Runtime panic error using Apache2 module

(Robert Barrow) #1


I've been having no luck importing customised Apache2 logs into ES via logstash; my GROK always timeouts or give message too large errors which no one can seem to fix, so before ditching logstash and filebeat completely (in favour of Fluentd which seems to work out of the box) I thought I'd give the Apache2 module a go.

I have a basic yml file:

  hosts: ["xx.xx.xx.xx:9200"]

and am trying to test the module via the command line:

./filebeat -e -modules=apache2 -setup -c /etc/filebeat/filebeat_apache.yml

and I get the following response:

2017/09/11 09:19:34.150716 beat.go:285: INFO Home path: [/usr/share/filebeat/bin] Config path: [/usr/share/filebeat/bin] Data path: [/usr/share/filebeat/bin/data] Logs path: [/usr/share/filebeat/bin/logs]
2017/09/11 09:19:34.150736 beat.go:186: INFO Setup Beat: filebeat; Version: 5.5.1
2017/09/11 09:19:34.150784 metrics.go:23: INFO Metrics logging every 30s
2017/09/11 09:19:34.150789 output.go:258: INFO Loading template enabled. Reading template file: /usr/share/filebeat/bin/filebeat.template.json
2017/09/11 09:19:34.151335 output.go:269: INFO Loading template enabled for Elasticsearch 2.x. Reading template file: /usr/share/filebeat/bin/filebeat.template-es2x.json
2017/09/11 09:19:34.151986 output.go:281: INFO Loading template enabled for Elasticsearch 6.x. Reading template file: /usr/share/filebeat/bin/filebeat.template-es6x.json
2017/09/11 09:19:34.152599 client.go:128: INFO Elasticsearch url: http://xx.xx.xx.xx:9200
2017/09/11 09:19:34.152615 outputs.go:108: INFO Activated elasticsearch as output plugin.
2017/09/11 09:19:34.152652 publish.go:295: INFO Publisher name: standalone47
2017/09/11 09:19:34.152757 async.go:63: INFO Flush Interval set to: 1s
2017/09/11 09:19:34.152768 async.go:64: INFO Max Bulk Size set to: 50
2017/09/11 09:19:34.153439 client.go:128: INFO Elasticsearch url: http://xx.xx.xx.xx:9200
panic: runtime error: index out of range

goroutine 1 [running]:
panic(0x937580, 0xc42000e1d0)
        /usr/local/go/src/runtime/panic.go:500 +0x1a1
net/http.useProxy(0xc4202b2f07, 0xa, 0xf)
        /usr/local/go/src/net/http/transport.go:1124 +0x48d
net/http.ProxyFromEnvironment(0xc4201a0960, 0xc4202b2f07, 0xf, 0xc4202b30a0)
        /usr/local/go/src/net/http/transport.go:261 +0x91
net/http.(*Transport).connectMethodForRequest(0xc4201a0780, 0xc4202b30a0, 0x0, 0xc4202b2f00, 0x4, 0xc4202b2f07, 0xf, 0xc41ffea67b, 0xc4201d7350)
        /usr/local/go/src/net/http/transport.go:563 +0xc6
net/http.(*Transport).RoundTrip(0xc4201a0780, 0xc4201a0960, 0xc4201a0780, 0xed1484c80, 0x925891e)
        /usr/local/go/src/net/http/transport.go:357 +0x26d
net/http.send(0xc4201a0870, 0xc7d600, 0xc4201a0780, 0xed1484c80, 0x925891e, 0xd455e0, 0x8, 0xc4201d7648, 0xc420172368)
        /usr/local/go/src/net/http/client.go:256 +0x15f
net/http.(*Client).send(0xc4202c23c0, 0xc4201a0870, 0xed1484c80, 0x925891e, 0xd455e0, 0xc420172368, 0x0, 0x1)
        /usr/local/go/src/net/http/client.go:146 +0x102
net/http.(*Client).doFollowingRedirects(0xc4202c23c0, 0xc4201a0870, 0xa2d2d8, 0x3, 0x625c01, 0xc4202c23f0)
        /usr/local/go/src/net/http/client.go:528 +0x5e5
net/http.(*Client).Do(0xc4202c23c0, 0xc4201a0870, 0xc4201d7870, 0x9e5acc, 0x10)
        /usr/local/go/src/net/http/client.go:184 +0x1ea*Connection).execHTTPRequest(0xc42018a780, 0xc4201a0870, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
        /go/src/ +0x1d2*Connection).execRequest(0xc42018a780, 0x9db221, 0x3, 0xc4202b2f00, 0x16, 0x0, 0x0, 0x27, 0x0, 0x0, ...)
        /go/src/ +0xe7*Connection).Ping(0xc42018a780, 0x14f46b0400, 0x0, 0x0, 0x0, 0xc4201d7ac8)
        /go/src/ +0x18c*Connection).Connect(0xc42018a780, 0x14f46b0400, 0x1, 0x1)
        /go/src/ +0x39, 0xc42016d501, 0x9e3c77, 0xd)
        /go/src/ +0x11a*Beat).loadDashboards(0xc420192000, 0x0, 0x0)
        /go/src/ +0x1ee*Beat).launch(0xc420192000, 0xa2c8e8, 0x0, 0x0)
        /go/src/ +0x517, 0x8, 0x0, 0x0, 0xa2c8e8, 0xc420176364, 0xc4200001a0)
        /go/src/ +0x65
        /go/src/ +0x57

I'm guessing with it being an index out of range that something screwey is happening when it trying to push the ES details out of the setup array.

I've also tried with it all being in the YML file:

  -  module: apache2
       var.paths: ["/xxx/xxx/xxx/apache_logs/*.log"]
       var.paths: ["/xxx/xxx/xxx/apache_logs/*.log"]

  hosts: ["xx.xx.xx.xx:9200"]

Is there something obviously wrong with this? I've only got one more day to show that Logstash and filebeat are stable and dependable enough to be used by the organisation before we write them off.

(Robert Barrow) #2

I've fixed this as well.

(Carlos PĂ©rez Aradros) #3

Hi @cuttlefishjones, sorry for the late reply, did you fix this issue? How did yo do it?

(Robert Barrow) #4


(system) #5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.