior
User and group information should be reported

Environment:

• OS: Ubuntu 20.04.4 LTS
• kernel: 5.4.0-128-generic
• SysFlow version: v0.5.1 (from master branch)
• Configurations: eBPF driver

sf-collector example log

****************************************************************
Header: Exporter , IP , File name 
Process: PID 20167 Creation Time, 1688468012688656227, Exe /usr/bin/login, Exe Args testuser, User Name root, Group Name root, TTY 1
Proc Evt: TID 20167, OpFlags 1, Ret 20283
****************************************************************
****************************************************************
Header: Exporter , IP , File name 
Process: PID 20283 Creation Time, 1688468015747803925, Exe /usr/bin/login, Exe Args         , User Name root, Group Name <NA>, TTY 1
Proc Evt: TID 20283, OpFlags 1, Ret 0
****************************************************************
****************************************************************
Header: Exporter , IP , File name 
Process: PID 20283 Creation Time, 1688468015747803925, Exe /usr/bin/login, Exe Args         , User Name root, Group Name <NA>, TTY 1
File: Type 102, Path /var/run/utmp
File Flow: TID 20283, OpFlags: 1152, OpenFlags 4099, FD 5
****************************************************************
****************************************************************
Header: Exporter , IP , File name 
Process: PID 20283 Creation Time, 1688468015747803925, Exe /usr/bin/login, Exe Args         , User Name root, Group Name <NA>, TTY 1
File: Type 102, Path /var/run/utmp
File Flow: TID 20283, OpFlags: 1920, OpenFlags 4097, FD 4
****************************************************************
****************************************************************
Header: Exporter , IP , File name 
Process: PID 20283 Creation Time, 1688468015747803925, Exe /usr/bin/login, Exe Args         , User Name <NA>, Group Name <NA>, TTY 1
Proc Evt: TID 20283, OpFlags 8, Ret 0
****************************************************************
****************************************************************
Header: Exporter , IP , File name 
Process: PID 745 Creation Time, 1688467999761823267, Exe /usr/lib/systemd/systemd-logind, Exe Args , User Name root, Group Name root, TTY 0
File: Type 102, Path /var/run/utmp
File Flow: TID 745, OpFlags: 1408, OpenFlags 4097, FD 22
****************************************************************
****************************************************************
Header: Exporter , IP , File name 
Process: PID 20283 Creation Time, 1688468015747803925, Exe /usr/bin/login, Exe Args         , User Name <NA>, Group Name <NA>, TTY 1
File: Type 102, Path /etc/passwd
File Flow: TID 20283, OpFlags: 1408, OpenFlags 4097, FD 4
****************************************************************
****************************************************************
Header: Exporter , IP , File name 
Process: PID 20283 Creation Time, 1688468015747803925, Exe /bin/bash, Exe Args , User Name <NA>, Group Name <NA>, TTY 1
Proc Evt: TID 20283, OpFlags 2, Ret 0
****************************************************************

[gentooise]

This still happens with libsysflow 0.6.3. It happens only when a new user is created after sf-collector example is already running. If collector is restarted the new user is reported correctly.