ParseHttp Exception - runtime error: slice bounds out of range

Hi,
We have packetbeat installed on our web servers, occasionally the following is output in /var/log/messages:-

Apr 11 16:42:47 web01 /usr/bin/packetbeat[37929]: log.go:113: ParseHttp exception. Recovering, but please report this: runtime error: slice bounds out of range. Apr 11 16:42:47 web01 /usr/bin/packetbeat[37929]: log.go:114: Stacktrace: /go/src/github.com/elastic/beats/libbeat/logp/log.go:114 (0x48c5c6)#012/usr/local/go/src/runtime/asm_amd64.s:437 (0x47d8fe)#012/usr/local/go/src/runtime/panic.go:423 (0x44d4f9)#012/usr/local/go/src/runtime/panic.go:18 (0x44ba39)#012/go/src/github.com/elastic/beats/packetbeat/protos/http/http.go:333 (0x4dacb9)#012/go/src/github.com/elastic/beats/packetbeat/protos/http/http.go:636 (0x4dd7d3)#012/go/src/github.com/elastic/beats/packetbeat/protos/tcp/tcp.go:87 (0x521093)#012/go/src/github.com/elastic/beats/packetbeat/protos/tcp/tcp.go:173 (0x5221cd)#012/go/src/github.com/elastic/beats/packetbeat/decoder/decoder.go:136 (0x6c8ad1)#012/go/src/github.com/elastic/beats/packetbeat/sniffer/sniffer.go:352 (0x5337a9)#012/go/src/github.com/elastic/beats/packetbeat/packetbeat.go:212 (0x422f2b)#012/usr/local/go/src/runtime/asm_amd64.s:1696 (0x47fc41)

System setup is as follows:-

root #> cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.7 (Santiago) root #> rpm -qa | grep packetbeat packetbeat-1.0.1-1.x86_64

Packetbeat.yml file is as follows:-

grep -Ev "(^#|^\s*$|^\s*\t*#)" /etc/packetbeat/packetbeat.yml
interfaces:
device: any
protocols:
dns:
include_authorities: true
include_additionals: true
http:
ports: [80, 443]
hide_keywords: ['pass', 'password', 'passwd']
memcache:
mysql:
pgsql:
redis:
thrift:
mongodb:
output:
elasticsearch:
hosts: ["our_elk_server:9200"]
shipper:
logging:
files:
rotateeverybytes: 10485760 # = 10MB

Packetbeat reports that it's recovered from the error so I think we may only be missing one or two http transactions - but the message asks for this to be reported.

Thanks, Steve.

The version you are using it's a bit old. In the meantime we fixed already few issues in the HTTP parser. Can you please try the latest version of Packetbeat and see if you still get the error? Here is the link to the download page: https://www.elastic.co/downloads/beats/packetbeat.

Thanks for the info Monica. I've upgraded packetbeat on the web servers, hopefully the error is rectified.

Thanks, Steve.