It’s not just Microsoft and Crowdstrike: Cloudflare, the internet infrastructure giant, experienced a major outage on November 14th, resulting in the irreversible loss of over half of its log data. The outage, which lasted for 3.5 hours, stemmed from a faulty software update that crippled the company’s log service, preventing it from delivering crucial data to customers.
Log services are essential for network operations, allowing businesses to analyze traffic patterns, troubleshoot issues, and detect malicious activity. Cloudflare’s log service, which processes massive volumes of data, relies on a tool called Logpush to package and deliver this information to customers.
However, an update to Logpush on November 14th contained a critical error. As Cloudflare explained in their incident report, the update failed to instruct auxiliary tools to forward the collected logs, leading to a situation where logs were gathered but never delivered. This data was subsequently erased from the cache, resulting in permanent loss.
“A misconfiguration in one part of the system caused a cascading overload in another part of the system, which was itself misconfigured. Had it been properly configured, it could have prevented the loss of logs,” Cloudflare stated in their report.
While engineers quickly identified the flaw and rolled back the update, this triggered a cascading failure. The system was flooded with an overwhelming influx of log data, including data from users who hadn’t even configured Logpush, further exacerbating the issue.
Cloudflare has issued an apology for the incident and the permanent loss of user data.
Why compare a logging system outage to Cloudstrike?? Logging systems are important, but this article is just fluff.
Unless I’m missing what they’re referring to, I don’t see why MS even comes up related to Crowdstrike. A software dev that deploys to Windows making a royally bad mistake doesn’t exactly make that MS’s fault.
If I use a third-party for delivering my service or product, you may assume that I am also responsible for the their mistake because it effects my own offering.
Did MS deliver a product through Crowdstrike? Maybe that’s what I’m missing here. I don’t use Crowdstrike myself, so I’m not sure how it relates at all to MS except that it works on Windows.
Microsoft doesn’t support secure ways of monitoring processes like Linux does