Hi,
We have packetbeat installed on our web servers, occasionally the following is output in /var/log/messages:-
Apr 11 16:42:47 web01 /usr/bin/packetbeat[37929]: log.go:113: ParseHttp exception. Recovering, but please report this: runtime error: slice bounds out of range.
Apr 11 16:42:47 web01 /usr/bin/packetbeat[37929]: log.go:114: Stacktrace: /go/src/github.com/elastic/beats/libbeat/logp/log.go:114 (0x48c5c6)#012/usr/local/go/src/runtime/asm_amd64.s:437 (0x47d8fe)#012/usr/local/go/src/runtime/panic.go:423 (0x44d4f9)#012/usr/local/go/src/runtime/panic.go:18 (0x44ba39)#012/go/src/github.com/elastic/beats/packetbeat/protos/http/http.go:333 (0x4dacb9)#012/go/src/github.com/elastic/beats/packetbeat/protos/http/http.go:636 (0x4dd7d3)#012/go/src/github.com/elastic/beats/packetbeat/protos/tcp/tcp.go:87 (0x521093)#012/go/src/github.com/elastic/beats/packetbeat/protos/tcp/tcp.go:173 (0x5221cd)#012/go/src/github.com/elastic/beats/packetbeat/decoder/decoder.go:136 (0x6c8ad1)#012/go/src/github.com/elastic/beats/packetbeat/sniffer/sniffer.go:352 (0x5337a9)#012/go/src/github.com/elastic/beats/packetbeat/packetbeat.go:212 (0x422f2b)#012/usr/local/go/src/runtime/asm_amd64.s:1696 (0x47fc41)
System setup is as follows:-
root #> cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.7 (Santiago)
root #> rpm -qa | grep packetbeat
packetbeat-1.0.1-1.x86_64
Packetbeat.yml file is as follows:-
grep -Ev "(^#|^\s*$|^\s*\t*#)" /etc/packetbeat/packetbeat.yml
interfaces:
device: any
protocols:
dns:
include_authorities: true
include_additionals: true
http:
ports: [80, 443]
hide_keywords: ['pass', 'password', 'passwd']
memcache:
mysql:
pgsql:
redis:
thrift:
mongodb:
output:
elasticsearch:
hosts: ["our_elk_server:9200"]
shipper:
logging:
files:
rotateeverybytes: 10485760 # = 10MB
Packetbeat reports that it's recovered from the error so I think we may only be missing one or two http transactions - but the message asks for this to be reported.
Thanks, Steve.